Buying Spanish Startup Brings Real-Time Data Pipeline Tech to Boost SOC Efficiency
CrowdStrike plans to purchase a telemetry pipeline management startup led by Devo’s former CTO to transform how third-party data is ingested into the company’s SIEM platform.
See Also: Post-Quantum Cryptography – A Fundamental Pillar in the Future of Cybersecurity [ES]
The Austin, Texas-based platform security behemoth said its proposed acquisition of Madrid-based Onum will strengthen CrowdStrike’s ability to ingest, process and act upon third-party data efficiently, according to Chief Business Officer Daniel Bernard. He said Onum’s technology enables in-pipeline detection and five-times-faster data ingestion, translating into faster response times and lower costs.
“The long pole in the tent is, ‘How do you get the third-party data?'” Bernard told Information Security Media Group. “There’s a variety of technologies out there. What we saw at Onam was something that could actually begin detection even earlier and closer, bringing that closer to the data source, something that’s really easy to use to natively provide customers the capability to bring the data to the platform.”
Onum, founded in 2022, employs 94 people and has raised nearly $42 million, having most recently completed a $28 million Series A funding round in an April 2024 led by Dawn Capital. The company was led since inception by Pedro Castillo, who co-founded Devo and spent 11 years as its CTO. CrowdStrike will pay $290 million for Onum. The acquisition is expected to close by the end of October (see: Cyberthreats Surge as Attackers Target Compromised Identity).
What Sets Onum’s Approach to Data Ingestion Apart
Although there are over 20 companies operating in the telemetry pipeline and data ingestion space, Bernard said Onum stands out through speed, cost efficiency and early-stage detection. Most others in the space focus solely on data movement and transformation, but Onum uniquely allows for pre-ingestion detection, which Bernard said means CrowdStrike can stop breaches earlier in the kill chain.
“What made this unique for us is the ability to do the in-pipeline detection and bring our detection capability even earlier to the data source, stopping breaches even faster,” Bernard said. “Doing that even before the data enters the pipeline, that’s interesting.”
The ingestion of third-party data into modern security platforms is a major pain point since the volume of data is massive, and every vendor and product generates telemetry in different formats, making it difficult to normalize and correlate that data meaningfully. Companies often rely on outdated methods such as custom parsers or manual ingestion, which are time-consuming and error-prone, Bernard said.
“You can build a parser, but every product has its own language and produces data in its own fashion,” Bernard said. “So, the challenge that you have is a volume challenge, you end up with a lot of data. And if the language of the data is different than the language of what Falcon uses, how do you remap the data so that it’s intelligible to the data producer for the data source? That’s another challenge.”
Bernard said Onum fills a gap around ingesting and orchestrating third-party data into the Falcon platform. CrowdStrike already handles its native endpoint data efficiently, but bringing in data from external sources has traditionally been more complex and expensive. Bernard said Onum’s in-pipeline detection allows security analysis to begin even before the data reaches the core platform.
“We’ve been very successful at onboarding some fantastic technology and teams into the company, integrating it so it’s a native experience for the customer, and turning these technologies into multi-hundred million dollar businesses very quickly,” Bernard said. “So, there’s good muscle memory here inside of CrowdStrike on that.”
How Onum Can Facilitate Data Movement Between Hyperscalers
While SIEM is the near-term use case, Bernard said Onum can also facilitate data movement between hyperscalers, between cloud and on-prem environments as well as between various SaaS applications and databases. Over time, CrowdStrike could expand Onum’s role beyond security, helping organizations manage and transport data across their digital ecosystems with built-in governance and compliance.
“Enterprises have more data than they’ve ever had before,” Bernard said. “The world creates more data in an hour than it used to create in a week. And being able to filter that data and transport that data unlocks the value of that data, and that’s what we’re doing with Onum. And that’s bigger than next-gen SIEM. That’s something that enterprise technology has a fundamental need for.”
Onum will be a key driver in helping customers migrate from legacy SIEMs, as it makes ingesting third-party data into Falcon much more simple and cost-effective. Bernard said the primary integration work is not technical, but rather commercial and operational: how to package Onum’s technology within CrowdStrike’s go-to-market strategy, pricing model, onboarding experience and support infrastructure.
“I don’t think there’s as much technical work here, because we already have customers that use these technologies together, this is exactly their use case already,” Bernard said. “It’s not like we have to integrate at the agent level. This is one that’s at the platform level.”
Bernard said CrowdStrike’s Falcon Flex licensing model allows customers to adopt new technologies such as Onum without going through a lengthy or costly new procurement cycle. Instead, Flex customers can immediately begin using their pre-allocated budget to access Onum’s capabilities, which Bernard said significantly shortens time-to-value and removes barriers to adoption.
They can use their Flex dollars to buy new technologies that we didn’t have when they initially did their deal with us without a procurement cycle,” Bernard said. “So, it really accelerates our ability to bring new innovation and technologies to our customers.”