Vega Secures $65M to Scale SecOps, Take On Traditional SIEMs

A security analytics startup founded by Granulate’s former research lead raised $65 million to redefine how enterprises approach detection and response.

See Also: How to Modernize Your SOC with the SIEM of the Future

New York-based Vega said the seed and Series A funding will enable organizations to gain insights and respond to threats without migrating or duplicating their data, said co-founder and CEO Shay Sandler. He said this foundational capability sets Vega apart from other companies focused narrowly on alert triage, noise reduction or layering large language models onto traditional SIEMs.

“Everyone understands more than ever that the industry needs an AI-native solution for detection and response, and an AI-native solution for a SOC,” Sandler told Information Security Media Group. “AI-native security operations capabilities are not a patch or an LLM that you put on top of a scene. It requires a whole new AI-native security operations system.”

Vega, founded in 2024, employs 64 people and emerged from stealth this week with financing led by Accel. The company has been led since its inception by Sandler, who spent nearly five years as a security researcher in the Israeli Military Intelligence’s Unit 8200 before leading research at Granulate for three years. Granulate was bought by Intel for $650 million while Sandler worked there, and has since closed (see: CrowdStrike Buys Pangea for $260M to Guard Enterprise AI Use).

Why Conventional SIEMs No Longer Fit the Bill

Enterprises increasingly see that conventional SIEM-based models are insufficient in a world where real-time, scalable and AI-driven threat detection is paramount, and Sandler said customers are demanding scalable, immediate answers to operational security challenges. The company aims to lead a redefinition of the detection and response market, one that calls for building new architecture from the ground up.

“We are working with the biggest organizations out there,” Sandler said. “And they all need it now. And they need it on a large scale. It’s a big vision, it’s a big swing. We really try to solve the big problems for big organizations, and try to do it as fast as possible.”

In contrast to companies that use LLMs simply to summarize alerts or enrich incidents, he said Vega’s model helps security teams interact directly with their data instantly, scalably and intelligently. This AI-native design unlocks new capabilities including automated threat intelligence ingestion, triage, gap analysis and dynamic threat hunting, thereby replacing data normalization, duplication and indexing.

“You can ask a question using plain English and receive a normalized answer from all the data that you have in your environment, wherever it is, without the need to centralize it, without the need to move it from your cloud storage to a SIEM,” Sandler said. “This capability really provides the foundation for AI-driven security operations.”

The company is investing heavily in continuous tuning of detections and gap analysis, reducing false positives at the source rather than filtering them out after the fact, Sandler said. Vega also aims to automatically generate new detection logic based on live threat intelligence and frameworks such as MITRE ATT&CK. This helps clients reduce false positives at the root and ensure maximum detection coverage.

“We want to take 10 steps forward, with continuous tuning of the detections to reduce false positives from the root cause and continuous creation of detections according to threat intelligence and detection gaps in frameworks like MITRE,” Sandler said. “Just plug and play to the new data source and then make your data decision, regardless of the security considerations.”

What Makes Vega Different Than Traditional Cyber Startups

Vega provides a full-stack detection engine that connects directly to data wherever it resides – cloud storage, APIs, data lakes or legacy SIEMs – and enables detection logic to be written and optimized over this unified data layer. Vega not only allows for detection creation but also for continuous tuning of that content to reduce false positives at the source, which Sandler said prevents noise before it happens.

“In Vega, unlike all the other solutions, you can plug Vega to a data lake, to a SIEM, to APIs, to multiple SIEMs, and provide a unified AI-driven analytics layer that you can ask questions in plain English and receive normalized and enriched answers from anywhere the data resides,” Sandler said. “With this capability, we built a full detection and response product.”

Unlike typical Series A-stage startups, Sandler said Vega’s product is in daily operational use by major enterprises, requiring prompt service-level agreements and an engineering organization that can support that scale while continuously innovating. A major portion of the funding is being used to recruit top-tier talent and scale the R&D and product organization across the U.S. and Israel, Sandler said.

“We knew that we needed a very, very strong leader for R&D to really support the ridiculous scale,” Sandler said. “Helping us build a world-class organization both on the product side and marketing side in the United States and in Israel.”

Most security startups begin with small customers and work their way up because large enterprises are reluctant to switch SIEMs or core platforms. But Sandler said Vega’s architecture allows it to coexist with existing SIEMs rather than replace them. As the platform matures, Sandler sees growing adoption from mid-market companies, especially those that are cloud-native or operating in AWS without a SIEM.

“We started with Fortune 20 retailers and a few of the biggest pharmaceutical companies,” Sandler said. “Most of our customers have a SIEM, whether they want to keep it for a long while or not. This is their decision. It’s a data decision. It’s not a security decision, the way we see it. We have a few Silicon Valley-based public tech companies that are already using Vega as a complete detection and response solution.”