At its core, Onum employs a stateless, in‑memory architecture that processes telemetry data as it moves—enriching, filtering and routing it in milliseconds. CrowdStrike claims this design enables up to five times more event processing per second than rival platforms, trims data storage costs by up to 50 per cent, and accelerates incident response by as much as 70 per cent while reducing ingestion overhead by 40 per cent.
This acquisition addresses a longstanding pain point for security operations centres: onboarding third‑party telemetry into SIEM systems. Where legacy platforms suffer from friction, custom parsers or third‑party tools, Onum simplifies the process with open API integrations and an intuitive drag‑and‑drop interface that handles pipeline construction and real‑time data streaming directly into Falcon—triggering detection even before the data enters the SIEM.
CrowdStrike’s chief executive, George Kurtz, underlined the importance of data as the “fuel” for modern security operations, describing Onum as both “pipeline and filter” that empowers autonomous cybersecurity “at the speed of AI.” Onum’s founder, Pedro Castillo, echoed this, noting the company’s belief that pipelines should do more than just transport data—they should transform it into real‑time intelligence.
Financially, Onum is a well‑backed startup founded in 2022 by Castillo—formerly CTO at Devo—and Lucas Varela, a former cybersecurity leader at CaixaBank. It raised nearly US $42 million, including a US $28 million Series A in April 2024 led by Dawn Capital.
Beyond the headline metrics, CrowdStrike sees this integration as an accelerator for its AI‑native SOC. Embedding detection closer to the data source enables richer, higher‑fidelity insights for threat hunting, while reducing noise and data volumes. Onum's capabilities will complement Falcon’s vision as the “operating system of cybersecurity,” strengthening its role across endpoints, cloud workloads, identity and data observability.
From a strategic perspective, this follows CrowdStrike’s pattern of investing in complementary technologies to reinforce its platform dominance. Past acquisitions include Humio for log management, Flow Security, Adaptive Shield, Bionic. ai, and Reposify. Onum is the latest addition, with its unique edge in real‑time pipeline intelligence making it a pivotal piece in CrowdStrike’s AI‑powered enterprise vision.
CrowdStrike’s chief business officer, Daniel Bernard, highlighted the significance of in‑pipeline detection, stating that Onum enables detection to begin “even earlier and closer” to the data source—streamlining operations and bringing threats under control at an earlier stage.
As the cybersecurity landscape accelerates, flooded with AI-enhanced threats and massive telemetry volumes, the combination of Falcon Next-Gen SIEM and Onum promises a data foundation that is not just responsive—but predictive. This marks a shift from reactive, batch-oriented analytics toward a continuously active, autonomous defence architecture.
For customers, the benefits could be substantial: faster onboarding, lower costs, leaner data pipelines, richer insights, and the ability to detect threats before they even register in the core SIEM—an appealing proposition in the fast-moving world of cyber operations.
Topics
Technology