CrowdStrike recently announced its intended acquisition of Onum, a two-year-old startup specializing in real-time telemetry pipeline management, to enhance its Falcon Next-Gen SIEM platform.
Founded in 2022 by Pedro Castillo (former founder of Devo), Onum provides streaming data processing capabilities that filter, enrich, and optimize security telemetry in real-time rather than through traditional batch processing methods.
The acquisition addresses a critical bottleneck in SIEM adoption: data migration and onboarding complexity.
Financial terms were not disclosed.
Who is Onum?
Onum is a relatively new entrant in the data pipeline management space, founded specifically to address limitations in legacy SIEM architectures. The company emerged from the AWS and CrowdStrike Cybersecurity Startup Accelerator for EMEA in 2024, taking early validation of its technology and approach.
Pedro Castillo, with his background as founder of cloud-native SIEM Provider Devo, brings relevant domain expertise to the real-time data processing challenge facing security operations centers.
The startup’s core technology centers on what the company describes as a “proprietary stateless, in-memory architecture” designed to process security and IT telemetry as it streams rather than storing data first for later analysis.
This architectural approach is a shift from traditional ETL processes toward real-time stream processing capabilities.
Strategic Alignment
The acquisition aligns with CrowdStrike’s broader platform consolidation strategy and its emphasis on Next-Gen SIEM as a growth driver.
CrowdStrike positions its Falcon platform as the “operating system of cybersecurity,” and Onum’s capabilities extend this vision, addressing data ingestion and processing bottlenecks that have historically complicated SIEM deployments.
From a technical perspective, the acquisition addresses several challenges that organizations face when implementing modern SIEM solutions. Traditional SIEM architectures require extensive data transformation and normalization processes that can delay threat detection and increase operational overhead.
Onum’s streaming approach potentially eliminates these delays by performing data enrichment and filtering as telemetry flows through the pipeline.
Analysis
CrowdStrike’s acquisition of Onum is a tactical move that addresses competitive gaps in data pipeline management while also supporting its broader Next-Gen SIEM growth strategy.
The acquisition promises to strengthen CrowdStrike’s competitive positioning in the consolidating SIEM market by addressing a key differentiator: data onboarding simplicity.
Traditional SIEM vendors often struggle with complex data integration requirements that extend implementation timelines and increase professional services dependencies. By incorporating native streaming pipeline capabilities, CrowdStrike could reduce competitive barriers related to implementation complexity.
The move also allows CrowdStrike to compete more effectively with cloud-native security data platforms that emphasize real-time processing capabilities. Companies like Splunk, Elastic, and emerging vendors in the security data lake space have invested heavily in streaming architectures, and Onum’s capabilities help close potential technology gaps.
The acquisition’s ultimate success will depend heavily on execution: seamless technology integration, validation of performance claims in diverse production environments, and effective go-to-market coordination with CrowdStrike’s expanding partner ecosystem. CrowdStrike is no stranger to acquisitions, so we don’t expect this to be a significant lift for the company.
It’s a nice, if tactical, acquisition for the company.