CrowdStrike To Acquire Onum To Gain Real‑Time Pipeline Intelligence

Founded in 2022 by Pedro Castillo, best known for co‑founding Devo, a cloud‑native SIEM pioneer, Onum has swiftly made a name for itself in the emerging telemetry pipeline space. The startup also participated in the AWS and CrowdStrike Cybersecurity Startup Accelerator for the EMEA region in 2024.

Onum’s architecture brings a paradigm shift to telemetry handling: rather than relying on batch ingestion and post‑storage processing, it filters, enriches and routes data in flight, streaming “high‑fidelity, filtered data directly into the platform”. This ability to apply detection logic before data lands in the Falcon system enables accelerated response and intelligence accuracy.

CrowdStrike to Acquire Onum To Gain Speed, Efficiency and Create SOC Impact

Onum delivers breakthrough operational efficiencies across three critical dimensions: 

• Speed: Capable of processing up to 5× more events per second than competitor solutions, with real‑time processing instead of outdated batch ingestion.. 
• Cost: Intelligent filtering reduces data storage overhead by as much as 50 percent, without sacrificing critical context. 
• Outcomes: Real‑time detection in the pipeline leads to up to 70 percent faster incident response and 40 percent less ingestion overhead.

These metrics show how Onum accelerates SOC performance while helping organizations combat alert fatigue and cloud‑scale log volumes.

Fueling Falcon’s Agentic SOC Vision

CrowdStrike has positioned Falcon Next‑Gen SIEM as a cornerstone of its “AI‑native” SOC vision, an operating system for cybersecurity that converges data sources, AI detection and response orchestration.

CEO George Kurtz emphasized the critical role of data as the fuel for Falcon’s engine: “Onum is both a pipeline and a filter, which will stream high‑quality, filtered data directly into the platform to drive autonomous cybersecurity at scale,” he said, adding this acquisition enables the speed necessary to “stop breaches at the speed of AI”.

Moreover, Onum’s in‑pipeline detection capabilities extend Falcon’s reach: detection can occur as data is being forwarded, even before it enters CrowdStrike’s core platform, unlocking unprecedented flexibility and responsiveness.

Market Momentum and Disruption

Falcon Next‑Gen SIEM has seen “stellar” growth in CrowdStrike’s fiscal 2026 Q2, with annual recurring revenue surpassing $430 million—up 95 percent year‑over‑year. This robust traction comes amid a broader shift away from legacy SIEMs, which are increasingly burdened by slow ingestion, clunky workflows, and high data retention costs.

By integrating Onum’s tech and leveraging its favorable consumption pricing—where ingestion of first‑party Falcon data remains free, CrowdStrike is positioning itself to disrupt legacy vendors further.

Partner Ecosystem and SIEM Transformation

Crowdstrike to acquire Onum to align its broader ecosystem strategy. Earlier in 2025, the company launched its Services Partner Program, enlisting GSIs and MSSPs such as Deloitte, eSentire, Wipro, and others to accelerate Next‑Gen SIEM adoption via consulting, implementation, and managed services.

Moreover, a strategic partnership with Wipro will embed Falcon Next‑Gen SIEM within Wipro’s CyberShield managed platform—bringing instant threat detection and lower TCO to enterprises worldwide.

Since 2024, CrowdStrike has also built a massive ISV ecosystem, integrating data from over 500 third‑party sources including AWS, Cloudflare, Okta, Zscaler, and more, fueling central visibility and unified response across diverse environments.

What This Means for Customers

CrowdStrike to acquire Onum but what does it means for customers.

• Faster onboarding & migration: Onum simplifies data onboarding by ingesting and optimizing telemetry from any source in flight. 
• Higher AI efficacy: Streaming enriched data supports tighter integration with Falcon’s Charlotte AI triage, response modules, and broader detection workflows. 
• More efficient SOCs: Organizations can process far more data, deliver faster response, and streamline operations with lower overhead. 
• Vendor-agnostic flexibility: Onum’s open APIs ensure seamless compatibility across hybrid and multi‑vendor environments. 
• Improved UX: An intuitive drag‑and‑drop pipeline builder empowers security teams to define telemetry flows without regex or scripting.

A Strategic Step Toward the Cybersecurity Future

CrowdStrike’s long‑term platform goal is clear: to equip organizations to detect, investigate, and respond at machine speed with unified, AI‑powered telemetry intelligence. Onum’s real‑time pipeline architecture directly supports that vision, enabling data to arrive in the right place—clean, enriched, and actionable, at the right time.

As Pedro Castillo, the founder and CEO of Onum said, pipelines should do more than transport data; they should transform it into real‑time intelligence. By joining CrowdStrike, his team’s vision can now scale rapidly through the Falcon ecosystem and its global customer footprint. How does the news of CrowdStrike to Acquire Onum news affect cybersecurity landscape in the future? Share your thoughts with us in the comments section below.