Security teams today face a data crisis: Exploding volumes of security and IT telemetry are difficult to collect, normalize, route, and act on. Legacy SIEMs built on batch and post-storage enrichment can’t keep up with the deluge. Analysts are forced to manually sift through the noise, driving up costs and leaving blind spots that adversaries exploit. To manage the expense of legacy tools, teams are often forced into risky choices such as reducing data retention windows or cutting valuable telemetry. And all the while, adversaries are weaponizing AI to scale and accelerate their attacks.
Onum was built to do what legacy SIEMs cannot: transform data in motion so it arrives instantly ready to use. Instead of storing data first and analyzing it later, Onum filters, enriches, and optimizes telemetry as it streams — turning raw telemetry into high-fidelity intelligence in milliseconds.
CrowdStrike’s mission has always been to build a platform that stops breaches. As new technologies emerge and the threat landscape shifts, we must adapt to provide our customers with the robust defense they need to face modern threats. The acquisition of Onum is a critical step on our journey to develop the future of agentic security.
Turning Data in Motion Into Real-Time Intelligence
Let’s break down how this will benefit customers:
CrowdStrike is committed to cybersecurity innovation and equipping our customers with the technologies they need to detect and stop threats. We know today’s businesses require a unified solution to filter, enrich, and optimize data in motion so they can ensure data is in the right place at the right time to empower AI-driven defenses. With Onum, we will extend our platform advantage with a real-time data architecture that powers Falcon Next-Gen SIEM and the agentic SOC.
- Speed: Onum processes up to 5x more events per second than competitors and delivers enriched telemetry in real time, versus legacy batch methods.
- Cost: Smart filtering reduces data storage costs by up to 50%, eliminating noise and duplicative logs.
- Outcomes: By streaming optimized, high-quality telemetry directly into Falcon Next-Gen SIEM, customers can achieve up to 70% faster incident response with 40% less ingestion overhead.
Transforming the SOC for the Agentic Era
Today, I’m excited to announce CrowdStrike’s agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon® platform’s data advantage. Onum delivers the real-time data architecture to transform data in motion into high-fidelity intelligence, fueling CrowdStrike Falcon® Next-Gen SIEM and powering the agentic SOC. This is a pivotal step forward in our mission to stop breaches.
This architectural shift delivers three massive benefits:
AI is reshaping business operations and cyberattacks at a time when security teams face a mounting data challenge. Legacy SIEM systems and workflows are not only noisy and costly; they heighten the risk of adversaries infiltrating organizations without triggering alarm. It is clear that real-time telemetry pipeline management is essential to identify, detect, and respond to threats across the enterprise.
In the agentic era, stopping breaches requires real-time, high-fidelity data that fuels faster and smarter decisions. This is why CrowdStrike is acquiring Onum: to transform how security data powers the SOC.
- Faster onboarding for Falcon Next-Gen SIEM: Onum will simplify onboarding by ingesting data from any source and delivering optimized, actionable telemetry. This minimizes migration friction and accelerates time-to-value.
- Robust agentic security operations: By streaming enriched, real-time telemetry directly into the Falcon platform and its agentic innovations — from Charlotte AI Detection Triage to Charlotte AI Response — Onum will amplify AI efficacy and accelerate autonomous outcomes across the SOC.
- Greater SOC efficiency: With Onum, organizations can process up to 5x more events per second than competitors and deliver up to 70% faster incident response with 40% less ingestion overhead.
- Simple, vendor-neutral integration: Onum connects any data source to any destination via open APIs and flexible integrations, replacing fragile legacy SIEM workflows with a flexible hybrid environment.
- Intuitive user experience: Onum provides an intuitive drag-and-drop user experience so security teams can effortlessly build powerful data pipelines and accelerate time-to-value — no regex required.
If Falcon Next-Gen SIEM is the engine that powers the modern SOC, then Onum is both the pipeline and the precision filter — streaming the highest-quality data into the engine at blazing speed and scale.
Building the Cybersecurity Platform of the Future
Onum was built to transform data in motion into real-time intelligence. Where analysts struggle with noisy datasets, Onum delivers real-time tailored streams to Falcon Next-Gen SIEM, data lakes, AI agents, and LLMs. While legacy SIEMs cause delays and generic log pipelines simply reduce data, Onum’s powerful streaming enriches, transforms, and routes telemetry in milliseconds — accelerating threat detection and ensuring teams get smarter data, not just less data. This enables faster, smarter detections across the Falcon platform and the broader enterprise IT environment.
This blog contains forward-looking statements, including statements regarding the closing and benefits of the proposed acquisition. These statements involve risks and uncertainties, and actual results may differ materially. There are a number of risks which could cause actual results to differ materially, including the satisfaction of the acquisition’s closing conditions, our ability to integrate Onum, and other risks described in the filings we make with the Securities and Exchange Commission from time to time.
At a time when SOC teams struggle with fragmented workflows and legacy SIEM bottlenecks, Onum delivers a real-time data architecture to accelerate SOC transformation, extend the advantage of Falcon Next-Gen SIEM, and give security agents the data they need to act autonomously and with precision.
Forward-Looking Statements
As AI permeates every layer of security operations, analysts require real-time, high-quality data to detect and stop breaches. With the acquisition of Onum, CrowdStrike will redefine the data layer of the modern SOC by streaming precise, enriched telemetry that fuels AI-driven detection across the Falcon platform, customer AI agents, and the wider enterprise ecosystem.
