SOC, Data Security

CrowdStrike’s Onum Acquisition: Turning Real-Time Data Into the SOC’s New Advantage

Securing the SOC

Last month, CrowdStrike announced that it is acquiring Onum, a clear signal that the future of security operations will be shaped by real-time data. For years, teams have struggled with the sheer volume of telemetry flooding in from every corner of the enterprise. Legacy SIEMs built on batch collection and post-storage enrichment just can’t keep up. This leaves analysts drowning in noise while attackers take advantage of blind spots. What makes Onum compelling is its ability to transform data in motion. Instead of waiting for storage before enrichment, Onum filters, optimizes, and enriches telemetry as it streams. That means data reaches Falcon Next-Gen SIEM already primed for detection and response. The impact is immediate: faster processing, lower storage costs, and higher-quality intelligence for both analysts and AI-driven systems.

This shift is particularly important as SOCs evolve into the agentic era, where AI plays a central role in detection, triage, and response. For AI to deliver meaningful outcomes, it needs precise, real-time data. Onum provides exactly that - streaming enriched telemetry not only into Falcon but also into customer AI agents, data lakes, and broader enterprise ecosystems. It’s about giving security teams smarter data, not just less data.

To unpack what this means for customers, partners, and the broader market, MSSP Alert spoke with spoke to CrowdStrike’s Chief Business Officer, Daniel Bernard who discussed how Onum’s real-time telemetry pipeline management will integrate into Falcon, measurable improvements that customers can expect, and how this acquisition extends CrowdStrike’s vision of being the operating system of cybersecurity.


MSSP Alert: How will Onum’s in-pipeline threat detection and telemetry pipeline management be integrated into Falcon’s Next-Gen SIEM, and what specific differentiators does this create compared to legacy SIEM providers?

Daniel Bernard: If our Next-Gen SIEM is the engine powering the modern SOC, then data is the fuel that makes it run. Onum is both the pipeline and the filter – streaming high-quality, optimized data into that engine to deliver faster, more efficient, and more powerful performance.

With Onum, we will control every stage of the AI lifecycle: ingesting and detecting data at the source, filtering and optimizing data in real time, and then actioning and enforcement to produce high-fidelity, autonomous outcomes with Falcon, extending far beyond cybersecurity use cases. 

Legacy SIEMs simply can’t compete here. They rely on batch and store, driving up costs and slowing down detection. We stream, detect, and deliver results in real time – a fundamentally different model for the modern SOC.

MSSP Alert: CrowdStrike is positioning this deal as eliminating data migration friction - what measurable improvements should customers expect in terms of onboarding speed, cost savings, and time-to-value?

Daniel Bernard: Every customer we talk to says the same thing: it still takes time, it still is complicated, and it still costs too much to move data away from Legacy SIEMs. With the market looking at our Next-Gen SIEM, we wanted to take a strategic step into changing the market dynamics. Data migration many times is the long pole in the legacy SIEM displacement tent, often requiring clunky third-party tools. Onum removes that friction completely.

With Onum, customers can expect up to 50% reduction in storage costs thanks to smart filtering, up to 70% faster incident response because detections start in-pipeline, and up to 40% less ingestion overhead. It’s a combination of performance, cost savings, and time-to-value that no competitor can match.

MSSP Alert: CrowdStrike describes Falcon as “the operating system of cybersecurity.” How does the Onum acquisition accelerate that vision, and does this move signal an intent to compete more directly in the broader observability and IT operations market beyond security?

Daniel Bernard: Our vision has always been clear: CrowdStrike is the operating system of cybersecurity. Next-Gen SIEM is the cornerstone of that vision, and Onum accelerates it by giving customers the ability to move more data, faster into Falcon.  And control their data destiny across the board, between other products and clouds. 

Yes, this acquisition extends our reach beyond traditional security. Customers today don’t want siloed tools or stitched together pseudo platforms – they want a unified data foundation that can power security and IT use cases side by side. With CrowdStrike and Onum together, customers will get a hyper-scalable, AI-powered data platform that can drive outcomes not just across cybersecurity, but across observability and IT operations as well.

That’s where the industry is headed – and that’s exactly where we’re taking it.

MSSP Alert: How will the integration of Onum into Falcon Next-Gen SIEM create new opportunities for channel partners and MSSPs, particularly around accelerating SOC transformation and reducing data onboarding complexity for their customers?

Daniel Bernard: Channel partners and MSSPs are on the front lines of helping customers modernize their SOCs. One of the biggest blockers they face today is the complexity of onboarding data and the punitive costs tied to legacy SIEM transformation. Migrating customers to the Falcon platform - and helping existing CrowdStrike customers standardize on Next-Gen SIEM has never been easier and faster.

With Onum and Falcon Next-Gen SIEM, partners will be able to go to their customers with a radically simpler story: onboard faster, cut data costs in half, detect threats earlier, and transform your SOC with AI. For MSSPs, that means replacing legacy backend infrastructure to use next-gen SIEM and delivering managed detection and response with less data overhead and higher efficiency. For resellers, it means accelerating customer adoption of Next-Gen SIEM by removing the migration roadblocks that have held the market back. And for ISVs, it means even faster bidirectional connectivity to the Falcon platform, accelerating product to product collaboration as well as in-market co-selling.

For partners, it all comes down to speed, efficiency, and outcomes – and that’s exactly what Onum and Next-Gen SIEM will deliver together.

Forward Looking Statements:

This Q&A contains forward-looking statements, including statements regarding the closing and benefits of the proposed acquisition. These statements involve risks and uncertainties, and actual results may differ materially. There are a number of risks which could cause actual results to differ materially, including the satisfaction of the acquisition’s closing conditions, our ability to integrate Onum, and other risks described in the filings we make with the Securities and Exchange Commission from time to time.

Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds