The cybersecurity M&A landscape heated up in 2025. In March, Google announced a $32 billion agreement to acquire Wiz—Alphabet’s largest deal ever. In July, Palo Alto Networks unveiled a roughly $25 billion agreement to acquire CyberArk. These headlines raise a fair question: does size alone deliver security advantage, or does focus matter more?
CrowdStrike is taking the focused path. The company agreed to acquire Onum, a specialist in real-time telemetry pipelines, for about $290 million. The bet reflects where security is going: AI is only as useful as the data it ingests.
Why Onum Matters
Onum’s platform enriches, filters, and routes security and observability data in real time—before it reaches the SIEM. That matters because SOCs are drowning in noise and budget strain from log ingestion. CrowdStrike says the integration can deliver up to 70% faster incident response and up to 40% less ingestion overhead, with meaningful storage savings as well.
I sat down this week with Michael Sentonas, president of CrowdStrike. He replied directly when I asked why CrowdStrike acquired Onum. “Incredible team, and incredible tech. The two things that I would say are the simple answers for you. The reason that I like the company. He added that Onum lets CrowdStrike “get closer to the source of the data and then work with that data as it’s being sent.”
The payoff is not just speed but economics. CrowdStrike estimated that customers could see as much as 50% lower storage costs and the ability to process five times more events per second.
The Economics of Security Data
Security leaders don’t need more data. They need better data—or at least more streamlined access to normalized data with the right context.
Retention and ingestion fees drain budgets. Clean, contextual telemetry changes that equation. If you can cut storage costs while improving fidelity and speed, the SOC gains room to maneuver.
CrowdStrike argues that’s exactly what a real-time pipeline can do—make the data smaller, smarter, and more actionable before it ever hits the platform. As Sentonas put it, reducing storage while resolving incidents faster checks two boxes customers care about most: cost control and risk reduction.
AI and the Next-Gen SOC
CrowdStrike has long pitched an AI-driven approach. But any model is only as good as its inputs. Onum’s pipeline raises the signal-to-noise ratio, feeding higher-quality context into Falcon across endpoint, cloud, identity and next-gen SIEM. Cleaner inputs mean fewer false positives and more trustworthy automation.
“When we talk about AI and we talk about the next generation of SOC, it’s all built on how much data you can get and how clean and how high quality that data is,” Sentonas said.
Hank Thomas, co-founder and CEO of Strategic Cyber Ventures, added perspective on what this shift means: “CrowdStrike is rewriting SIEM from the ground up. With Onum folded into Falcon, logs stop being dusty records and start becoming live intelligence. That’s the shift from firefighting to predicting the next attack. This is how you stay ahead of the enemy, and CrowdStrike is showing they intend to set the pace.”
Learning From Past Acquisitions
CrowdStrike’s acquisition playbook has been consistent: buy capabilities that strengthen a single platform rather than bolt-ons that force customers to be system integrators. That’s been the throughline from Humio and Preempt to Adaptive Shield—and now Onum. The company stresses integration discipline and the value of experienced teams that have built at SIEM scale before.
As Sentonas explained, “We didn’t look to buy Onum to solve an ARR problem. We didn’t look to buy Onum because we wanted to have a tick in the box in a certain technology category.” He emphasized that acquisitions must fit seamlessly: “I’m not trying to buy a whole bunch of companies that require the end user to do digital taxidermy to make it all work.”
The human element matters as much as the tech. Sentonas emphasized that Onum’s leadership team includes veterans who previously founded Devo, giving them deep knowledge of SIEM challenges and opportunities. “We were really, really excited about the team,” Sentonas noted. “They understand the pain points of the SOC. They understand how to build great tech. When you get the tech right and you get the right team, that’s when you know you’ve got something special.”
Focused, Not Flashy
Industry rivals are assembling sprawling portfolios. CrowdStrike insists it will remain a single-platform company with one agent and one UI. The rationale is straightforward: complexity is the enemy of security. Targeted buys like Onum can move the needle where it counts without adding operational drag.
What This Means for Security Leaders
The constraint isn’t just tools or talent—it’s the data pipeline itself. Improve the pipeline, and you improve everything downstream: detection, investigation, response and, crucially, cost. CrowdStrike’s Onum bet is a wager that the future of cybersecurity belongs to those who make data cleaner and faster, not just bigger.
The Wiz and CyberArk megadeals signal consolidation at the top. CrowdStrike’s move is smaller in dollar terms but sharp in intent. If the integration delivers on its promises—faster response, lower ingestion, better AI—it will be proof that smarter data, not larger deals, is what gives defenders the edge.
Read the full article here
