CrowdStrike Bets Smarter Data Pipelines Are The Future Of AI Security

The cybersecurity landscape has witnessed significant shifts in 2025, with major acquisitions making headlines. In March, Google announced a $32 billion agreement to acquire Wiz, marking Alphabet’s largest deal to date. Similarly, in July, Palo Alto Networks unveiled a roughly $25 billion agreement to acquire CyberArk. These substantial deals raise an important question: is size the primary factor in delivering a security advantage, or does focus play a more critical role?

The Rise of Focused Cybersecurity

CrowdStrike has taken a different approach, opting for a focused strategy with its recent acquisition of Onum, a specialist in real-time telemetry pipelines, for approximately $290 million. This move underscores the importance of AI-powered defense, which relies heavily on the quality and speed of data ingestion. By integrating Onum’s platform, CrowdStrike aims to enhance its capabilities in delivering live intelligence that drives AI-powered defense.

Onum’s platform is designed to enrich, filter, and route security and observability data in real-time, reducing the noise and budget strain associated with log ingestion. According to CrowdStrike, this integration can lead to up to 70% faster incident response and up to 40% less ingestion overhead, resulting in meaningful storage savings. The company’s president, Michael Sentonas, emphasized the significance of Onum’s team and technology, highlighting their ability to “get closer to the source of the data and then work with that data as it’s being sent.”

The Economics of Security Data

Security leaders are not looking for more data; instead, they need better data with streamlined access to normalized information and the right context. The costs associated with retention and ingestion fees can be substantial, draining budgets and hindering the effectiveness of security operations centers (SOCs). By providing clean, contextual telemetry, CrowdStrike aims to change this equation, enabling SOCs to gain room to maneuver and improve their overall efficiency.

The acquisition of Onum is expected to deliver significant economic benefits, including up to 50% lower storage costs and the ability to process five times more events per second. By making data smaller, smarter, and more actionable, CrowdStrike believes that its customers can achieve better cost control and risk reduction, ultimately enhancing their security posture.

AI-Driven Cybersecurity

CrowdStrike has long advocated for an AI-driven approach to cybersecurity, recognizing that the quality of inputs is crucial to the effectiveness of any model. Onum’s pipeline is designed to raise the signal-to-noise ratio, providing higher-quality context to Falcon, CrowdStrike’s flagship platform. By feeding cleaner inputs into the system, CrowdStrike aims to reduce false positives and increase the trustworthiness of automation, ultimately leading to more efficient and effective security operations.

Expert Insights

Hank Thomas, co-founder and CEO of Strategic Cyber Ventures, offered his perspective on the significance of CrowdStrike’s acquisition of Onum: “CrowdStrike is rewriting SIEM from the ground up. With Onum folded into Falcon, logs stop being dusty records and start becoming live intelligence. That’s the shift from firefighting to predicting the next attack. This is how you stay ahead of the enemy, and CrowdStrike is showing they intend to set the pace.”

Learning from Past Acquisitions

CrowdStrike’s acquisition strategy has been consistent, focusing on buying capabilities that strengthen its single platform rather than bolting on separate systems that require customers to act as system integrators. The company has emphasized the importance of integration discipline and the value of experienced teams that have built at SIEM scale before. Sentonas highlighted that the acquisition of Onum was not intended to solve an ARR problem or simply check a box in a particular technology category, but rather to enhance the company’s capabilities and deliver value to its customers.

Focused, Not Flashy

While industry rivals are assembling sprawling portfolios, CrowdStrike remains committed to being a single-platform company with one agent and one UI. The company believes that complexity is the enemy of security and that targeted buys like Onum can move the needle where it counts without adding operational drag. By staying focused on its core capabilities and delivering high-quality data, CrowdStrike aims to provide its customers with a significant security advantage.

Implications for Security Leaders

The acquisition of Onum by CrowdStrike serves as a reminder that the constraint in cybersecurity is not just tools or talent, but the data pipeline itself. By improving the pipeline, security leaders can enhance detection, investigation, response, and cost control. The future of cybersecurity belongs to those who can make data cleaner, faster, and more actionable, rather than simply bigger. As the industry continues to evolve, it is likely that we will see more focused acquisitions and investments in AI-driven cybersecurity solutions.