Onum is a Madrid‑based real‑time data observability company that processes, enriches, filters and routes telemetry “in the pipeline” so enterprises and security teams get actionable signals immediately while reducing downstream storage and processing costs[1][3].[2]
High‑Level Overview
- Mission: Onum’s mission is to give organizations real‑time control of data in motion so teams can detect, respond, and act with confidence without paying to process noise[1][2].[3]
- Investment philosophy / Key sectors / Impact on startup ecosystem: Not applicable — Onum is a portfolio/company (not an investment firm); as a vendor it primarily serves enterprise security, observability and networking use cases in cybersecurity, network performance, cloud/OT/IoT and related data‑intensive domains[3][1].[4]
- What product it builds: Onum builds a SaaS (and flexible deployment) real‑time observability and data‑pipeline platform that ingests telemetry, enriches and filters it instantly, and routes high‑value events to analytics, SIEMs, storage or other tools[3].[1]
- Who it serves: Large enterprises and SOCs (security operations centers) across sectors that generate high volumes of telemetry and need fast detection and reduced ingestion costs[1][3][4].
- What problem it solves: It removes the trade‑off between processing depth and speed by performing intelligent, millisecond‑level processing in the data stream to cut noise, lower storage/ingestion costs, and enable upstream detection and faster incident response[1][3][4].
- Growth momentum: Founded in 2022, Onum raised a €11.6M seed led by Insight Partners and launched commercially in late 2023; by 2025 it attracted strategic validation when CrowdStrike acquired the company and integrated it as Falcon Onum, citing large improvements in response speed and reduced costs for SOCs[2][5][4].
Origin Story
- Founding year and team: Onum (initially known as Signalit) was cofounded in Madrid in 2022 by Pedro Castillo (CEO), Pedro Tortosa (head of alliances) and Lucas Varela (CTO), who brought prior experience managing massive enterprise log volumes and cybersecurity operations[2].[1]
- How the idea emerged: The founders — having operated and scaled systems that handled tens of terabytes of logs per day — conceived Onum to put intelligence into the pipeline so downstream analytics and SIEMs only receive high‑value telemetry and teams can act in real time rather than waiting for batch processing[2][3].
- Early traction / pivotal moments: Onum closed an €11.6M seed round led by Insight Partners to complete product development and expand into the U.S., launched commercially in late 2023, and was acquired by CrowdStrike in August 2025 — a move positioned as validating Onum’s real‑time, in‑pipeline detection approach[2][4].
Core Differentiators
- Product differentiators:
- True in‑pipeline, millisecond‑level processing and enrichment so detections can occur before data lands in storage[3][4].
- Agnostic routing and distribution to any destination (analytics, SIEMs, storage or custom apps), enabling use‑case flexibility across security, network performance and business telemetry[3].
- Developer / operator experience:
- SaaS by default with flexible deployments (on‑prem/cloud/edge) and an intuitive drag‑and‑drop UI that empowers SOC analysts to shape pipelines without heavy engineering[3][4].
- Cost and performance:
- Intelligent data reduction to cut storage/ingestion costs (CrowdStrike cites up to ~50% lower storage costs) while delivering up to 5x more events per second vs. competitors according to vendor claims[4].
- Ecosystem and integrations:
- Designed to reduce load on existing analytics vendors (e.g., SIEMs) and integrate into hybrid environments, positioning Onum as a “next layer” in the telemetry stack rather than a replacement for analytics platforms[2][3].
Role in the Broader Tech Landscape
- Trend alignment: Onum rides the shift from batch, centralized log analytics toward real‑time, streaming observability and upstream detection as data volumes and adversary sophistication (including AI‑enabled attacks) increase[1][2][4].
- Why timing matters: Enterprises are paying more for storage and analytics while needing faster response times; moving detection into the data stream addresses both cost and speed simultaneously[3][4].
- Market forces in its favor: Rising telemetry volumes, cloud/edge hybrid architectures, tighter compliance and faster threat vectors push organizations to adopt tools that reduce noise, lower vendor spend, and accelerate SOC workflows[1][3].
- Influence on the ecosystem: By thinning data before it reaches incumbents and enabling upstream detection, Onum both improves incumbents’ economics and forces legacy SIEM/analytics vendors to prioritize streaming and agentic detection features[2][4].
Quick Take & Future Outlook
- What’s next (then‑near term): Post‑acquisition as Falcon Onum, expect deeper integration into CrowdStrike’s Falcon platform to deliver native in‑pipeline detection, expand usage across CrowdStrike customers, and accelerate feature development for AI‑driven detection and automated response[4][2].
- Shaping trends: Onum’s model — intelligent, in‑flight telemetry processing with flexible routing — will continue gaining traction as organizations prioritize cost efficiency and speed; vendors and SOCs will increasingly adopt pipeline control and upstream analytics capabilities[3][4].
- How influence might evolve: If widely adopted inside large security platforms, Onum’s approach could become standard infrastructure for telemetry, shifting industry economics (less raw ingestion, more curated signals) and raising the bar for real‑time detection capabilities across security and observability tooling[2][4].
Quick reiteration: Onum built a real‑time, in‑pipeline observability layer to cut noise, lower costs and enable immediate detection — a capability that attracted strategic investment and ultimately acquisition by CrowdStrike as organizations demand faster, more efficient telemetry processing[1][3][4][2].
