Israeli security operations startup Vega Ltd. said today its artificial intelligence-native threat detection platform is ready to rip out and replace legacy security information and event management or SIEM tools after raising $65 million in funding.
The funding was spread across two rounds – an earlier, unannounced seed funding round and its Series A investment – with Accel named as the lead investor and Redpoint, Cyberstarts and CRV participating. Following the rounds, Vega has been valued at $400 million.
Vega was founded last year by ex-Intel Corp. employees Shay Sandler (pictured, left) and Eli Rozen (right), and is looking to disrupt traditional SIEM tools, which have become one of the most entrenched systems in enterprise security today.
The startup says SIEM tools are “falling apart at the seams” because they were designed for a bygone era, when enterprise data volumes were an order of magnitude smaller than they are today, and when information technology infrastructure sprawl was uncommon. It reckons that modern SIEM tools simply aren’t equipped to keep pace with the rapid growth of cloud-based enterprise infrastructures that can generate terabytes of data each day.
The problem is that SIEM platforms mandate that all telemetry data relating to security is funneled into a centralized repository, where it can be analyzed in situ. But that process has become extremely expensive and slow due to the sheer volume of data going into these repositories, and so it’s no longer effective, Vega believes.
The startup, which employs about 60 staff at its offices in Tel Aviv and New York City, says the continued reliance on SIEM leads to blind spots in security, delayed investigations and failure to identify the root cause of incidents, and can cost organizations millions of dollars annually. When companies are generating terabytes of information each day, security logs quickly become overwhelmed, and teams are forced to spend days chasing down the right data while dealing with incessant false positives.
Vega Chief Executive Sandler said the average enterprise security team spends around two-thirds of its time on searching for data, and that this time could be much better spent on patching holes and stopping attacks. “The teams aren’t to blame; it’s the broken, costly architecture,” he said. “Vega flips the model: We analyze data in place and leverage AI to automatically surface what matters most, giving teams the speed, clarity and coverage they need to outpace threats.”
Vega isn’t alone in its criticism of SIEM platforms. Last year, a report by the AI security startup CardinalOps Ltd. came to a similar conclusion, noting that SIEM tools could identify only 19% of MITRE ATT&CK techniques in an analysis that spanned 3,000 detection rules and 1.2 million log sources. That’s despite having access to data that covers up to 87% of those threats. CardinalOps said the analysis highlights how security teams are overwhelmed with data and the need to keep track of different log formats, events and alert types.
Time to scrap SIEM?
That’s why Vega is doing things differently. According to Sandler, its platform can be thought of as a “security analytics mesh” or SAM that uses a federated approach. That allows it to analyze security data where it lives, such as in cloud services, software-as-a-service applications, storage buckets or legacy systems, without needing to move it anywhere first.
In turn, that eliminates the need for a centralized repository for collecting security logs, so it can facilitate much faster investigations and automatically detect security gaps. When it identifies a problem, it can help fix it, optimizing the company’s security posture in real time, based on its existing security policies.
It also provides generative AI-powered tools for security teams, allowing them to query their logs in natural language and take recommended next steps to solve problems faster. The platform also helps to reduce the noise of false positives, so teams can focus on the most existential threats.
Accel Partner Andrei Brasoveanu says he’s convinced that traditional SIEM platforms have had their day and that the sun is setting on their use in the enterprise. “They are costly and fragmented, and now they’re ineffective due to the surge in security telemetry and AI-driven threats,” he argued.
He said the solution is to decouple threat detection from the storage of SIEM data, and that’s exactly what Vega is doing and explains why he was so keen to back the company. “Shay, Eli and the Vega Security team are demonstrating clear ROI for enterprises via cost savings and [improved] operational efficiency,” Brasoveanu said. “We’ve been impressed by the team’s deep domain expertise, as well as the early market traction achieved.”
Vega didn’t say how many customers it has, nor did it name any specific ones, but claims that it’s serving a number of Fortune 500 companies, as well as some of the world’s leading banks and a major global healthcare provider.
Sandler, who previously served at the Israel Defense Forces’ cybersecurity-focused 8200 military intelligence unit, said he has ambitions for Vega’s name to become as recognizable as security industry peers such as Palo Alto Networks Inc., CyberArk Software Ltd. and Wiz Inc.
Photo: Vega
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
