The $120M Bet Against Splunk's Security Empire

Two-year-old Vega Security raises $120M Series B to challenge Splunk's SIEM dominance with AI-native approach that processes security data where it lives, not in centralized repositories.

When a Two-Year-Old Takes on a $28 Billion Giant

Vega Security just closed a $120 million Series B round, nearly doubling its valuation to $700 million. For a company that's barely two years old, those numbers might seem inflated—until you understand what market they're attacking.

The SIEM (Security Information and Event Management) space has been Splunk's kingdom for two decades. Cisco paid $28 billion for that kingdom in 2024. Now Vega, with just 100 employees, is betting they can topple this empire with a fundamentally different approach to enterprise security.

Led by Accel with participation from Cyberstarts, Redpoint, and CRV, the funding brings Vega's total raised to $185 million. But the real story isn't the money—it's the timing.

The Cracks in Splunk's Foundation

For 20 years, SIEM has worked the same way: suck all your security data into one place, then analyze it for threats. Simple, centralized, expensive.

"Crazy expensive," according to Vega CEO Shay Sandler, a former Israeli military cyber unit veteran who helped build Granulate before Intel acquired it for $650 million in 2022.

The traditional model is breaking down for two reasons. First, cloud environments generate exponentially more security data than legacy systems ever did. Second, the time it takes to centralize that data creates windows of vulnerability that threat actors are exploiting.

"In complex cloud environments, the current model often increases exposure to threat actors," Sandler told TechCrunch.

Advertise with Us

[email protected]

Flipping the Script: Security Goes to the Data

Vega's approach is elegantly simple: instead of moving data to your security tools, move your security tools to where the data already lives.

Their AI-native platform deploys directly in cloud services, data lakes, and existing storage systems. No massive data migrations. No centralized repositories. No "two years of drama" that typically comes with enterprise security overhauls.

The results speak for themselves. Companies like Instacart, major banks, and Fortune 500 healthcare firms have signed multimillion-dollar contracts with a startup that didn't exist when the pandemic started.

The Hostage Economy of Legacy SIEM

Accel partner Andrei Brasoveanu frames the problem bluntly: "Splunk and every contender since has always centralized the data, but by doing that you essentially hold the customer hostage."

It's a familiar pattern in enterprise software. Once you've invested millions in a platform and migrated your data, switching costs become prohibitive. Vendors know this. Customers know this. Everyone plays along.

But AI is changing the game. The sheer volume of data that modern enterprises generate makes the old model not just expensive, but technically unfeasible for many organizations.

David vs. Goliath, But With Better Timing

Vega isn't the first company to challenge Splunk. But they might be the first to catch the market at an inflection point where the incumbent's core advantage—data centralization—has become its biggest liability.

Still, taking on an entrenched player with 20 years of enterprise relationships won't be easy. Splunk has brand recognition, extensive partner networks, and the kind of enterprise sales machine that takes years to build.

Vega's bet is that their "plug and play" approach can overcome those advantages by eliminating the biggest barrier to switching: complexity.