Vega lands $120M Series B to disrupt the Splunk economy
- The News: Israeli cyber startup Vega has raised $120 million in Series B funding led by Accel.
- The Valuation: The round values the two-year-old company at $700 million.
- The Angle: Founders from the Unit 8200 intelligence corps are betting that “in-place” data architecture will unseat incumbents like Splunk and Palo Alto Networks.
Security Information and Event Management (SIEM) tools are the central nervous system of enterprise security, but for the cloud era, that nervous system is getting prohibitively expensive. That is the thesis behind Vega, a Tel Aviv-based startup that has just secured $120 million to prove that the old way of moving security data is dead.
The Series B round was led by Accel, with participation from Redpoint and Cyberstarts. It brings Vega’s valuation to $700 million—a significant jump from $400 million just six months ago—and extends the company’s runway for at least three years.
The funding comes as enterprises grapple with a specific pain point: they are drowning in logs. To analyze security threats, companies traditionally ship petabytes of telemetry into centralized data lakes. This legacy process, championed by giants like Splunk, is slow, creates blind spots during data transfer, and generates massive bills based on ingestion volume.
The “In-Place” Pivot
Vega’s founders, CEO Shay Sandler and CTO Eli Rozen, are not first-time operators. The pair previously worked together at Granulate, an infrastructure optimization startup acquired by Intel for $650 million in 2022. Their approach to Vega was born from watching security teams fail to keep up with the volume of data generated by modern cloud environments.
Rather than building a better data lake, they built an engine that queries data where it sits. Vega deploys lightweight agents that analyze telemetry across cloud environments, identity systems, and endpoints without moving the data first.
Security operations have been fighting the laws of data gravity for twenty years. Vega’s team is not putting a faster engine on the old car—they’re rebuilding the chassis for the cloud‑native era.
That is Andrei Brasoveanu, the Accel partner joining Vega’s board. By leaving the data in place, Vega claims it cuts infrastructure costs by 60–70% and reduces investigation times from days to minutes.
Hunting in a $35 Billion Market
Vega is attacking the $35 billion SIEM market, currently dominated by Splunk, IBM QRadar, and Palo Alto Networks. It is a crowded field, with newer entrants like CrowdStrike and SentinelOne also vying for budget.
However, Vega’s pricing model is its primary weapon against the incumbents. Instead of the industry-standard ingestion fees—which punish customers for having too much data—Vega charges a base platform fee tied to protected assets. Consumption-based pricing applies only to advanced analytics.
The strategy appears to be working. Vega reports that 85% of its U.S. deals are competitive displacements, ripping out legacy providers. The company says it takes less than two weeks to fully deploy, a sharp contrast to the months-long integration cycles of traditional platforms.
The Numbers
The metrics attached to this Series B are closer to a consumer breakout than a B2B infrastructure play.
Just 18 months after commercial launch, Vega has hit $28 million in annual recurring revenue (ARR). Its net dollar retention is 140%, indicating that once customers install the software, they rapidly expand their usage.
The client list is equally heavy. Vega has signed 17 Fortune 50 customers, including three of the top 20 global giants and seven major banks managing over $5 trillion in assets. In head-to-head “bake-offs” against established SIEM tools, the startup claims a win rate of 92%.
Military DNA, Enterprise Muscle
Like many of Israel’s most successful cyber exports, Vega’s technical roots lie in Unit 8200, the IDF’s elite intelligence unit. Roughly 40% of the engineering staff are military intelligence veterans.
Most of our engineers have actually sat in front of a SOC console at 3 a.m. with an active incident. That changes how you design everything—from queries to alerts to automation.
Sandler notes that this operational experience prevents the product from becoming “academic.” To balance the technical side, the company has aggressively hired sales leadership from Palo Alto Networks, CrowdStrike, and Splunk, blending technical capability with go-to-market experience.
The Roadmap
The $120 million injection will fund three primary initiatives: doubling the engineering team to over 120 people, expanding the global sales footprint, and potential acquisitions in threat intelligence.
Product-wise, Vega is targeting a sub-30-second mean detection time for specific attack classes by 2026. The company is also rushing to secure FedRAMP authorization to bid on U.S. federal contracts and is establishing data centers in Frankfurt and Singapore to handle data residency requirements.
While the growth is rapid, the risks are real. Vega is burning cash to maintain its 140% growth rate and doesn’t expect to be cash-flow positive until late 2026. Furthermore, the broader “platformization” of cybersecurity means larger vendors are increasingly bundling SIEM capabilities into broader suites, potentially crowding out standalone players.
For now, however, the market is signaling that the old SIEM model is vulnerable. If Vega can maintain its current velocity, the conversation will soon shift from its latest funding round to whether it becomes the next major Israeli IPO or a multi-billion dollar acquisition target for the very incumbents it is currently disrupting.
