Your SOC team is struggling. Your on-prem devices, applications, and cloud connectors keep producing way more data than last year, every year (28% YoY). SIEM and storage costs are sky-high, but that’s a small price to pay for security, because the average cost of a security breach is over $4.8M [1], so it’s worth it, right? Actually, research shows that:
- Over 50% of the data you collect is dark data that isn’t used or accessed [2]. Ever.
- 18% of SIEM alerts never fire, mostly because of missing fields and parsing errors [3].
- 258 days is the average time it takes to identify and contain a data breach [1]. In 2024. And that’s an improvement.
We at Axoflow believe that the fundamental cause of these problems is the quality of security data. Or rather the lack of it, because the quality of security data is bad. The security data your SOC team relies on is often malformed, misses important information (like which device sent it, or when), or is not security-relevant. As a result, your security teams spend a significant portion of their time trying to fix broken data, instead of improving detections to find more incidents or decrease false positive rates. (More than half of breached organizations are facing high levels of security staffing shortages [1].)
To help these teams protect your organization, we offer an automated way to get high-quality data, so your engineers can focus on the tasks that really matter.
The Axoflow Platform is a security data curation pipeline that dramatically improves security data quality and reduces associated costs, without the need to write code. It makes high-quality security data more accessible for better detection, response, AI, and compliance.
We firmly believe that in addition to people, high-quality security data is what makes enterprise Security Operations Centers (SOC) more efficient, regardless of whether the team does the heavy lifting manually, using AI, or with analytics engines.
(I’m sure AI will be important for SOCs in the long run, whatever the use case. I’m also sure it’ll be prone to errors and less effective than it could be if it’s flooded with bad data.)
Axoflow Platform automatically discovers security data sources, classifies, parses, normalizes, and enriches security data—and also reduces its volume by more than 50%, leading to significant cost savings. These automations help your SOC team avoid manual, code-heavy data wrangling (which they either do before the or in the SIEM) by offering a pipeline that automatically handles data from a broad array of security sources including syslog, OpenTelemetry, Windows, and a broad range of cloud and appliance sources.
The $7 million seed funding we’ve received from EBRD Venture Capital and our existing investors, Credo Ventures and e2vc allows us to continue this work towards our ultimate goal: to make security data “easy-to-handle™” everywhere: during collection, routing, and in the SIEM. (I define easy-to-handle as: any operation you want to perform on the data is easy to articulate. No, regular expressions don’t count.)
Another important direction of our efforts is to provide an abstract, declarative way to handle data, so you can formulate configuration rules at a high level, like: “Send all firewall logs into Splunk”. And the pipeline will use its knowledge about your network, sources, and data to do that, so you won’t have to find out what you should configure on which collector or aggregator, and how to do that.
And of course, the Axoflow Platform is built to fit into enterprise environments the way you want to use it: as a SaaS product, a local on-prem deployment, or under air-gapped conditions.
So, exciting times ahead! The Axoflow Platform will be generally available by the time of the RSA Conference 2025, but you can sign up for a demo to get a sneak peek right now, and see how automatic data quality improvements in your security data pipeline lead to:
- faster detection,
- faster response, and
- reduced costs.
References for the data cited:
[1] Cost of a Data Breach Report 2024, IBM
[2] The state of dark data, Splunk
[3] 2024 Report on State of SIEM Detection Risk, CardinalOps
See also the official press release for details.

Follow Our Progress!
We are excited to be realizing our vision above with a full Axoflow product suite.
