Cribl, a U.S. telemetry management company, has acquired Israeli detection engineering startup CardinalOps in a deal reportedly worth around $100 million. The companies have not disclosed official terms.
CardinalOps employees will join Cribl, which plans to open a new Tel Aviv office and expand its Israeli operations following the deal.
What CardinalOps Does
Founded in early 2020, CardinalOps builds agentic detection engineering tools that use AI to continuously assess an organization’s threat detection coverage. The platform maps existing security controls against real-world attacker behavior, then flags coverage gaps, broken detection rules, and overly noisy alerts that eat into SOC team bandwidth.
The company is led by CEO Michael Mumcuoglu and CIO Yair Manor, both veterans of IDF Unit 8200 with a track record of building companies later acquired by Palo Alto Networks and Microsoft. CardinalOps employs roughly 25 people, most based in Israel, and has raised about $40 million to date from investors including Viola Ventures, Glilot Capital, and Battery Ventures.
Why Cribl Wants It
Cribl’s core business is telemetry management: helping cybersecurity and IT teams collect, route, and act on data at scale. The company reports annual recurring revenue above $300 million and has positioned itself as a vendor-agnostic alternative to locked-in security stacks.
Folding in CardinalOps adds a detection engineering layer on top of that telemetry infrastructure, letting Cribl pitch itself as a more complete substitute for traditional SIEM platforms rather than just a data pipe feeding into one. Cribl CEO Clint Sharp framed the acquisition as giving customers a way to convert telemetry into effective detections without stitching together disconnected tools.
The Bigger Picture
The deal adds to a busy year for Israeli cybersecurity M&A, following recent acquisitions like Aikido’s purchase of Root and Qualcomm’s acquisition of SAM. It also underscores a broader shift in the SIEM market: as telemetry volumes and costs climb, more security vendors are betting that customers want to pay for improved detection outcomes rather than sheer data volume.
Leave a Reply