Omnissa Accelerates SOC Operations with 90-Day Migration to Falcon Next-Gen SIEM

Omnissa, a digital work platform provider, hadn’t planned to replace its SIEM. After more than a decade on a legacy SIEM platform, the company had deep expertise, established workflows, and a security team comfortable with how investigations were done. But as data volumes increased and retention needs grew, the economics no longer worked.

“We were using a legacy SIEM for 14 years, and it ultimately came down to cost,” explained Nathaniel Piquette, senior threat detection analyst at Omnissa. “The total cost of ownership kept increasing, from licensing to cloud infrastructure and retention. It became unsustainable.”

As Omnissa’s contract approached expiration, the security team faced a non-negotiable deadline: complete a SIEM migration in 90 days or risk disruption. With fewer than 10 security team members supporting more than 11,000 endpoints, the margin for error was slim.

To meet the deadline without sacrificing security coverage, Omnissa turned to CrowdStrike Falcon® Next-Gen SIEM. Built to unify first- and third-party security telemetry in a single platform, Falcon Next-Gen SIEM gave the team a faster path to value, lower cost at scale, and a unified, AI-powered approach to security operations.

Omnissa evaluated several options and initially hesitated to move away from the familiarity of its legacy SIEM. Falcon Next-Gen SIEM convinced them to take the leap, not only because of its capabilities but the strength of the partnership that accompanied them.

As part of the migration, CrowdStrike embedded a dedicated resident engineer with Omnissa’s team for the full 90 days. Unlike traditional short-term professional services engagements, the engineer worked as an extension of Omnissa’s SOC, participating in daily Slack conversations, Zoom working sessions, and structured planning tracked in Asana. This continuous hands-on collaboration helped Omnissa translate years of legacy SIEM expertise into Falcon Next-Gen SIEM workflows and accelerate operational readiness under a tight deadline.

“I was very nervous about going from a platform I had used for 14 years to something new,” Piquette confessed. “Having an engineer embedded with us every day made the difference. They helped us understand how to think about Falcon Next-Gen SIEM in terms we already knew, and it started to click.”

The result was a complete migration that finished a week ahead of schedule. “That level of engagement showed CrowdStrike’s commitment,” Piquette said. “They weren’t there for a week and then gone. They stayed with us until we were successful.”

Once Falcon Next-Gen SIEM was live, Omnissa immediately saw gains in speed and efficiency. Regex-based searching at the start of queries and the flexibility of CrowdStrike Query Language (CQL) simplified detection engineering.

“Something that used to take multiple steps became a single line of CQL,” Piquette explained. “You can stack functions and enrich data programmatically. It’s very clear this is a SIEM built by security, for security.”

Search performance also materially improved. Investigations that previously timed out on large datasets could now be completed reliably, enabling the team to move faster during indicator sweeps and threat hunts. As a result, Omnissa reduced investigation and search times, giving analysts confidence they were seeing the full picture without delay.

Omnissa was already using CrowdStrike endpoint security, also delivered through the unified CrowdStrike Falcon® platform, which meant critical first-party security telemetry was natively available in Falcon Next-Gen SIEM from day one. By unifying that endpoint data with third-party logs from firewalls, email, and infrastructure, Omnissa eliminated the blind spots that had previously forced analysts to jump between tools.

“In the past, we couldn’t afford to bring all our endpoint data into the legacy SIEM,” Piquette said. “Now everything lives in one place. It became a true single pane of glass where we can connect the dots across our security use cases.”

Falcon Next-Gen SIEM also transformed data onboarding. Built-in UI guides and AI-generated parsers helped the team quickly ingest both standard and non-standard datasets, with consistent field naming across sources.

“When fields are normalized, detection engineering becomes much faster,” Piquette said. “We know exactly what we’re querying every time.”

Today, Falcon Next-Gen SIEM sits at the center of Omnissa’s security operations, integrated with CrowdStrike Falcon® Insight XDR and CrowdStrike Falcon® Fusion SOAR automations. The team is expanding its use of case management, correlation logic, and risk-based detections to surface higher-confidence alerts and reduce noise.

With investigations, detections, and reporting centralized in a single console, Omnissa has enabled a security team of fewer than 10 analysts to operate more efficiently. Reporting in particular has become simpler and more consistent, enabling the team to clearly communicate security posture and activity from a single console.

“It’s much easier to explain what’s happening when you have the full picture in one place,” Piquette said.

From a cost perspective, Falcon Next-Gen SIEM also delivered meaningful financial impact. By eliminating legacy ingestion and retention constraints, Omnissa reduced SIEM total cost of ownership, while gaining broader visibility and faster response.

Looking ahead, Omnissa plans to continue building on Falcon Next-Gen SIEM as the foundation of its SOC. The team is keen to explore federated search, detection-as-code workflows, and expanded automation as the platform evolves.

“We’re evolving alongside the product,” Piquette concluded. “The direction CrowdStrike is going is exactly where we want to be. Falcon Next-Gen SIEM gives us the speed, flexibility, and confidence we need to stay ahead.”

For Omnissa, Falcon Next-Gen SIEM delivered what legacy SIEMs could not: faster time to value, lower cost at scale, and a unified, AI-powered approach to security operations that enables a small team to operate with precision and confidence.