When Your SOC Sleeps, Israelis Are Hunting
The American SOC has a math problem. Alert volume rises. Headcount does not. The companies most aggressively re-engineering that math — Cybereason, Hunters, Dream, Torq, Coralogix, Cyera, Sygnia — are Israeli.
The American security operations center has a math problem. Alert volume keeps rising. Headcount does not. Mean time to detect a real breach inside a Fortune 500 SOC still measures in days, not minutes, despite a decade of SIEM, SOAR, EDR, XDR, MDR, and every other three-letter acronym sold against the gap.
The companies most aggressively re-engineering that math are Israeli.
The Israeli SOC stack
Cybereason — XDR platform founded in 2012 by Lior Div, Yossi Naar, and Yonatan Striem-Amit, all publicly reported as Unit 8200 alumni. Public reporting puts total funding at approximately $850 million (SoftBank, Liberty Strategic Capital, Lockheed Martin Ventures). Cybereason was restructured in 2023 and continues to operate as a focused XDR vendor with reported strength in nation-state threat detection. Headquartered in Boston with engineering anchored in Tel Aviv.
Hunters — Next-generation SIEM founded in 2018 in Tel Aviv by Uri May and Tomer Levy. Backers reported in public filings include Stripes, YL Ventures, M12 (Microsoft), Bessemer, and Snowflake Ventures. Hunters is widely reported as one of the more credible structural challengers to Splunk and Microsoft Sentinel for mid-market and lower-enterprise SOC buyers.
Dream — AI-native SOC platform founded by Shalev Hulio (co-founder of NSO Group) and Gil Dolev. Dream was reported to have raised a $100 million Series A from Group 42 and Thiel Capital in 2024 — described in industry reporting as one of the largest seed-to-Series A jumps in cybersecurity history. The company is targeting national-security-grade SOC automation for governments and critical infrastructure.
Torq — Hyperautomation and SOAR platform founded in 2020 by Ofer Smadari, Leonid Belkind, and Eldad Livni (all ex-Luminate, acquired by Symantec). Reported to have raised a $122 million Series C in 2024 at a unicorn valuation, led by Evolution Equity Partners.
Coralogix — Observability with embedded security analytics. Founded in 2014; reported total funding of approximately $142 million through Series E.
Cyera — Data security posture management — sits adjacent to the SOC but feeds it. Founded by Yotam Segev and Tamar Bar-Ilan. Reported to have raised a $300 million Series D in 2025 at a valuation publicly cited at $1.4 billion.
Sygnia — the incident-response anchor
Sygnia — Founded in 2015 by Israeli cyber-operations veterans, majority-acquired by Singapore's Temasek in 2018 at a publicly reported valuation of approximately $250 million, then later sold to ION Group. Sygnia is widely reported as running one of the highest-end incident-response practices in the world for nation-state-grade breaches — competing directly with Mandiant (Google) and CrowdStrike Services.
What the math actually changes
Three structural shifts inside the SOC stack are visible in this cohort.
One — telemetry pricing collapses. Hunters and Torq both architected against the Splunk pricing model. The buyer can now retain three to five years of security telemetry at a reported fraction of legacy SIEM cost.
Two — detection content shifts from rules to behavior. Cybereason, Dream, and Hunters built detection engines on behavior graphs rather than rule libraries. The SOC analyst is no longer writing Splunk queries. The analyst is reviewing reasoned incidents.
Three — AI agents are entering the SOC. Dream is the most explicit on this, but Torq, Hunters, and Cybereason have all publicly shipped AI-analyst workflows in 2025. The Tier 1 SOC role is being automated. The Israeli vendors are doing the automating.
Why Israel, again
Unit 8200's offensive divisions are widely reported to have run one of the largest SIGINT collection programs per capita through the 2010s. The defensive translation of that telemetry expertise — what to retain, how to correlate, where the signal lives — moved into the private sector at scale starting around 2015. Cybereason, Hunters, and Torq are the leading edges of that translation.
The American SOC will keep buying from them. The Israeli SOC vendor will keep being the answer.
Related on Olam — Israeli Cybersecurity
- The Israeli Cyber 50: Q1 2026 Ranking
- Israel Just Cashed $57 Billion in Cyber. What Comes Next?
- Unit 8200: The $50 Billion Founder Factory
- Check Point: The Longest-Tenured Israeli Nasdaq Listing
- Israel's Red Teams Hit You Before the Hackers Do
- America's Login Screen Is an Israeli Product
- Israeli Code Locks America's Cloud and AI Stack
- Spyware Pays in Billions — and Israel Owns the Market
- The Mossad Cyber Pipeline: Operator-to-Founder Pathways
