When we talk to security leaders, the theme is almost always the same: “How do we keep up with explosive telemetry growth without blowing our budget—or compromising visibility?”

That’s exactly what BILL, a leader in financial operations software, was grappling with. As a high-growth fintech company operating in a heavily regulated space, their infrastructure generates over 30 terabytes of telemetry every day—from VPC flow logs and firewalls to SaaS, endpoint, and custom application data.

Their challenge wasn’t just about scale. It was about cost. Splunk was their core SIEM, but the cost of ingesting high-volume data—particularly cloud logs—was surging. VPC flow log costs alone had jumped by over $1 million in just a few months.

At the same time, BILL’s security team was using a patchwork of tools and pipelines—including Cribl—to manage ingestion. That complexity made it harder to optimize, harder to troubleshoot, and slower to evolve.

From Fragmented to Future-Ready—Fast

BILL turned to Observo AI with two clear goals:

• Cut SIEM costs without losing visibility
  
  
• Modernize their data pipeline for long-term scale and agility
  
  

Within one week, Observo AI was fully deployed, sitting between BILL’s telemetry sources and Splunk. We replaced more than 20 complex pipelines, using machine learning to filter out redundant data and enrich high-signal events in real time.

Full-fidelity logs are now routed to an S3-based queryable data lake, giving their team access to long-term audit and investigation data—without incurring massive SIEM costs.

In total, BILL achieved:

• 50%+ reduction in Splunk ingestion and costs
  
  
• 30+ TB/day optimized across 20+ pipelines
  
  
• 3-week full migration from their legacy pipeline
  
  
• Faster detection by eliminating noise and routing enriched events
  
  
• Modern SOC architecture ready for future AI-powered use cases

Why It Worked

At Observo AI, we don’t just reduce data—we bring clarity when teams need it most. As Gourav Nagar, BILL’s Director of Information Security, shared:

“Our VPC flow logs costs spiked over a million within a few months leading to a ton of anxiety. Observo AI was instrumental in controlling these costs.”

This partnership worked because we delivered fast, and because Observo AI gave their team control over every stream, every pattern, and every destination—with no rule-building or engineering bottlenecks.

Next steps in the BILL and Observo AI Partnership

With costs under control and complexity removed, BILL is now expanding their use of Observo AI. They’re using our platform not just to route and reduce data, but to fuel next-gen capabilities—like building custom AI detection models directly on their data lake.

And they’re doing it on their own terms: flexible, scalable, and future-ready.

If your team is facing similar challenges, let’s talk. SIEM doesn’t have to be a cost center. Your data pipeline doesn’t have to be a tangled mess. And modernization doesn’t have to take months.

Observo AI is proof.

Read the full BILL case study for more information.