Partnering with Scanner: Every Log Tells a Story—If You Can Find It Fast Enough

· Source ↗

TLDR

  • Scanner is a log search engine built on S3 that cuts query time from hours to seconds, backed by Sequoia.

Key Takeaways

  • Founded by Stanford CS alumni Cliff Crosland and Steven Wu, formerly engineering leads at Accompany (acquired by Cisco).
  • Enterprises store only 10-30 days of logs in SIEMs because SIEM costs consume ~15% of CISO budgets; the rest sits unsearchable in S3.
  • Scanner’s inverted index maps field values directly to S3 file regions, enabling petabyte-scale queries in seconds without a data warehouse.
  • Streaming detection engine runs hundreds of rules continuously across tens of terabytes daily without re-scanning.
  • Within weeks of launching an MCP release, nearly one-third of customers adopted it; AI agents now drive 80% of platform queries.

Why It Matters

  • Customers include Notion, Ramp, Benchling, Confluent, Lemonade, and BeyondTrust, signaling enterprise security adoption beyond startups.
  • The 80% AI-query share suggests Scanner is already infrastructure for agentic security workflows, not just a faster grep.
  • SIEM budget constraints forcing 10-30 day retention windows leave most log history practically inaccessible; Scanner repositions S3 as a live search tier.

Sequoia Capital · 2026-03-10 · Read the original