Lemonade is a full-stack insurance company offering consumer insurance products across the U.S. and Europe. As a cloud-native business operating entirely on AWS, Lemonade has built everything from customer-facing apps to backend systems for underwriting and claims. Public since 2020, the company now serves over 2.5 million customers and generates roughly $600M in annual revenue – all driven by rapid innovation and AI-powered automation.
‍

CISO Jonathan Jaffe recognized that Lemonade’s growth demanded a new SIEM capable of centralizing and streamlining security operations. The goal was clear: efficiently deliver the right data into the system to power detection, investigation, and response. 
‍

But their existing solution, a well known data pipeline tool not designed for security, was not aligned with Lemonade’s vision of a unified ingestion layer that adds security value. The team did not have time for data plumbing like manual enrichments, custom JavaScript functions, or spotting optimization opportunities, so the tool ended up used only as a basic log shipper.
‍

That’s when they adopted Beacon.

The Beacon difference

Beacon is a security data management platform built to solve the tradeoff between cost, coverage, and context. Purpose-built for security operations, Beacon automatically discovers coverage gaps, transforms and enriches telemetry with security-driven intelligence, and routes optimized data to any destination.
‍

For Lemonade, the impact was quick. Beacon’s intuitive, point-and-click Transformation Recipes replaced tedious, error-prone data engineering work with a fast, reliable, and observable process. Built-in monitoring, alerting, and a 24/7 team of security data experts – assisted by AI agents – ensured resilience and reliability from day one.
‍

Beacon’s value extended beyond transport. Using the Beacon Fabric’s early Discovery capabilities, the platform scanned Lemonade’s environment to surface SaaS coverage gaps through agentic workflows. This gave the team insight into opportunities to improve detection coverage.
‍

Beacon also delivered practical enrichments:
‍

• Tagging Okta users with “Is Admin” data to simplify identity investigations
• Adding threat intel for VPN and Tor nodes connecting to corporate assets
  ‍

While Beacon reduced VPC Flow Logs by 97% without compromising fidelity, cost savings weren’t the primary motivation: usability was. The team understood that excessive, unstructured data is a blocker to both analysts and AI systems.
‍

Lemonade initially ran Beacon alongside its old tool. But as new data sources were onboarded exclusively through Beacon, migration of existing streams followed naturally. 
‍

When the existing system eventually failed due to an internal server issue, the team didn’t bother restarting it. Beacon had already become the backbone of their data pipeline.

Transforming security data into measurable impact

Today, Lemonade streams key telemetry sources through Beacon covering cloud infrastructure, business apps, endpoint data, and security tooling.
‍

So far, Beacon has ingested 72.5 TB and streamed only 18.5 TB, a 75% reduction without loss of fidelity. The optimized data powers both SIEM detections and emerging AI-driven workflows. 
‍

The partnership with Beacon has powered five key strategic outcomes for Lemonade:
‍

1. Massive efficiency gains in data operations. Beacon replaced a high-maintenance pipeline with an intuitive system for ingesting, transforming, and streaming data – freeing security engineers from manual integration work to focus on writing detections and other automations.
‍

2. Security-first design. Built for security data, Beacon understands log context and attacker-defender dynamics. Its expert recipes optimize data while maintaining completeness and coverage.
‍

3. Data optimization without fidelity loss. Beacon reduced total data volume by 75%, including a 97% cut in VPC Flow Logs – lowering cost, improving clarity, and accelerating analysis.
‍

4. Enrichment and visibility improvements. By surfacing new AWS connections, enriching Okta user context, and correlating VPN and Tor activity, Beacon strengthened identity and network investigations.
‍

5. Proactive discovery and AI-driven insight. Early Beacon Fabric workflows revealed coverage gaps and guided improvements to detection strategy.
‍

Together, these outcomes made Beacon an important part of Lemonade’s SecOps program foundation.
‍

“Beacon overcame a difficult tradeoff,” said Jaffe. “Its security-driven data platform optimizes terabytes of important security logs spanning many sources. Data arrives enriched and normalized, enabling our security team and AI workflows to act promptly and effectively. We no longer choose between coverage and cost efficiency. We now have both, supported by a responsive team of security data experts.”
‍

Beacon continues to partner closely with Lemonade’s security team to refine data strategy and coverage. The next phase will leverage Beacon’s Data Fabric to deliver contextual enrichments based on organizational entities.
‍

For a cloud-native, automation-driven company like Lemonade, security data optimized for both human analysts and AI systems isn’t just cost control – it’s a strategic advantage.