Databricks has unveiled Databricks Lakewatch, a new Security Information and Event Management (SIEM) system engineered to combat the escalating threat of AI-driven cyberattacks. This move marks a significant pivot in security operations, aiming to replace traditional SIEM limitations with an open, agentic approach.
Traditional SIEMs struggle with the sheer volume and variety of data generated by modern enterprises. Coupled with the increasing sophistication of AI-powered attacks, this architectural mismatch creates critical gaps in defense. Databricks asserts that Lakewatch addresses this by unifying 100% of an organization's telemetry on its open security lakehouse.
Fighting Fire with AI Agents
The core of Lakewatch's strategy lies in its use of embedded AI and specialized "Genie" agents. These agents are designed to automate threat detection, enable natural language-based threat hunting, and accelerate incident response at machine speed. This contrasts with legacy systems that often require manual analysis and slow, multi-day workflows.
The platform aims to democratize threat hunting by allowing users to query petabytes of data using plain English, bypassing complex query languages. This capability, powered by features like Genie Spaces, aims to make advanced security analysis accessible to a wider range of professionals.
Rethinking SecOps Economics
Lakewatch tackles the prohibitive costs associated with retaining vast amounts of security data. By decoupling compute from storage, organizations can retain petabytes of telemetry in their own cloud storage for years, significantly reducing costs compared to traditional SIEMs that penalize every byte ingested. This approach promises cost reductions of up to 80%.
This economic model also ensures true data ownership, allowing customers to store data in open formats like Delta Lake or Apache Iceberg in their own cloud environments, thereby avoiding vendor lock-in. The platform supports the ingestion and analysis of multimodal data, including chat logs and video, which often contain crucial signals for detecting sophisticated threats like social engineering and insider attacks.
Ecosystem and Partnerships
Databricks is fostering an "Open Security Lakehouse Ecosystem" to support Lakewatch. This initiative includes partnerships with major security vendors and delivery firms such as Adobe, Dropbox, Zscaler, and Deloitte, aiming to streamline data normalization and threat response.
The company is also deepening its collaboration with Anthropic, integrating Claude models to enhance reasoning capabilities for faster threat surfacing. This strategic alignment underscores Databricks' commitment to leveraging advanced AI for cybersecurity defenses.
Databricks Lakewatch is launching in Private Preview, with broader availability expected as the company refines its capabilities. The company is actively seeking feedback from organizations grappling with cost pressures and data retention challenges.
