Write an article about
Databricks is stepping into the cybersecurity space with Lakewatch, an agentic SIEM platform designed to run on top of its lakehouse architecture and extend it into security operations. Lakewatch is available in private preview.
With this move, the San Francisco-based company is positioning its lakehouse as a central control layer for enterprise data. The move reflects a broader trend in the industry where vendors increasingly incorporate security as part of the data platform itself – and not a separate stack.
Lakewatch brings together security telemetry, threat detection, and incident response directly into the Databricks environment. What this means for users is that they can look at security data in the same place where their other data already sits, instead of sending logs to a separate system before they can figure out what is going on.
(bluestork/Shutterstock)
Many security teams still use SIEM tools that charge based on how much data you send in. Using that method often requires filtering logs or deleting them sooner than they would like just to keep costs down. Databricks is taking a different approach with the lakehouse model. It argues that organizations should be able to keep all their data and look at it when needed, instead of deciding ahead of time what is worth saving.
“Security teams can no longer rely on manual workflows to outpace AI-driven attacks,” said Ali Ghodsi, co-founder and CEO of Databricks. “With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools. Defenders must have even better visibility and speed than today’s agent attackers.”
Databricks claims that Lakewatch is designed to handle petabyte-scale telemetry while lowering the cost of security operations by separating storage from compute. This is exactly the architectural approach that Databricks has long promoted in analytics.
Those who have been following Databricks over the years would know that the company has spent years making the same argument for data warehousing and AI workloads, so bringing that model into security feels like a natural next step rather than a completely new direction for the company.
(La1n/Shutterstock)
The launch also comes with a broader push to build an ecosystem around the platform. Databricks said Lakewatch will be part of what it calls an Open Security Lakehouse Ecosystem, with partners including Akamai, Okta, Palo Alto Networks, Zscaler, Wiz, Deloitte, and others contributing telemetry and integrations. The company is also expanding its work with Anthropic, whose Claude models are being used to power some of the agentic investigation and response capabilities.
“As the volume of security data grows, organizations need new ways to analyze and act on that information quickly and at scale,” said Karthik Venkatesan, Security Engineering Lead at Adobe. “Databricks provides the foundation needed to move from data-driven to AI-driven approaches for security operations, and Lakewatch is an important step toward bringing security intelligence closer to where data already lives.”
Databricks also disclosed acquisitions of Antimatter and SiftD.ai, two startups focused on agent security and large-scale detection engineering, moves that suggest the company is serious about building a full security stack rather than just adding another feature to the lakehouse.
If you want to read more stories like this and stay ahead of the curve in data and AI, subscribe to BigDataWire and follow us on LinkedIn. We deliver the insights, reporting, and breakthroughs that define the next era of technology.
The post Databricks Enters Cybersecurity Market With Lakewatch SIEM Platform appeared first on BigDATAwire.
.Organize the content with appropriate headings and subheadings ( h2, h3, h4, h5, h6). Include conclusion section and FAQs section with Proper questions and answers at the end. do not include the title. it must return only article i dont want any extra information or introductory text with article e.g: ” Here is rewritten article:” or “Here is the rewritten content:”
