Databricks Inc. has officially stepped into the cybersecurity spotlight by introducing Lakewatch, a powerful new security information and event management (SIEM) solution built directly on its cloud data platform. At the same time, the company strengthened its cybersecurity strategy by acquiring two innovative startups, Antimatter Inc. and SiftD Inc., signaling a strong push toward AI-driven security operations.
To begin with, Lakewatch aims to address one of the biggest challenges organizations face managing massive volumes of cybersecurity data efficiently. SIEM tools traditionally analyze telemetry across infrastructure systems to identify threats and uncover connections between seemingly unrelated security incidents. However, the cost of storing and processing such vast datasets often forces companies to delete historical logs, ultimately weakening their ability to investigate breaches.
Databricks, however, is taking a different approach. By allowing organizations to store cybersecurity logs in services like Amazon S3 without incurring “per-byte license fees,” Lakewatch enables long-term data retention without significantly increasing costs. As a result, companies can maintain deeper visibility into their security posture while improving threat detection capabilities.
“This will be the year we see AI killing the SIEM,” Databricks CEO Ali Ghodsi said at a presentation today at the RSAC cybersecurity conference in San Francisco — except of course Databricks’ version. “So now we can fight agents with agents,” which can do a first pass on hundreds of daily alerts that humans can’t manage.
Moreover, Lakewatch reduces infrastructure complexity by eliminating the need to transfer data between platforms. Since the solution is natively built into the Databricks ecosystem, organizations can avoid costly data duplication processes typically required when using third-party detection tools.
In addition, Lakewatch leverages Genie, Databricks’ built-in AI assistant, to transform raw telemetry into the Open Cybersecurity Schema Framework (OCSF) format. This standardization simplifies data analysis and accelerates threat detection. Not only that, Genie enhances usability through a conversational interface, allowing administrators to query security data and investigate potential threats more intuitively.
Another key advantage lies in automation. Lakewatch enables users to create, test, and deploy detection scripts powered by AI. Furthermore, organizations can design custom AI agents tailored for cybersecurity workflows, such as prioritizing alerts based on severity and automating response actions.
Importantly, several of these capabilities are powered by Anthropic PBC’s Claude AI models. This builds on a previously established partnership, which Databricks is now expanding to support Lakewatch’s rollout.
Meanwhile, the acquisitions of Antimatter and SiftD add further depth to Databricks’ cybersecurity portfolio. Antimatter brings expertise in securing SaaS data using secure enclave technology, while SiftD contributes innovations in agentic automation for security engineering.
Currently, Lakewatch is in private preview, and Databricks plans to integrate technologies from both acquisitions to enhance its capabilities further. Altogether, this move positions Databricks as a strong contender in the evolving AI-driven cybersecurity landscape.
Recommended Cyber Technology News:
- NSS Labs Names Keysight Lead in AI Security Testing Initiative
- Mobileum Launches AI Fraud Detection at Grameenphone
- KnowBe4 Launches Phish Alert Button for Microsoft Teams
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
