Databricks, the Data and AI company, is debuting Lakewatch, a new open, agentic SIEM (Security Information and Event Management) designed to help organizations defend against increasingly sophisticated agent attackers.
According to Databricks, Lakewatch unifies security, IT, and business data into a single, governed environment for AI detection and response.
With open formats and an open ecosystem, Lakewatch enables customers to ingest, retain, and analyze unprecedented volumes of multi-modal data, while slashing costs and eliminating vendor lock-in.
Security teams gain complete visibility across the enterprise and can deploy defensive security agents to automate threat detection and response at massive scale, the company said.
With Lakewatch, swarms of AI agents automate detection, triage, and threat hunting to meet machine-speed attackers with machine-speed defense.
“Security teams can no longer rely on manual workflows to outpace AI-driven attacks,” said Ali Ghodsi, co-founder and CEO of Databricks. “With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools. Defenders must have even better visibility and speed than today’s agent attackers.”
Lakewatch is designed to deliver agentic security atop the scale of an open security lakehouse. Key features include:
- Agentic triage and investigation: Build, optimize, and deploy custom security agents with Agent Bricks to handle complex workflows end-to-end.
- Automated security intelligence: Integrated with Genie, Lakewatch automates triage, plans multi-step approaches, and helps enterprises reduce alert fatigue, leaving more time for analysts to focus on high-impact threats.
- Open ecosystem: Unify all structured and unstructured security data on one open, cloud-agnostic platform that integrates with any tool to identify social engineering, insider threats, and anomaly detection. Databricks’ new Open Security Lakehouse Ecosystem is a fast-growing group of leading security vendors and delivery partners, including Akamai, Anvilogic, Arctic Wolf, Cribl, Obsidian, Okta, Palo Alto Networks, 1Password, Panther, Proofpoint, Rearc, Slack, TrendAI, Wiz (now part of Google Cloud), and Zscaler.
- Detection-as-code: Manage detections as code with automated testing and deployment to ensure defense is always version-controlled and verified.
- Governance and compliance at scale: Enable compliance and consistent policy enforcement with Unity Catalog. Access cost-effective, long-term retention out of the box, helping global enterprises meet rigorous new mandates such as NIS2 and DORA.
Enterprise organizations can use Lakewatch to unify their data and detect threats faster with AI, the company said.
To advance its open, agentic SIEM approach, Databricks is announcing the acquisitions of both Antimatter and SiftD.ai. Antimatter was founded by UC Berkeley security researchers who laid the foundation for provably secure authentication and authorization for AI agents. SiftD.ai, founded by the creator of Splunk’s Search Processing Language (SPL) and lead architects of Splunk's search stack, will bring deep expertise in large-scale detection engineering and modern threat analytics, the vendor said.
Lakewatch is now available in Private Preview.
For more information about this news, visit www.databricks.com.