Databricks is stepping into the security market with Lakewatch, an agentic SIEM built on its data platform. The product combines security, IT, and business data into a single environment, allowing organizations to run detection and response workflows at scale using AI. The move places Databricks directly into the security operations space at a time when organizations are struggling to keep up with faster, more automated threats.Lakewatch is built around a data-first approach. It enables organizations to ingest and analyze large volumes of structured and unstructured data, including logs, audio, and video, without needing to move or duplicate that data across systems. This addresses a long-standing issue in security operations, where high ingestion costs and fragmented tooling often limit how much data teams can retain and analyze, leaving gaps in visibility.The platform also introduces agent-driven workflows for detection, triage, and investigation. These capabilities are designed to automate parts of the security operations lifecycle that are still heavily manual in many environments. Features such as detection-as-code and built-in governance aim to align security processes more closely with modern data engineering practices, while reducing the operational burden on analysts.For MSSPs and enterprise security teams, the launch points to a shift in how SIEM platforms are evolving. Security operations are moving toward data-centric architectures that prioritize scale, automation, and integration with broader data ecosystems. This changes how services are delivered, particularly in multi-tenant environments, and raises new questions about how providers manage data, control costs, and operationalize AI within their SOC workflows.
You can skip this ad in 5 seconds