Databricks is known for its focus on data storage, analysis, and management, with its AI-driven Data Intelligence Platform built atop a data lakehouse architecture that offers a unified data and governance solution.
Now, the San Francisco company is expanding deeper into the area of data security in a move designed to help organizations and MSSPs better defend against AI-based security threats by unifying increasingly distributed sources of data, infusing them with greater intelligence, and enabling companies to respond to the threats quickly.
Databricks has introduced a
Data Intelligence for Cybersecurity platform that combines Data Intelligence Platform capabilities and integrations with organizations’ SIEM, SOAR, endpoint detection and response (EDR), extended detection and response (XDR), and other security operations.
It also delivers greater AI capabilities and unifies and enriches threat telemetry used by MSSPs and security operations center (SOC) and analysts to spot risks faster, understand the circumstances, and respond more quickly, according to the vendor.
The platform can integrate with a range of third-party tools from such cybersecurity vendors as
Arctic Wolf,
Abnormal AI,
Varonis, and
Cribl.
Databricks Builds Its AI Strategy
Databricks executives said the new platform will leverage their Agent Bricks, tools organizations can use to build AI apps and agents that can accurately analyze data and also autonomously take steps throughout the security workflow.
In recent months, Databricks has been aggressively expanding its AI capabilities, including the range of partnerships. Last week, the company announced a
$100 million multi-year partnership with
OpenAI to make the generative AI stalwart’s models natively available on the Databricks Data Intelligence Platform and within its Agent Bricks offering to all of Databricks’ 20,000-plus customers.
OpenAI’s GPT-5 model will be a flagship model for all Databricks customers, they said.
Two days earlier, the company said it was partnering with financial infrastructure and data provider
LSEG to bring its
AI-ready financial data to Databricks and its Agent Bricks to enable financial teams to use their data to build AI agents.
Before that, Databricks announced it was
launching its AI Accelerator Program, a development and investment effort driven by its Databricks Venture arm and aimed at pre-seed and seed stage startups.
Data Intelligence for Cybersecurity is the next step, offering not only the use of its Agent Bricks but also dashboards, AI-powered natural language search, and real-time analytics. Databricks provides security experts and non-technical leaders alike with instant security insights to address emerging threats.
The platform already has a wide range of customers, including
Barracuda Networks,
Palo Alto Networks,
Rivian, and
Akamai.
AI is the Key
“In a world where attacks are faster and more dynamic than ever, organizations need more than just incremental tooling,” Databricks CISO
Omar Khawaja,
Taylor Kain, head of cybersecurity solutions marketing, and
Dave Herrald, global head of cybersecurity go-to-market,
wrote in a blog post. “They need intelligent agents, powered by unified, enterprise-wide data, to rapidly detect, investigate, and respond to threats before they escalate.”
Infusing the cybersecurity strategy with AI makes sense, according to
Rob Enderle, principal analyst at
The Enderle Group.
“Data intelligence is at the core of understanding and mitigating AI cyberthreats,” Enderle told MSSP Alert. “In effect, over time, you’ll need the security AI to be able to react instantly when an AI threat emerges because it will advance at AI speeds, which humans today cannot match. AI threats are small now, but they are increasing at an unprecedented rate, making a service like this critical in a market that is massively exposed to these new threats.”
That said, the analyst added that Databricks needs to be “surfacing more of the threats this service will be designed to mitigate. Selling security requires you to make the buyer feel the threat before they experience it, and to do that, they need more aggressive marketing on both the threats and their solution.”
For MSSPs, the platform will be a useful tool.
“They can help implement this solution, advise on what is and is not working more effectively by using their own installed bases to both identify problems and suggest more targeted solutions to them,” Enderle said. “They can provide a better, more trusted interface to customers for Databricks at a far more granular level.”
Security in a Distributed World
The ongoing migration of data and databases to the cloud and hybrid environments is making it difficult to secure data. In a
report earlier this year, data security vendor
Rubrik found that 90% of the more than 1,600 IT leaders surveyed are managing distributed hybrid environments, with 35% highlighting that securing sensitive data across multiple environments is a key challenge and 30% pointing to a lack of centralized management. About 25% noted the lack of visibility and control over cloud-based data.
This is opening up organizations to cloud-based attacks.
“Malicious actors know [about the challenges], and they are exploiting hybrid cloud systems relentlessly,” the report’s authors wrote. “Attacks are coming over at least 10 vectors, far more than in the past. Bad actors are changing their techniques, from malware to social engineering and identity-based strategies. Identity attacks may now account for nearly 80% of all attacks. The reason? It works. Successful attacks are on the rise, and time from entry to command and control of sensitive data is dropping fast.”
