Databricks has launched Lakewatch, its open, agentic SIEM (Security Information and Event Management) system designed to help customers defend against agent attackers.
Lakewatch unifies security, IT and business data into a single, governed environment for AI detection and response. It has open formats and an open ecosystem, enabling customers to ingest, retain and analyse large volumes of multi-modal data at lower costs and without vendor lock-in, the company claims.
Key features of Lakewatch, which is designed to deliver agentic security atop the scale of an open security lakehouse, include the ability to build, optimise, and deploy custom security agents with the company's Agent Bricks product to handle complex workflows end-to-end.
Agents parse and enrich telemetry across hundreds of formats, intending to reduce Mean Time to Detect & Respond, while remaining inside the secure, governed environment where data already lives.
Integrated with Databricks' business intelligence product Genie, Lakewatch automates triage and plans multi-step approaches, as well as possessing the ability to unify all structured and unstructured security data on one open, cloud-agnostic platform that integrates with any tool to identify social engineering, insider threats, and anomaly detection.
Databricks’ new Open Security Lakehouse Ecosystem is a group of security vendors and delivery partners, including Akamai, Anvilogic, Arctic Wolf, Cribl, Obsidian, Okta, Palo Alto Networks, 1Password, Panther, Proofpoint, Rearc, Slack, TrendAI, Wiz (now part of Google Cloud), and Zscaler.
The company is also deepening its partnership with AI model developer Anthropic to deliver agentic security operations. Anthropic’s Claude models help power Lakewatch, using Claude's advanced reasoning capabilities to correlate signals across security, IT, and business data to surface threats faster, while Anthropic also uses Databricks for its own security lakehouse.
To advance its open, agentic SIEM approach, Databricks has acquired Antimatter and SiftD.ai.
“Security teams can no longer rely on manual workflows to outpace AI-driven attacks,” said Ali Ghodsi, co-founder and CEO of Databricks.
“With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools. Defenders must have even better visibility and speed than today’s agent attackers.”
Lakewatch is now available in private preview.
_(25).jpg&h=142&w=230&c=1&s=1)
_(30).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0){kind=logo}
