Databricks' Bold AI Security Gambit: Lakewatch Crushes Legacy SIEM with Startup Buys
# Databricks' Bold AI Security Gambit: Lakewatch Crushes Legacy SIEM with Startup Buys
Databricks isn't messing around. Fresh off a $7 billion war chest, they've acquired Antimatter and SiftD.ai to launch Lakewatch, a game-changing open agentic SIEM built on their lakehouse platform. This isn't just another security tool—it's a direct assault on stagnating giants like CrowdStrike and Palo Alto, promising petabyte-scale threat detection at up to 80% lower TCO.
<> "Security teams can no longer rely on manual workflows to outpace AI-driven attacks," blasts Databricks CEO Ali Ghodsi. "Lakewatch gives enterprises agentic capabilities to replace stagnating SIEM tools." He's spot on. Attackers wield AI agents scanning systems at machine speed, while defenders drown in siloed data and discard 75% of telemetry due to insane ingestion costs. Lakewatch flips the script: unify security, IT, and business data—including multimodal video/audio for insider threats—in one governed lakehouse. No duplication, no lock-in, just raw power./>
Smart Acquisitions Fuel the Fire
These aren't random buys; they're precision strikes. Antimatter, from UC Berkeley security whizzes, brings a "data control plane" for secure AI agent deployment—proven in RSA's 2024 Innovation Sandbox. Founder Andrew Krioukov now leads Lakewatch. SiftD.ai, an acquihire led by Splunk SPL creator Steve Zhang, adds notebook-style human-agent collab for massive threat analysis. Small teams, big brains—employees folded seamlessly into Databricks.
Agentic Warfare: Fight Fire with AI Fire
Lakewatch deploys swarms of defensive agents powered by Anthropic's Claude models. Correlate signals across petabytes, automate detection/triage/hunting, and query in plain English via Genie. Features like Genie Code auto-author detections and slash false positives; Genie Spaces democratize threat hunting. It's cloud-agnostic, integrates with Okta/Palo Alto/Wiz, and uses Detection-as-Code with Unity Catalog governance.
Early adopters? Adobe, Dropbox, NAB—already hunting threats faster. Anthropic even runs Lakewatch for its own security lakehouse.
Why This Changes Everything (My Take)
Data platforms like Databricks own the future of security. Elastic and ServiceNow proved it; now Databricks leverages its lakehouse economics to gut SIEM bloat. Legacy vendors peddle "platformization" hype, but Lakewatch captures margins by using your existing data. No more discarding logs—retain 100%, analyze forever, deploy agents on-demand with serverless compute.
Skeptics? Sure, can a data giant out-threat-hunt specialists? Decades of expertise matter, but AI asymmetry demands speed and scale security can't match alone. Lakewatch's open architecture and cost wins position it to dominate. If it delivers (private preview now), expect a cybersecurity earthquake.
Databricks isn't entering security—they're redefining it. Developers, build on this: agentic ops on lakehouse means infinite scale for your AI defenses. Game on.
