Databricks has entered the AI-based security monitoring market. Known as a data processing and analysis platform company, the firm unveiled 'Lakewatch,' an open agentic SIEM that connects security, IT, and business data within a single governance environment to support threat detection, investigation, and automated response. While existing SIEMs have been constrained by data collection costs, closed structures, and manual responses, Databricks plans to transform this into a structure centered on large-scale data analysis and AI agents.

Databricks announced on the 26th that it has unveiled LakeWatch and is currently offering it in a private preview. The company stated that the product is designed to support threat detection and investigation in petabyte-scale data environments and named Adobe and Dropbox as initial clients.

The background of this release involves a change in attack methods. Databricks noted that as attackers increasingly utilize AI agents to continuously scan systems and locate vulnerabilities, human-centric manual security operations alone are struggling to keep up with response speeds. In particular, they explained that due to high data loading costs, some organizations are discarding large volumes of logs and telemetry data, leading to a growing asymmetry where defenders must respond based on less information.

To mitigate these issues, LakeWatch promotes a structure that integrates, stores, and analyzes data in an open format, handling not only structured data but also multimodal data such as video and audio. Based on this, it is designed to expand the scope of detection for social engineering attacks, insider threats, and anomalies, and enables multiple AI agents to automate detection, classification, and threat hunting. Databricks stated that it also provides code-based detection, automated testing and deployment, and governance and compliance support through the Unity Catalog during this process.

The company is also simultaneously pursuing ecosystem expansion. Databricks announced that it is building an "Open Security Lakehouse Ecosystem" in collaboration with Akamai, Octa, Palo Alto Networks, Wiz, and Zscaler, and proposed a direction to comprehensively analyze security, IT, and business signals by integrating Antropic's Claude model into LakeWatch. The company explained that Antropic is also utilizing Databricks to build its own security lakehouse.

Databricks also pursued acquisitions to expand its security business. The company announced the acquisition of Antimatter, which developed AI agent authentication and authorization management technology, and SiftD.ai, which possesses large-scale detection engineering and threat analysis capabilities. This announcement is interpreted as an example demonstrating the trend of data platform companies expanding their business scope into the security operations market.