The newly launched Lakewatch platform represents Databricks’ aggressive entry into the cybersecurity sector, positioning its open security lakehouse as a direct challenger to legacy SIEM providers.
By shifting from a data-storage pricing model to a consumption-based structure, the company aims to remove financial barriers that traditionally forced enterprises to filter critical security telemetry.
Strategic acquisitions of security startups Antimatter and SiftD, coupled with a deepening integration with Anthropic’s AI models, signal a deliberate push to scale its security portfolio ahead of a highly anticipated public offering.
Databricks has formally entered the cybersecurity arena with the introduction of Databricks Lakewatch, a next-generation Security Information and Event Management (SIEM) system designed specifically to counter the growing sophistication of AI-powered cyberattacks. The move represents a decisive pivot for the data giant, which is leveraging its foundational expertise in unified data management to address what it describes as a fundamental architectural flaw in traditional security operations.
Legacy SIEM platforms, the company argues, were never built to handle the scale and variety of modern telemetry, forcing organizations to make untenable choices about which data to retain at a time when AI-driven threats demand complete visibility.
At the core of Lakewatch’s strategy is a departure from the industry-standard pricing model. Instead of charging customers based on the volume of data ingested and stored—a practice that often leads to critical security data being discarded—Databricks will determine costs based on the computational work the software performs. This consumption-based approach, according to CEO and cofounder Ali Ghodsi, aligns with the maturation of large language models. Ghodsi noted that LLMs have now advanced to a point where they can reliably automate and augment substantial portions of security workflows, making it feasible to analyze an organization’s full telemetry dataset without prohibitive cost barriers.
To accelerate its cybersecurity ambitions, the privately held company has been actively consolidating specialized talent and technology. Databricks recently acquired security startup Antimatter, known for its data access control capabilities, and has entered into an agreement to purchase SiftD, a firm with deep expertise in security operations developed during its team’s prior experience at Splunk.
These acquisitions are intended to bolster Lakewatch’s ability to unify enterprise security data within an open security lakehouse architecture, a framework that promises to replace fragmented legacy systems with a single, agentic platform capable of adapting to dynamic threats.
The company’s deepening partnership with Anthropic further underscores its commitment to embedding generative AI directly into security operations. Anthropic’s models are integrated within Lakewatch to provide autonomous reasoning and threat response, while Anthropic itself relies on Databricks to power its own security infrastructure.
As Databricks bulks up its enterprise security capabilities, the Lakewatch launch is widely viewed as a strategic move to strengthen its portfolio and market narrative ahead of a looming initial public offering, positioning the company to compete directly with established cybersecurity incumbents in a rapidly evolving sector.
