Databricks is entering the cybersecurity market with Anthropic assist

Databricks launched Lakewatch, an agentic AI powered SIEM (Security Information and Event Management) system, which aims to unify security, TI and business data in one environment.

Simply put, the companies that manage your data are entering the market to secure it too. And if you believe security is a data problem at its core, the recent moves by Databricks as well as Elastic and ServiceNow make sense. The rise of AI agents is likely to mean a bevy of new cybersecurity entrants from cybersecurity newcomers.

Databricks' move into security is partly enabled through its partnership with Anthropic. The two companies collaborated on powering agentic security operations powered by Claude models. To round out its security push, Databricks said it has acquired Antimatter and SiftD.ai.

• Databricks details Q4 figures, raises $7 billion to build out Lakebase, Genie
• Databricks forges partnership with Anthropic, adds innovative system to enhance open source LLMs
• Celonis makes case for process, context in agentic AI, forges Databricks partnership
• Google Cloud Gemini models go to GA on Databricks
• Databricks, OpenAI form $100 million partnership

According to Databricks, Lakewatch will give customers the ability to ingest, retain and analyze multi-modal data and cut costs and lock in. Databricks is betting it can capture margin as well as enterprises resisting the platformization pitch from the likes of CrowdStrike and Palo Alto Networks.

Databricks said Lakewatch will give enterprises the ability to deploy defensive security agents and automate workflows. In addition, enterprises will avoid costs associated with ingesting data. Since Lakewatch is built on Databricks, data is already in place.

Ali Ghodsi, CEO of Databricks, said Lakewatch will give companies "a new open data architecture and agentic capabilities to replace stagnating SIEM tools.

Lakewatch, which is in private preview, has the following:

• Tools to triage and investigate with custom security agents built on Agent Bricks.
• Automated security intelligence via integration with Databricks' Genie to automate multi-step workflows.
• Log storage without licensing fees.
• Data ownership using open formats.
• Serverless performance.
• An open ecosystem via Databricks Open Security Lakehouse Ecosystem. Databricks already has a strong list of security vendor partnerships including Okta, Palo Alto Networks, Google Cloud's Wiz and Zscaler. CrowdStrike is missing from the launch announcement.
• Detection-as-code features via automated testing and deployment.
• Policy enforcement via Unity Catalog.