Databricks Lakewatch

Databricks Lakewatch is a security information and event management (SIEM) platform built on the Databricks Data Intelligence Platform. It is designed to support security operations center (SOC) workflows at petabyte scale, combining data lakehouse architecture with AI-driven detection and response capabilities. Core functionality: - Operates as an open, agentic SIEM that ingests and correlates security data at large scale - Uses AI agents (described as "swarms of agents") to automate detection and response workflows at machine speed - Built on the Databricks lakehouse architecture, enabling unified storage and processing of security telemetry alongside other enterprise data - Designed to eliminate data silos by consolidating security data into a single platform Platform characteristics: - Described as "open," indicating support for open data formats and interoperability - Targets enterprise-scale environments requiring petabyte-level data ingestion and analysis - Positioned as a next-generation SIEM that incorporates agentic AI for automated threat detection and response - Part of the broader Databricks Data Intelligence Platform, which includes Unity Catalog for governance, Delta Lake for data management, and Delta Sharing for data sharing Use case focus: - Security operations and SOC modernization - Unified security data management across large-scale environments - AI-assisted threat detection and incident response - Replacing or augmenting traditional SIEM deployments with a lakehouse-native approach