Earlier this week, Databricks announced Lakewatch, a new open, agentic SIEM designed to help organizations defend against increasingly sophisticated, AI-driven attacks. Lakewatch is currently available in Private Preview.
Lakewatch unifies security, IT, and business data into a single, governed environment for AI detection and response. Built on open formats, it enables customers to ingest, retain, and analyze unprecedented volumes of multi-modal data while reducing costs and eliminating vendor lock-in.
Here’s what stands out:
- Unifies security, IT, and business data into a single, governed environment
- Enables customers to ingest, retain, and analyze unprecedented volumes of multi-modal data
- Built on the Open Cybersecurity Schema Framework (OCSF) and supports Delta Lake and Apache Iceberg
- Provides fine-grained access control at table, row, column, and attribute levels with full auditability
- Decouples storage from compute, allowing customers to store data and only pay for compute when running analytics
Lakewatch also introduces agentic capabilities through Genie and Genie Spaces, helping automate tasks such as log ingestion, detection creation, rule tuning, and threat investigation.
By bringing the lakehouse architecture to security operations, Lakewatch enables teams to analyze security data alongside business data, retain full-fidelity telemetry, and respond to threats more effectively.
