Data warehouse company Databricks launched a new open agent security information and event management (SIEM) software called ‘Lakewatch‘ on the 26th. revealed. This is our first official move to expand beyond data warehousing into the security analysis area.
Databricks promotes LakeWatch as a cost-effective alternative to existing traditional security tools. They claim that by integrating security analytics into their data platform, they can lower overall security operating costs.
“Currently, competing SIEM solutions are forcing up to 75% of data to be discarded due to the high cost of data collection,” said Andrew Kryukov, general manager of Lakewatch at Databricks, in an interview with CIO.com’s sister publication InfoWorld. “Attackers can use AI to attack anywhere, but defenders only see a portion of the total data.” He continued, “LakeWatch aims to bridge this gap, and our Lakehouse architecture is designed to process large amounts of data at low cost.”
Kryukov also said, “Unlike other SIEM platforms, we do not charge based on data collection or storage capacity, but rather based on the computing resources used by security teams. This allows companies to reduce total cost of ownership (TCO) by up to 80% while keeping years of data immediately viewable for regulatory compliance and threat detection.”
Market analysts also agreed to some extent with this argument.
He is in charge of the AI stack at the consulting firm HyperFRAME Research. Stephanie Walter“There is a clear cost problem with SIEM. Data collection fees are too high, so many organizations are unable to preserve all data and discard it,” he said.
Research director at HFS Research, another consulting firm Akshat Tyagi He also evaluated, “If a company wants to preserve large-scale data for a long period of time, Lakewatch can provide cost savings in some environments.”
However, the analyst pointed out that the costs will not simply disappear. The explanation is that the savings may not be as simple as expected, and costs are likely to shift from the collection phase to the computing and data processing phase.
Senior Analyst at Moor Strategy and Insights robert kramer“Costs don’t go away, they move,” he said. “If you don’t control usage, computing costs can increase quickly. It may be more efficient, but it doesn’t automatically make it cheaper.”
Beyond the cost issue, analysts said Lakewatch represents a structural change in the way companies operate their security operations, especially in their analytics systems.
Lakewatch is a platform that organically combines Unity Catalog for governance and access control, Lakeflow Connect for security data collection and streaming, and Open Cybersecurity Schema Framework (OCSF), which standardizes heterogeneous log formats. This transforms Lakehouse into a central system of record for security operations, explains Stephanie Walter, AI stack leader at Hyperframe Research.
Walter also predicted that the additional contextual information obtained from the vast amount of data integrated into Lakehouse will likely act as a catalyst to accelerate the automation of large-scale security operations using agents.
However, connecting these advantages to actual adoption decisions by CIOs and CISOs within a short period of time may be a difficult task for Databricks.
Robert Kramer of MoorStrategy & Insights analyzed, “Lakewatch has a strong nature of supplementing rather than replacing existing SIEM,” and added, “Initial adoption is likely to be centered around large corporations that have already strategically invested in Databricks. In particular, companies that value flexibility or cost control will be the main targets.” He continued, “There is consistency with existing investments, but as this is a new area for the operational security team, the key is to build trust through proven use cases.”
Nevertheless, Databricks is clearly showing its commitment to the security market. The analyst’s view is that the recent acquisition of cybersecurity startups Antimatter and SiftD.ai proves this.
Walter said, “This move is not a one-time addition of SIEM functions, but is closer to the starting point of building a long-term security portfolio. Acquiring a company specializing in security is a strategic move to secure trust beyond the level of strengthening functions. Security buyers trust vendors with expertise in the field, not just the size of the infrastructure.”
dl-ciokorea@foundryco.com
