Databricks Inc. today debuted Lakewatch, a cybersecurity product built atop its cloud data platform.

The company also disclosed that it has acquired two startups called Antimatter Inc. and SiftD Inc. Databricks said the deals will help enhance its newly launched cybersecurity capabilities.

Lakewatch is a SIEM, or security information and event management, application. SIEM tools analyze telemetry from multiple components of a company’s infrastructure to find breaches. They can detect when cybersecurity issues that affect disparate components are connected to the same hacking campaign.

The large amount of data that SIEM tools ingest can make them expensive to operate. Administrators address the issue by occasionally deleting historical cybersecurity logs. That cuts storage costs, but also decreases the amount of information available for cybersecurity investigations.

“This will be the year we see AI killing the SIEM,” Databricks Chief Executive Ali Ghodsi said at a presentation today at the RSAC cybersecurity conference in San Francisco —  except of course Databricks’ version. “So now we can fight agents with agents,” which can do a first pass on hundreds of daily alerts that humans can’t manage.

Databricks says Lakewatch addresses the challenge. According to the company, the tool makes it possible to keep cybersecurity logs in storage services such as Amazon S3 and doesn’t incur “per-byte license fees.” That enables companies to retain more cybersecurity information than would otherwise be practical.

Lakewatch also promises to reduce infrastructure costs in other ways. Some cybersecurity tasks require companies to copy the system logs they keep in Databricks’ cloud data platform to a third-party breach detection tool. Lakewatch is built directly on Databricks’ platform, which removes the need to copy data and avoids the associated expenses.

It can ingest telemetry from a company’s cybersecurity tools, cloud applications and other sources. It uses Genie, an artificial intelligence assistant built into Databricks’ platform, to turn the collected data into a format called OCSF. The technology organizes cybersecurity logs in a standardized form to ease analysis.

Genie also underpins Lakewatch’s user interface. The AI powers a chat box that administrators can use to analyze their company’s cybersecurity data. For example, a user could enter the name of a newly discovered hacking campaign and ask Genie whether any internal systems are affected.

The AI assistant can also generate detections. Those are scripts that scan cybersecurity telemetry for patterns indicative of malicious activity. According to Databricks, Lakewatch can not only create but also test and deploy detections.

Administrators can automate additional tasks by creating custom cybersecurity-optimized AI agents. Such agents lend themselves to use cases such as prioritizing breach notifications by severity.

Several Lakewatch features are powered by Anthropic PBC’s Claude model series. Last March, Databricks inked a five-year deal to bring the AI provider’s algorithms to its cloud data platform. The companies are expanding their partnership to support the launch of Lakewatch.

Lakewatch is currently in private preview. Databricks plans to enhance the platform using assets from Antimatter and SiftD, the two cybersecurity startups it has acquired.

Antimatter raised $12 million in 2022 from a consortium that included several prominent enterprise technology executives. The startup developed a platform for securing data stored in software-as-a-service applications. The platform used secure enclaves, an encryption feature built into server processors, to shield records from hacking attempts.

SiftD is an early-stage startup founded by former Splunk engineers. The company’s minimalist website states that it was working on “agentic automation for security engineering” prior to the acquisition. 

The acquisition terms were not disclosed.

With reporting from Robert Hof

Image: Databricks