LAKEWATCH

The agentic SIEM built for machine speed defense

Transform your SOC with unlimited, unified data, petabyte scale and swarms of agents

TOP TEAMS DEFEND WITH DATABRICKS

Watch Ali Ghodsi’s full RSA keynote

Watch Replay Now

BENEFITS

Defend at machine speed. Fight agents with agents.

Eliminate blind spots and bottlenecks. Lakewatch unifies your data estate to power autonomous agents that hunt, triage and neutralize threats at machine speed.

Open data platform

Unify all security, IT and business data on an open foundation. Use Unity Catalog to govern your entire estate in a single place, eliminating silos and vendor lock-in while providing full context for investigations without ever moving your data.

No data limits

Scale visibility as fast as your data grows. Stop dropping logs due to high costs and land 100% of your telemetry. Retain petabytes of data for years with affordable, cloud-scale pricing and no limits.

Native agentic automation

Lakewatch security agents eliminate the manual detection lifecycle by automating rule authoring, data normalization and triage natively on the lakehouse. Offload the investigative grunt work, allowing your hunters to focus exclusively on high-fidelity defense and act on threats with sub-second speed.

Read the press release

Eliminate silos and automate defense: read why the future of SIEM is open and agentic.

Read now

FEATURES

Built to scale and unify your security operations

Eliminate blind spots. Ingest high-volume logs at scale to power AI-driven hunting and detection engineering as code.

Ingest unlimited high-volume logs from everywhere across your enterprise. Power long-term retention and petabyte-scale analytics while maintaining full budget control.

Learn more about Security Scale

Ask natural-language questions with Genie to find threats fast. Use Agent Bricks to build autonomous agents to triage and pivot across identity, endpoint and network signals instantly.

Learn more about Agent Bricks

Bring DevOps to security. Manage detections as code with automated testing and deployment to ensure your defense is always version-controlled and verified.

Map logs from any data source to OCSF automatically and seamlessly cross-source correlation and visibility.

Learn more about normalization

Query billions of records instantly with native indexing. Provide analysts with a high-performance search experience for petabyte-scale investigations.

Databricks Platform security features

Unity Catalog

Govern your security estate with Unity Catalog. UC provides Lakewatch with unified access control, auditing and data lineage across all security telemetry.

Learn more about Unity Catalog

Databricks Apps

Build custom security apps with Lakewatch and Databricks Apps. Create native threat intel and SOC tools that run directly on your data for unified incident response.

Learn more about Databricks Apps

Agent Bricks

Build security agents with Agent Bricks to automate manual SOC tasks. Autonomously triage and summarize investigations directly on your Lakewatch security data.

Learn more about Agent Bricks

Delta Sharing

Securely share Lakewatch data and threat intel with partners via Delta Sharing. Enable live data exchange without movement while maintaining full auditability.

Learn more about Delta Sharing

Lakeflow Connect

Use Lakeflow Connect to reliably land all your security logs. Automate the ingest process to eliminate manual ETL and data wrangling.

Learn more about Lakeflow Connect

Security Analysis Tool (SAT)

Analyze your security posture with SAT. Identify configuration risks and harden your workspace to ensure a secure foundation for your Lakewatch data.

Learn more about SAT

Databricks AI Security Framework (DASF)

Build trustworthy AI with DASF. Apply the Databricks AI Security Framework to harden your Lakewatch agents and protect security models from emerging risks.

Learn more about DASF