{"id":16008,"date":"2026-03-26T12:46:09","date_gmt":"2026-03-26T12:46:09","guid":{"rendered":"https:\/\/newestek.com\/?p=16008"},"modified":"2026-03-26T12:46:09","modified_gmt":"2026-03-26T12:46:09","slug":"databricks-pitches-lakewatch-as-a-cheaper-siem-but-is-it-really","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16008","title":{"rendered":"Databricks pitches Lakewatch as a cheaper SIEM \u2014 but is it really?"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Databricks has previewed a new open agentic Security Information and Event Management software (SIEM) named Lakewatch that signals its first deliberate step beyond data warehousing into security analytics.<\/p>\n<p>The data warehouse-provider is pitching Lakewatch as a lower-cost alternative to traditional security tools, arguing that consolidating security analytics into its data platform can reduce overall spend.<\/p>\n<p>\u201cRight now, existing solutions\u2019 (rival SIEMs) ingestion costs force teams to discard up to 75% of their data, so while attackers can use AI to attack anywhere, defenders only see a fraction of their own data. Our goal with Lakewatch is to close this gap\u2026 because our lakehouse architecture is uniquely built to handle massive amounts of data cheaply,\u201d\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/krioukov\" target=\"_blank\" rel=\"noreferrer noopener\">Andrew Krioukov<\/a>, general manager of Lakewatch at Databricks, told InfoWorld.<\/p>\n<p>\u201cUnlike other SIEM platforms, we do not charge based on the amount of data ingested or stored, but rather on the compute that security teams use. This allows organizations to achieve up to an 80% reduction in total cost of ownership (TCO) while maintaining years of hot, queryable data for compliance and hunting,\u201d Krioukov added.<\/p>\n<p>Analysts, too, agree with Krioukov, but only in part.<\/p>\n<p>\u201cThe cost problem in SIEM is real. Many organizations often are forced to discard data because ingestion pricing makes full retention prohibitively expensive,\u201d said\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/slwalter\">Stephanie Walter<\/a>, leader of the AI stack at HyperFRAME Research.<\/p>\n<p>In contrast, Lakewatch can reduce costs in some cases, especially if enterprises want to retain large amounts of data, echoed\u00a0<a href=\"https:\/\/www.hfsresearch.com\/team\/akshat-tyagi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Akshat Tyagi<\/a>, associate practice leader at HFS Research.<\/p>\n<p>However, analysts warned that savings may be less straightforward, with costs potentially shifting to compute and data processing rather than disappearing altogether.<\/p>\n<p>\u201cCosts don\u2019t disappear; they shift. If usage isn\u2019t controlled, compute can add up quickly. It can be more efficient, but not automatically cheaper,\u201d said\u00a0<a href=\"https:\/\/moorinsightsstrategy.com\/team\/robert-kramer\/\" target=\"_blank\" rel=\"noreferrer noopener\">Robert Kramer<\/a>, principal analyst at Moor Strategy and Insights.<\/p>\n<p>Beyond costs, though, analysts say Lakewatch is offering a progressive structural shift in how enterprises conduct security operations, especially analytics.<\/p>\n<p>The platform stitches together components such as\u00a0<a href=\"https:\/\/www.infoworld.com\/article\/2337619\/databricks-races-with-snowflake-to-open-up-data-catalog-source-code.html\">Unity Catalog<\/a>\u00a0for governance and access control,\u00a0<a href=\"https:\/\/www.infoworld.com\/article\/4005068\/databricks-targets-ai-bottlenecks-with-lakeflow-designer.html\">Lakeflow Connect<\/a>\u00a0for ingesting and streaming security data, and the Open Cybersecurity Schema Framework (<a href=\"https:\/\/www.csoonline.com\/article\/573487\/key-takeaways-from-the-open-cybersecurity-schema-format.html\">OCSF<\/a>) to standardize disparate log formats, effectively turning the lakehouse into a centralized system of record for security operations, Walter said.<\/p>\n<p>The added context from all the combined data in the lakehouse is also likely to act as an accelerant for helping enterprises automate security operations at scale with agents, Walter added.<\/p>\n<p>That said, translating these benefits into near-term buy-in from CIOs and CISOs could prove challenging for Databricks.<\/p>\n<p>\u201cThis is more likely to complement existing SIEMs than replace them. Early adoption will come from large enterprises already committed to Databricks, especially those seeking flexibility or cost control. It aligns with existing investments but remains new territory for operational security teams. Building trust through proven use cases will be key,\u201d Kramer said.<\/p>\n<p>Even so, Databricks is signaling serious intent, with the acquisitions of two cybersecurity startups \u2014 Antimatter and SiftD.ai, which analysts say point to its broader security roadmap ahead. \u201cThis looks like the foundation of a long-term security portfolio, not a one-off SIEM feature. Acquiring security-focused companies is less about adding features and more about importing credibility. Security buyers trust vendors with domain depth, not just infrastructure scale,\u201d HyperFRAME Research\u2019s Walter said.<\/p>\n<p><em>The article originally appeared in <a href=\"https:\/\/www.infoworld.com\/article\/4150497\/databricks-pitches-lakewatch-as-a-cheaper-siem-but-is-it-really.html\">InfoWorld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Databricks has previewed a new open agentic Security Information and Event Management software (SIEM) named Lakewatch that signals its first deliberate step beyond data warehousing into security analytics. The data warehouse-provider is pitching Lakewatch as a lower-cost alternative to traditional security tools, arguing that consolidating security analytics into its data platform can reduce overall spend. \u201cRight now, existing solutions\u2019 (rival SIEMs) ingestion costs force teams&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=16008\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16008","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16008"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16008\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}