Databricks Bolsters Cybersecurity with Lakewatch Ahead of IPO

Databricks, a titan in the data and AI landscape, is strategically pivoting towards cybersecurity with its new offering, Lakewatch. This move signals a significant expansion for the company, which has already established itself as a major software player by processing vast amounts of data and running sophisticated generative AI models for enterprise clients. The valuation of Databricks, currently pegged at a formidable $134 billion, could see further justification and validation with this new venture, especially as the company navigates discussions around a potential initial public offering, with CEO Ali Ghodsi not ruling out a 2026 IPO.

Lakewatch aims to disrupt the established Security Information and Event Management (SIEM) market, challenging incumbents like Palo Alto Networks, Cisco-owned Splunk, Google, and Microsoft. The core of Databricks’ innovation lies in its pricing model for Lakewatch. Instead of the conventional approach of charging based on data volume stored, Databricks will price the service based on the computational work performed by the software. This is a critical distinction, as Ghodsi points out, “The prevailing pricing model is at odds with protecting against this avalanche that’s coming our way, because it’s just too prohibitively expensive to get all your data in there.” This new model is designed to be more cost-effective and accessible for organizations grappling with an ever-increasing deluge of security data.

The Lakewatch platform is engineered to ingest and analyze data from a wider array of sources than traditional security tools. This includes integrating information from everyday applications like Slack or Workday, providing a more holistic and comprehensive view of an organization’s security posture. While Databricks will not charge for data storage itself, it will require customers to maintain their data within cloud-based data lake services, from which Lakewatch can then operate.

The timing of Lakewatch’s debut is particularly salient, given the growing anxieties within the investor community regarding the dual-edged sword of Large Language Models (LLMs). While LLMs offer immense potential for augmenting cybersecurity defenses, they also present new avenues for sophisticated cyberattacks. The market has already reacted to this dynamic; for instance, a preview of Anthropic’s code vulnerability scanning tool saw a notable dip in the Global X Cybersecurity Exchange-Traded Fund. Similarly, the broader software sector, particularly Software-as-a-Service (SaaS) stocks represented by the WisdomTree Cloud Computing Fund, has experienced downward pressure, reflecting concerns about AI-driven disruption. Ghodsi acknowledges this shift, stating, “With the sort of SaaS disruption that we’re seeing, Databricks will definitely partake in that disruption.”

Generative AI has demonstrably accelerated the exploitation of newly discovered vulnerabilities by malicious actors, necessitating more advanced tools to manage the escalating volume of security alerts. Databricks is bolstering its cybersecurity capabilities through strategic acquisitions. The company recently acquired the security startup Antimatter, whose technology forms a component of Lakewatch. Furthermore, Databricks has entered into an agreement to acquire SiftD, a company whose founders possess extensive experience from Splunk, a recognized leader in the SIEM space. This acquisition is particularly noteworthy, as Reynold Xin, another Databricks co-founder, highlighted the SiftD team’s pivotal role in developing Splunk’s highly valued search and user interface technologies.

With Lakewatch, security professionals can expect to benefit from enhanced alert prioritization, with generative AI models offering contextual insights into each security incident. The platform also features a “Genie” AI agent, enabling experts to query and gain understanding about emerging threats. Looking ahead, Ghodsi indicated that Databricks plans to introduce automated threat response capabilities to Lakewatch, further solidifying its position as a comprehensive cybersecurity solution. Early adopters like Adobe and National Australia Bank, along with Anthropic utilizing Databricks for its own cybersecurity needs with models running within Lakewatch, underscore the product’s immediate relevance and growing adoption trajectory.