Databricks Lakewatch - A Cheaper SIEM Solution Explained
Basically, Databricks launched a new security tool that aims to save money on data management.
Databricks has introduced Lakewatch, a new SIEM tool aimed at reducing security costs. This innovative platform could help organizations retain more data without breaking the bank. Analysts suggest it may shift costs rather than eliminate them, making it essential for teams to manage usage wisely.
What Happened
Databricks has unveiled Lakewatch, a new open agentic Security Information and Event Management (SIEM) solution. This marks the company's first significant move beyond traditional data warehousing into the realm of security analytics. Lakewatch is being marketed as a cost-effective alternative to conventional SIEM tools. The primary selling point is its ability to consolidate security analytics within Databricks' existing data platform, which could lead to reduced overall expenses for organizations.
Andrew Krioukov, the general manager of Lakewatch, highlighted a critical issue with existing SIEM solutions. He stated that current ingestion costs often force teams to discard up to 75% of their data. This means that while attackers utilize AI to launch sophisticated attacks, defenders are left with only a fraction of their data to analyze. Lakewatch aims to bridge this gap by leveraging its lakehouse architecture, which is designed to manage vast amounts of data efficiently and affordably.
Who's Affected
Lakewatch is particularly relevant for enterprises struggling with high costs associated with traditional SIEMs. Organizations that need to retain large volumes of security data for compliance and threat hunting will find this solution appealing. Analysts believe that while Lakewatch may help reduce costs, the financial benefits could vary depending on how organizations manage their data processing and compute usage.
Stephanie Walter from HyperFRAME Research noted that many organizations are often forced to discard valuable data due to the prohibitive costs of ingestion. Lakewatch's model, which charges based on compute rather than data ingestion, could alleviate some of these financial pressures. However, analysts caution that while costs may decrease, they might simply shift to compute expenses.
What Data Was Exposed
Lakewatch integrates various components to enhance security operations. These include Unity Catalog for governance, Lakeflow Connect for data ingestion, and the Open Cybersecurity Schema Framework (OCSF) for standardizing log formats. This integration transforms the lakehouse into a centralized system for security operations, providing a more comprehensive view of security data.
The added context from this combined data could facilitate automation in security operations, making it easier for enterprises to respond to threats. However, the challenge lies in convincing CIOs and CISOs to adopt this new approach, especially when they may already have established SIEM solutions in place.
What You Should Do
Organizations considering Lakewatch should evaluate their current SIEM costs and data retention needs. It's essential to understand that while Lakewatch could offer significant savings, the transition may require adjustments in how security teams manage their data and compute resources. Early adopters, particularly large enterprises already invested in Databricks, may benefit the most from this new tool.
Building trust through proven use cases will be vital for Databricks as it seeks to position Lakewatch as a credible alternative in the security market. The company's recent acquisitions of cybersecurity startups further indicate its commitment to developing a robust security portfolio, signaling a long-term vision rather than a one-off solution.
CSO Online