The agentic SIEM shifts costs from ingestion to compute, promising cheaper retention and deeper analytics on enterprise security data.

InfoWorld is a source of news, analysis, and commentary on technology trends, IT strategies, and business innovation. With a focus on enterprise technology and digital transformation, InfoWorld offers insights and guidance for IT decision-makers, software developers, and technology professionals. From  articles on cloud computing and cybersecurity to product reviews and industry trends, InfoWorld helps readers navigate the complexities of modern IT environments and make informed decisions to drive business success.

InfoWorld

Databricks has previewed Lakewatch, an open agentic SIEM built on its lakehouse architecture. Unlike traditional SIEMs that charge per data ingested, Lakewatch charges based on compute usage, which Databricks claims can reduce total cost of ownership by up to 80% while enabling retention of years of queryable security data. Analysts partially agree — the ingestion cost problem in legacy SIEMs is real — but warn that costs shift to compute rather than disappear, and uncontrolled usage could negate savings. Lakewatch integrates Unity Catalog, Lakeflow Connect, and the Open Cybersecurity Schema Framework (OCSF) to centralize security operations. Analysts see it as more likely to complement existing SIEMs than replace them in the near term, with early adoption expected from large enterprises already on Databricks. The company's acquisitions of Antimatter and SiftD.ai suggest a broader long-term security portfolio ambition.

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?