Databricks pitches Lakewatch as a cheaper SIEM — but is it really?
Summary
Databricks has introduced Lakewatch, a new open agentic SIEM software, aiming to offer a more cost-effective solution for security analytics compared to traditional SIEMs. The platform proposes a pricing model based on compute usage rather than data ingestion, potentially allowing organizations to retain more data at a lower total cost of ownership.
IFF Assessment
This is good news for defenders as it offers a potentially cheaper and more comprehensive way to analyze security data, enabling better threat detection and response.
Defender Context
Defenders should evaluate new SIEM solutions like Lakewatch for their potential to reduce data retention costs and improve visibility into security events. While it promises cost savings, it's crucial to understand how compute costs might scale with usage and to compare TCO against existing solutions.