Databricks takes on security and a whole new buyer
Databricks has spent over a decade establishing itself as a cloud data platform company. This week, the company announced a new cybersecurity product that will put it in front of an entirely different buyer: the CISO. The new Lakewatch product is predicated on the idea that security is increasingly a data problem, especially in the agentic era.
The company describes Lakewatch as an "open, agentic SIEM (Security Information and Event Management) designed to help organizations defend against increasingly sophisticated agent attackers." It will ingest security data from a variety of more traditional cybersecurity sources like Okta, Zscaler and Palo Alto Networks, while providing a centralized data-driven view of security across a company.
That sounds great, but Databricks has traditionally stuck to the data management side of the house. Even if you accept the company's premise, the question remains whether Databricks can credibly move into the security market.
Devin Pratt, an IDC analyst who follows the database market, thinks this move makes sense from a technical standpoint. "This is less about Databricks wandering out of its lane and more about the lane itself changing," Pratt told FastForward. "IDC is seeing a broader shift toward operationalizing agentic AI safely at scale by bringing retrieval, governance and automation closer to core data platforms. Lakewatch fits that pattern."
That's also how Databricks CEO Ali Ghodsi sees it. "With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools. Defenders must have even better visibility and speed than today’s agent attackers," he said in a statement.
The new buyer
The real issue might not be technical, but how the company sells its products. Databricks has typically targeted roles like chief data and analytics officers or heads of AI. Lakewatch shifts the company's focus to CISOs and cybersecurity personnel, who have very different requirements.
Sanjeev Mohan, a former Gartner analyst who now runs his own shop, SanjMo and has covered database technologies for many years, says it will require a different sales motion. "It’s a different GTM. Selling to infosec, DevOps and SRE teams is very different from selling to analytics or business users. That’s something they would need to develop,” he said.
That’s not impossible, but it’s a challenging shift from how the company has traditionally approached sales and marketing. If it can expand into an adjacent market without losing focus on its core data platform, that creates a new growth lever, something that could matter ahead of an eventual IPO. But the risk is that the organization drifts too far from the foundation that made it successful in the first place.
