On 24 March, Databricks announced Lakewatch, a new open, agentic SIEM designed for AI-driven security operations.

 

This reflects a broader shift in how security platforms are built. Traditional SIEM architectures struggle to scale with growing data volumes, increasing costs, and more advanced threats.

 

Telefónica Tech’s experience of implementing Databricks across multiple large enterprises, combined with our experience of mitigating cyber threats across industries positions us perfectly to assist customers in the implementation of next-generation SIEMs using Databricks Lakewatch. 

 

This approach enables organisations to retain more data, analyse it across systems, and improve detection and investigation within a modern and scalable platform. 

Read the announcement blog Learn about Telefónica Techs partnership with Databricks

  • What Is Databricks Lakewatch?

    Databricks Lakewatch is a dual-platform approach to security analytics.

     

    It combines:

    • An Agentic SIEM platform for real-time monitoring, detection, and alerting  
    • The Databricks Lakehouse Platform for long-term storage, analytics, and AI  

     

    This creates a security data platform that supports:

    • Cost-efficient data retention using Delta Lake  
    • Data normalisation with open schemas (OCSF/ECS)  
    • Advanced analytics and machine learning  
    • Faster and more effective investigations 
    Read our blog on what Databricks Lakewatch is here
    Databricks Lakewatch Launch Diagram

  • Why Databricks Lakewatch?

    A modern security approach requires more than real-time alerting.

     

    Without extending SIEM capabilities, organisations often face:

    • High SIEM ingestion and storage costs
    • Limited retention of historical security data
    • Fragmented data across multiple tools
    • Slow and complex investigations
    • Difficulty applying advanced analytics or machine learning

     

    By introducing Databricks Lakewatch, organisations can:

    • Store large volumes of security data at lower cost
    • Analyse data across multiple systems in one platform
    • Improve detection through machine learning and correlation
    • Support long-term investigations and compliance requirements
    Databricks Lakewatch security analytics dashboard showing real-time threat detection and data monitoring

What’s Included In Our Databricks Lakewatch Service

01 Discovery and Assessment

We assess your current SIEM environment, data volumes, and cost drivers to identify opportunities for optimisation.

01 Discovery and Assessment
02 Architecture Design

We design a Databricks Lakewatch architecture tailored to your environment, including ingestion pipelines, storage, and analytics layers.

02 Architecture Design
03 Data Integration and Normalisation

We integrate data from SIEM and other security tools and apply open schemas such as OCSF and ECS to standardise analytics.

03 Data Integration and Normalisation
04 Platform Deployment and Configuration

We implement Databricks, configure Delta Lake, and establish pipelines for ongoing data ingestion and processing.

04 Platform Deployment and Configuration
05 Analytics and Use Case Enablement

We develop dashboards, queries, and machine learning models to support threat detection, investigation, and reporting.

05 Analytics and Use Case Enablement
06 Optimisation and Managed Services (Optional)

We provide ongoing support to optimise performance, manage pipelines, and evolve analytics capabilities.

06 Optimisation and Managed Services (Optional)

  • Benefits of our approach to Databricks Lakewatch

    • Reduce SIEM Costs
      Offload historical logs to Databricks to lower ingestion and storage costs often by up to 60%.
    • Improve Investigation Speed
      Access and analyse long-term data quickly, reducing investigation time by up to 90%.
    • Increase Visibility Across Security Data
      Bring together data from multiple sources into a single analytics platform.
    • Support Compliance and Audit Requirements
      Retain and query data over extended periods to meet regulatory and audit needs.
    • Enable Advanced Analytics and AI
      Apply machine learning and behavioural analytics to improve detection and reduce false positives.
    Databricks Lakewatch data sources dashboard with integrated cloud and SaaS security systems

Why Choose Telefónica Tech for Databricks Lakewatch

Telefónica Tech combines cyber security expertise with advanced data and AI capabilities to deliver practical, scalable solutions. 

Security and Data Expertise Combined

We bring together security operations knowledge with deep experience in data platforms and analytics.

Proven Approach to SIEM Modernisation

Our structured methodology ensures a smooth transition to a dual-platform model without disrupting existing operations.

Strong Partnership with Databricks

As a partner of Databricks, we help organisations design, deploy, and optimise lakehouse-based security analytics solutions.

End-to-End Delivery and Support

From initial assessment through to managed services, we support every stage of your SIEM modernisation journey.

Team using Databricks Lakewatch to monitor security data and analyse threats in a modern office

Start Your SIEM Modernisation Journey

If you are looking to reduce SIEM costs, improve visibility, and strengthen your security analytics capabilities, Databricks Lakewatch provides a clear path forward.

 

Telefónica Tech can help you design and implement a solution tailored to your environment and requirements.

 

Contact our experts to get started.


Frequently Asked Questions

Databricks Lakewatch is an approach that combines traditional SIEM with Databricks for scalable storage, analytics, and machine learning.

No. Databricks complements SIEM by supporting long-term storage, analytics, and investigation. 

It moves historical data to lower-cost storage, reducing SIEM ingestion and retention costs.

Yes. It supports long-term data retention, auditability, and compliance with regulations such as GDPR and industry-specific standards.

It refers to using AI agents to assist the SOC with tasks such as triaging alerts, producing investigation summaries and suggesting likely next steps helping analysts move faster than rule-only workflows.

Yes. Lakewatch is aligned to OCSF to help normalise different log formats into a consistent structure, making correlation across identity, endpoint and network data easier.

Because data can be retained in cloud object storage for extended periods, teams can keep more historical context available for investigations, hunting and compliance without relying on costly, hard-to-access archive tiers.

Governance is handled through the Databricks platform’s unified catalog and controls, enabling fine-grained access permissions, lineage and auditing to support internal policies and regulatory requirements.

Team investigating cyber threats using Databricks Lakewatch security analytics platform
Blog
The Cyber Resilience Bill Isn’t About Security. It’s About Survival.
Find out more
Team discussing Microsoft Fabric real-time IoT analytics and reporting solutions
Article Blog
Capturing Real-Time Data and Real-Time Reporting in Microsoft Fabric
Find out more
Transforming Data Quality Assurance Through Automation
Find out more
Team investigating cyber threats using Databricks Lakewatch security analytics platform
Article Blog
Only Coal and Horses
Find out more
Blog
AI Can Now Hack. Here’s What You Actually Need to Do About It.
Find out more
Legal and compliance professionals reviewing customer verification documents during a Know Your Customer (KYC) compliance meeting.
Article
Know Your Customer (KYC) in Legal Firms
Find out more