NAB Is Co-Designing a SIEM with Databricks

The SIEM market is at a turning point as organizations grapple with exploding data volumes and the need for real‑time analytics. Traditional SIEMs, built on relational databases, struggle to scale, prompting a shift toward lakehouse architectures that combine the flexibility of data lakes with the performance of warehouses. Databricks, a leader in unified data analytics, is leveraging this trend by extending its lakehouse technology into security, promising faster ingestion, richer context, and more sophisticated machine‑learning models for threat detection.

NAB’s involvement underscores the practical demand for such capabilities. By feeding more than 30 TB of security logs daily into its Ada platform, the bank seeks to break down silos between network, endpoint, and cloud telemetry. Lakewatch’s “agentic” design lets security teams build custom agents that automatically triage alerts, reducing analyst fatigue and accelerating response times. The private preview phase allows NAB to shape features—such as cross‑domain correlation and integrated incident workflows—directly aligned with its cyber‑defence roadmap, while also testing scalability at enterprise scale.

For Databricks, Lakewatch represents a strategic entry into a $15 billion‑plus SIEM market dominated by incumbents like Splunk and Palo Alto Networks. By partnering with high‑profile design partners and integrating data from 15 security vendors, Databricks can showcase interoperability and accelerate adoption across other enterprises. If the platform delivers on its promise of unified, agent‑driven security analytics, it could pressure traditional vendors to modernize their stacks and accelerate the broader industry shift toward lakehouse‑centric security operations.