Announcing Data Intelligence for Cybersecurity

Today, we’re thrilled to announce the launch of Data Intelligence for Cybersecurity— the Databricks platform designed to put advanced, agentic AI at the core of modern cyber defense. In a world where attacks are faster and more dynamic than ever, organizations need more than just incremental tooling—they need intelligent agents, powered by unified, enterprise-wide data, to rapidly detect, investigate, and respond to threats before they escalate.

With Data Intelligence for Cybersecurity, security teams can seamlessly unify, govern, and activate every signal across IT, security, and business systems—all within a single open lakehouse. Agent Bricks allows organizations to deploy secure, production-ready AI agents that automate detection and triage, while powerful self-service analytics tools empower every practitioner to explore data, build detections, and collaborate in real time. Through deep integrations and an open partner ecosystem, Databricks connects with existing security stacks to maximize flexibility, coverage, and innovation—making it possible to move from siloed, reactive defense to proactive, AI-augmented cyber operations at scale.

Already trusted by Fortune 500 leaders and innovative security teams across industries, Data Intelligence for Cybersecurity enables CISOs and security leaders to finally break through the friction of data silos, alert overload, and costly legacy SIEM architectures. Our platform democratizes real-time cyber insights, automates detection and response with Agent Bricks, and gives every security stakeholder—from analyst to executive—AI-powered insights for modern threats.

How Databricks is Reshaping the Future of Cybersecurity

Security today is a data problem at its core. Databricks sets a new standard with:

• Agent Bricks for AI Cyber Agents: Build secure, production-ready AI agents that handle repetitive detection, triage, and investigation—learning and evolving with each new threat.
• Unified Security Data Foundation: Aggregate, govern, and activate security, IT, and business data from any source—cloud, endpoint, API, SaaS, legacy systems—in an open lakehouse.
• Lakebase for Real-Time SecOps: Power real-time threat intelligence, case management, and vulnerability workflows with a fully managed cloud database that delivers fast, reliable analytics at lakehouse scale.
• Self-Service Security Insights: With Databricks One and AI/BI Genie, everyone—from practitioners to non-technical executives—can ask natural language questions, access dashboards, and drill into events, without code or data science bottlenecks.
• Open, Modular, and Governed: Avoid platform lock-in with open standards, industry-leading governance (Unity Catalog, DASF 2.0), and seamless integration to your SIEM/SOAR/XDR stack.

“Cybersecurity is fundamentally a data problem. We built Data Intelligence for Cybersecurity so every enterprise can unify security, IT, and business data in a governed security lakehouse, and harness advanced AI with Agent Bricks for real-time detection and automated response. No one else is better positioned to address this problem. Databricks customers can cut SIEM costs by up to 80% and move from reactive alert-chasing to intelligent, efficient defense. With Databricks, your data platform becomes your strongest defense.” — Omar Khawaja, VP of Security and Field CISO Databricks

The Three Pillars of Data Intelligence for Cybersecurity

1. Efficient SecOps at Scale with Agent Bricks

Responding to AI-driven threats demands AI-powered automation. With Agent Bricks, users can build and deploy customizable AI agents for triage, enrichment, and response—boosting speed and reducing alert fatigue.

Modern threats move at machine speed, and adversaries leverage automation and AI to bypass traditional controls. To keep pace, security operations don’t need more tools, but integrated intelligence and agentic automation giving analysts the right data at the right time. Databricks uniquely delivers these capabilities at scale— reducing costs, accelerating response, and amplifying human expertise.

AI Agents for triage and detection: Agent Bricks enables secure, production‑ready AI agents for cyber defense— automating alert triage, investigation, and response so SOC teams can act faster, reduce noise, and adapt to emerging threats in real time—freeing analysts for higher-impact work.

Automated contextual enrichment: Seamlessly integrate with SOAR, SIEM, EDR and other platforms; orchestrate cross-channel response actions, and summarize incidents with precision and consistency.

Operational resilience at scale: Cut SIEM costs by up to 80%, reduce mean time to detect/respond (MTTD/MTTR) by up to 90%, and eliminate redundancy by automating repetitive tasks across the SOC.

Continuous optimization and governance: Unity Catalog, DASF, and adaptive agent frameworks ensure all automation and data sharing is secure, audit-ready, and continuously refined for quality and compliance.

2. Self-Service Security and Data Insights

Cyber resilience demands that analysts, as well as business and risk leaders, can access and act on real insights in real time. Databricks democratizes this with powerful, code-free dashboards and AI-powered search. True cyber resilience hinges on empowering every analyst, detection engineer, and business leader to access and act on data—without waiting in line for data engineering support. Democratizing analytics is the difference between proactive defense and reactive firefighting. Databricks enables this with:

Databricks One and AI/BI Genie bring real-time, AI-powered security insights to everyone: Both security and business users can access unified dashboards, monitor risk, and ask natural language questions—all in a simple, code-free interface governed for compliance and privacy.

Self-service analytics: Analysts use SQL, Python, natural language, and visual tools to access, harmonize, and investigate unified data on demand—no more data science gatekeeping or delayed investigations.

Federated access, instant enrichment: Enable lightning-fast pivots, root cause analysis, and threat hunting, with context-rich linking of user, asset, and business data at any scale.

Actionable dashboards and collaboration: Build and share real-time dashboards, notebooks, and detections—fueling faster decision-making from the SOC to the C-suite.

No bottlenecks, only agility: Security professionals roll out, test, and tune detections and analytics directly—removing operational bottlenecks and improving overall team velocity.

“Each detection rule can now trigger an automated response—such as account suspension—within minutes. Every alert, with full processing context, is centrally logged and delivered directly to customer dashboards so teams can act fast.” -Merium Khalid, SOC Offensive Security, Barracuda Networks

3. Unified Security Data Foundation

Fragmented data holds security teams back. The modern enterprise operates in a dispersed, multi-cloud, multi-vendor environment where data fragmentation is the enemy of security. Without a unified data foundation, threats go undetected, data remains siloed, and compliance risks pile up. 

“With Anvilogic on Databricks, we process threats faster than ever — reducing engineering time by 80% and increasing rule deployment speed 5–6x. We’ve gained speed, visibility, cost savings and full control over our data.” — Roland Costea, Chief Information Security Officer (CISO) - Enterprise Cloud Services (ECS), SAP

A unified security data foundation grants teams the full-spectrum visibility needed for advanced detection and rapid, accurate investigations. With Databricks, every security event, user activity, and business context is consolidated for context-rich threat hunting and forensics. A Unified Security Data Foundation with Databricks offers: 

Real-time data unification: Accelerate threat intelligence, case management, and vulnerability tracking with Lakebase, a fully managed, serverless Postgres database that brings real-time OLTP reliability and seamless lakehouse-scale analytics to every layer of security operations.

Centralized telemetry: Aggregate all security, IT, and business data—structured, semi-structured, and unstructured—across cloud, endpoint, SaaS, and legacy sources, removing blind spots and enabling a “single source of truth.”

Open and scalable architecture: Databricks leverages lakehouse principles and open standards (Delta Lake and OCSF) to support petabyte-scale analytics, flexible ingest, and future-proof integration.

Delta Lake allows us to not only query the data better but to also acquire an increase in the data volume. We’ve seen an 80% increase in traffic and data in the last year, so being able to scale fast is critical.— Tomer Patel, Engineering Manager, Akamai

Governed and compliant by design: Built-in Unity Catalog provides fine-grained access controls, lineage, and audit trails, meeting the most rigorous regulatory and operational requirements.

Accelerated context and readiness: Contextualize security telemetry instantly with business and asset data—giving every analyst richer context for threat hunting, response, and compliance.

With Databricks, your organization’s data lakehouse becomes your security lakehouse: a foundation that delivers the breadth and depth modern defense demands.

Data Intelligence in Action: Customer Impact Highlights

SAP Enterprise Cloud Services (ECS) + Anvilogic
Managing 200,000+ VMs, SAP ECS needed to overcome SIEM barriers to cost, scale, and detection speed. Deploying Anvilogic on Databricks, they automated detection engineering, cut rule deployment time by 5–6x, and delivered real-time insights both internally and to customers.

With Anvilogic on Databricks, we process threats faster than ever - reducing engineering time by 80% and increasing rule deployment speed 5–6x.— Roland Costea, Chief Information Security Officer (CISO), SAP ECS.

Arctic Wolf
Arctic Wolf processes over 8 trillion security events weekly and protects 10,000 organizations using AI-driven security operations on Databricks, empowering thousands of experts to deliver faster detection and response while reducing operational overhead and unifying data for more effective threat protection.

We support thousands of organizations and handle over 8 trillion security events per week. AI and automation let us do more with the same team - reducing mean time to detect, triage and resolve, but always emulating and amplifying our domain experts.—Michael Mylrea, AI Fellow & Architect, Arctic Wolf

Barracuda Networks 
Barracuda Networks reduced daily processing and storage costs by 75% compared to legacy systems and delivered customer alerts within five minutes, unifying 100 detection rules and 50 data sources on Databricks to enable rapid, scalable, automated cyber threat defense at lower cost.

Databricks transformed our detection engineering - from real-time alerting to cost savings, and, most importantly, the ability to defend customers at scale. We’re able to standardize and automate detection and response, so our customers always benefit from the latest intelligence.— Merium Khalid, Director, SOC Offensive Security, Barracuda Networks

Rivian 
Facing 10TB of security data daily and rising SIEM migration costs, Rivian built the TRAILS platform on Databricks. In just four months, they achieved 60% SIEM cost savings, unified more than 100 data sources, and empowered real-time, scalable security operations.

Lowering our SIEM costs by 60% while migrating 7–10TB of daily data from over 100 sources in under four months was only possible because Databricks gave us full control, scalability, and real-time detection.— Chris Mandich, Director, Cybersecurity Operations, Rivian.

Palo Alto Networks 
Palo Alto Networks adopted Databricks to unify fragmented security data and accelerate AI-powered threat detection features by 3x. The platform reduced operational costs and enabled proactive, real-time security insights across their global cloud ecosystem.

With Databricks, we’ve turned data complexity into an advantage. The platform’s scalability has reshaped our approach, accelerated our security innovation and helped us to deliver impactful features to customers with unprecedented speed.— Krishnan Narayan, Senior Distinguished Engineer, Palo Alto Networks.

Akamai 
Akamai reduced security event data ingestion time from 15 minutes to under 1 minute and now achieves over 85% of customer queries with responses under 7 seconds, enabling real-time analytics at scale for 30% of the internet’s traffic using Databricks SQL and Delta Lake.

Delta Lake allows us to not only query the data better but to also acquire an increase in the data volume. We’ve seen an 80% increase in traffic and data in the last year, so being able to scale fast is critical.— Tomer Patel, Engineering Manager, Akamai

Data Intelligence for Cybersecurity: Partner Ecosystem & Open Architecture

Databricks’ cybersecurity ecosystem is powered by a dynamic network of technology and service partners, each delivering specialized solutions built on or connected to the Data Intelligence Platform. From innovative AI automation, to data ingest and advanced data governance, these partners extend the power of Databricks with real-time security analytics, streamlined operations, and seamless integrations—helping organizations unlock unified defense and agility at scale. Discover how our partner community elevates every facet of modern security.

Abnormal AI 
AI-native email security
Abnormal AI uses Databricks to boost real‑time email security, streamline analytics, and improve operational efficiency for advanced threat detection—across multiple AWS workspaces with standardized policies and monitoring.

Accenture Federal Services 
Architecting next-gen federal solutions
Accenture Federal Services and Databricks are partnering to help build the future of secure AI bringing together the Lakehouse architecture with mission-critical defense expertise and capabilities. The partnership is helping federal agencies move beyond reactive defense to proactive, AI-driven security.
Solution: Dark Light

We're accelerating integration with partners like Databricks to help co-engineer new standards for federal cybersecurity and secure AI. The fusion of Databricks' Data Intelligence Platform with our deep federal expertise, delivers an advantage for cyber defenders. This is how we modernize at the speed of AI and win the data war in the federal space.— Amanda Satterwhite, Cyber Practice Lead, Accenture Federal Services

ActiveFence 
AI safety guardrails for Databricks Mosaic
ActiveFence integrates with Databricks to secure LLM agents in real time, blocking malicious prompts and enforcing policy across 117+ languages.
Blog: Building Safer AI Agents on Databricks with ActiveFence Guardrails

Alpha Level 
AI-native security automation
Alpha Level leverages Databricks infrastructure and security-focused AI, vastly reducing risk to organizations by automating many of the repetitive tasks in threat detection and response.

Anvilogic 
AI SOC, powered by Modular Detection Engineering
Anvilogic integrates with Databricks to deliver end-to-end, AI-powered SOC workflows—spanning data onboarding, detection logic development, behavioral rule execution, and automated triage.
Customer Story: Transforming threat detection with AI insights at scale

Arctic Wolf
Scalable SOC intelligence
Arctic Wolf’s Aurora Platform uses Databricks to process trillions of security events, unifying diverse telemetry and accelerating AI-driven threat detection for over 10,000 customers worldwide.
Press Release: Arctic Wolf Aurora Platform on Databricks Data Intelligence Platform

Cybersecurity is increasingly a data challenge, shaped by the scale, speed, and diversity of telemetry across modern environments. The Aurora Platform processes over 8 trillion security events each week, and Databricks is part of the foundation that allows us to unify and analyze this data in real time - enabling Arctic Wolf to scale the platform, accelerate AI innovation, and expand our AI-powered SOC to deliver faster threat detection, more reliable protection, and outcomes that security teams can trust. — Dan Schiappa, President, Technology and Services, Arctic Wolf

BigID
Sensitive data discovery and governance
BigID integrates with Databricks for automated identification, classification, and masking of sensitive data. BigID maps compliance frameworks including Databricks AI Security Framework (DASF) 2.0 to data policies, allowing granular governance and privacy controls across data lakes and cloud environments.

DataBahn
Telemetry pipeline and data orchestration
Databahn unifies and optimizes security telemetry for Databricks, automating data movement and operations while delivering clean, enriched data for analytics, compliance, and AI at scale.
Blog: The Next Era of Data Intelligence

Enterprises are at a crossroads where cybersecurity must keep pace with the speed of evolving threats. Partnering with Databricks demonstrates what’s possible when AI-native pipelines converge with a modern data intelligence platform. This is not just an integration - it’s the blueprint for the next era of security operations. We see security data not as something to simply store, but as a strategic resource to harness - unlocking real-time insights that drive faster, smarter decisions.— Aditya Sundararam, Chief Product Officer, DataBahn

DataNimbus 
Modernize your core with intelligent, AI-powered solutions
DataNimbus helps enterprises accelerate transformation with Databricks-native solutions—delivering faster pipeline development, real-time AI insights, and scalable analytics to drive innovation and business value.

Deloitte 
End-to-end cloud and AI modernization
Deloitte’s unified approach leverages Databricks to optimize SIEM/SOAR systems and effectively collect, analyze, and visualize network and security information. With cost-effective storage and processing, Deloitte enables organizations to address long-term incident investigations, threat hunting, and growing data volumes.
Solution: Cyber Data Optimization
Blog: Strengthening Cyber Resilience through Efficient Data Management

It’s critical for businesses to integrate advanced data intelligence into cybersecurity strategies. Our alliance with Databricks helps enable organizations to fully utilize AI-driven insights, helping them transform their security operations to meet the challenges of today's digital landscape. Together, we are paving the way for a more secure and resilient future. —Adnan Amjad, US Cyber leader at Deloitte

Entrada
AI-powered security data management
Entrada offers full-stack Databricks implementations for centralized SIEM data monitoring, robust AI analytics, and cost-effective compliance, using proprietary graph networks and LLMs for threat detection.
Solution: Gatehouse Security

HiddenLayer 
Security for the entire AI lifecycle
HiddenLayer secures agentic, generative, and predictive AI  applications across the entire lifecycle — protecting IP, ensuring compliance, and enabling safe adoption at enterprise scale.
Blog: Integrating HiddenLayer’s Model Scanner with Databricks Unity Catalog

Noma Security
Enterprise-grade AI and agent security
Noma Security is the only platform purpose-built to secure and govern enterprise AI and agents, enabling cybersecurity organizations to rapidly and confidently adopt AI at scale.
Blog: Databricks and Noma Security Partner to Secure the Enterprise AI Lifecycle
White Paper: 10 Steps to Secure AI with Databricks AI Security Framework

The cyber challenge of our time is agentic AI security at enterprise scale. As waves of AI agents and models are deployed, they need systematic risk visibility and control woven into their DNA. Together, Noma Security and Databricks are ready for this challenge. We are defining AI security from ad-hoc checkpoints to proactive guardrails embedded across enterprise AI. With deep visibility, security posture management, and automated policy enforcement aligned with frameworks like the Databricks AI Security Framework (DASF), our joint customers can unlock the full transformative power of AI with confidence and speed.— Niv Braun, Noma Security Co-founder and CEO

Obsidian Security 
Unified SaaS data protection
Obsidian Security strengthens Databricks applications with SaaS security and threat detection, enabling enterprises to run real-time AI and analytics at scale with confidence, data protection, and built-in compliance.

Panther 
Transform cloud noise into security signal
Panther is the AI-powered SIEM that scales with your Databricks Security Lakehouse. It unifies security data, automates monitoring with code-driven workflows, and uses AI agents to help teams transition to autonomous security operations.

Every organization has unique security needs and data architectures. This partnership with Databricks gives our customers unprecedented choice and flexibility - whether you're cloud-native or hybrid, we're meeting you where you are and giving you the tools to scale security operations on your terms.— William Lowe, CEO, Panther Labs

PointGuard AI 
Comprehensive AI security and governance
PointGuard AI provides deep integration with Databricks to discover, harden, and continuously monitor AI assets, models, and agents - securing MLOps pipelines and enforcing policy across the AI lifecycle.
Customer Story: Finastra Establishes AI Security and Governance

Rearc 
Cyber Intelligence on Databricks implementation
Rearc has supported multiple leading firms as they migrate or augment their traditional SIEMs with Cyber Intelligence on Databricks. Rearc offers expert professional services alongside a library of prebuilt security content, accelerators, and AI tools to drive security transformation.
Solution: Cyber Intelligence on Databricks

Securiti AI 
Data command center analytics
Securiti Data Command Center provides full visibility and controls on an enterprise’s entire data and AI landscape, across hybrid cloud and SaaS. 

SPLX
Continuous AI red teaming and security
SPLX delivers automated red teaming for Databricks AI apps and models, exposing hidden risks and hardening defenses from development to deployment.

Theom
Automated unstructured and structured data and AI governance and security Theom uses Databricks for real-time risk detection, automated policy enforcement, and scalable governance and security across unstructured and structured cloud and on-premises data.

Varonis
Data security
Varonis utilizes Databricks’ open lakehouse to deliver scalable data discovery and classification, automated remediation, and data-centric threat detection for hybrid and cloud infrastructure.

Securing the massive datasets that fuel AI is a challenge and a necessity. Organizations rely on Databricks for scalable analytics and Varonis to continuously discover, classify, and protect sensitive data. With our integration, we have streamlined access governance and real-time threat detection across the Databricks Data Intelligence Platform. Companies can gain end-to-end visibility and proactive data security for their critical business data with Varonis and Databricks. — David Bass, EVP of Engineering and CTO at Varonis.

ziggiz 
Let your data do the work 
ziggiz uses Databricks to unify enterprise security data and automate up to 90% of SOC workflows, helping teams detect and respond to threats faster through intelligent automation.

Data Intelligence is Secure by Design

Databricks integrates Unity Catalog for granular governance and the principles of the DASF 2.0 for AI risk management—ensuring compliance, secure automation, and transparency at every layer. Your data is never locked in, and your security strategy evolves with your business, not vendor constraints. From access controls and audit trails to AI model lineage and continuous policy enforcement, security is embedded across the platform—not bolted on. This unified approach empowers organizations to meet the most demanding regulatory requirements, adapt to emerging risks, and confidently scale data-driven innovation—all while maintaining full ownership and control over their information

By embedding AI and security natively—not bolting it on—Databricks empowers enterprises to:

• Accelerate detection and response: Unified data foundation and real-time analytics allow for faster threat identification and mitigation.
• Enforce compliance effortlessly: Automated governance and granular controls keep data protected and audit-ready, eliminating gaps and manual work.
• Scale securely: Organizations evolve defenses at the pace of cloud and AI, confident that security and privacy remain uncompromised.
• Maintain control: Full data ownership and transparent automation let companies innovate without vendor constraints or hidden risks.

With Databricks, security is not an add-on—it’s the engine that drives intelligent, resilient cyber defense at scale.

Getting Started

1. Map Your Landscape: Identify silos, cost drivers, and highest-impact use cases.
2. Engage with Databricks: Workshops, Brickbuilder Solutions and Accelerators for your stack—sidecar, parallel, or backbone.
3. Integrate and Pilot: Modular deployments; start augmenting your SIEM/SOAR quickly, scale securely.
4. Empower Your Teams: Roll out Databricks One, AI/BI Genie, Lakebase and Agent Bricks.

Your Data, Your Defense—Ready to Learn More?

With Databricks, unify every security signal, empower your teams, and set new standards for cyber agility, resilience, and value.

Ready to see your data become your most powerful security asset? Contact us for a demo or join our next Data + AI Cybersecurity event.

Read the eBook

With Databricks, you don’t just modernize security—you future-proof it with unified data, secure AI with Agent bricks, real time data with Lakebase and industrial-grade automation. Welcome to the new standard for intelligent cyber defense.