Skip to main content
Barracude Networks

CUSTOMER
STORY

Achieving Real-Time, Scalable Threat Detection with Databricks

75%

Reduction in daily processing and storage costs vs. legacy SIEM

<5 Minutes

To deliver alerts to customers after detection

100+

Detection rules and 50+ data sources unified on Databricks

customer story barracuda networks still image

Watch video

Barracuda Managed XDR defends customers against relentless, quickly evolving cyber threats by combining automated detection, expert analysis, and advanced platform engineering. Legacy tools struggled to maintain the scale, speed, and cost efficiency needed in today’s threat environment. With Databricks, Barracuda delivers critical security alerts in less than five minutes, reduces data platform costs by 75%, and empowers its detection engineers to innovate on new threats instead of managing infrastructure.

Meeting the Challenge of Modern Cyber Defense

In 2023, ransomware attacks rose by 95% and nearly half of organizations faced phishing or social engineering incidents. The growing complexity and volume of threats demanded a new approach. “Today’s threat landscape is not just more dangerous, it’s more complex—with AI-driven attacks and thousands of new vulnerabilities overwhelming security teams,” says Merium Khalid, Director, SOC Offensive Security, Barracuda Networks. Barracuda Managed XDR was built to unify detection and response across cloud, enterprise, and SaaS environments with around-the-clock protection, rapid response actions, and a customer security dashboard for transparency and control.

Legacy SIEMs brought high costs and manual detection. “The sheer growth in threat volume and rising costs made it clear we needed a more agile, cost-effective platform that could power detection for thousands of customers in real time,” Merium explains.

Detection Engineering and Real-Time Analytics with Databricks

Barracuda began its Databricks journey in 2020, evolving from a unified data foundation to a modern, automated detection platform. “Databricks gave us a blank canvas to reimagine security engineering as data engineering—letting us ingest, normalize, and act on only the data that drives security value,” says Merium. By leveraging Autoloader, medallion lakehouse architecture, and Lakeflow Jobs, Barracuda quickly unified logs from Microsoft 365, network firewalls, and dozens of sources.

Detection-as-code became the standard: detection logic is now codified in reusable templates, version-controlled in GitHub, validated, and deployed as modular workflows. “Our deployment pipeline lets engineers focus on creating detection rules as code with everything else automated behind the scenes,” Merium shares.

The move to Databricks streaming workflows and Photon enabled real-time performance. Each detection rule can now trigger an automated response—such as account suspension—within minutes. “Every alert, with full processing context, is centrally logged and delivered directly to customer dashboards so teams can act fast,” says Merium.

Faster Response, Cost Savings, and a Scalable Security Platform

Barracuda’s migration to Databricks achieved measurable business outcomes. The team cut average processing and storage costs by 75% versus legacy SIEMs, while delivering alerts to customers in just minutes. “Our detection engineers can focus on new and emerging threats, not on managing infrastructure. The platform lets us quickly onboard and migrate multiple data sources—the scalability has been a game changer,” Merium says.

Barracuda can scale detection to new sources and use cases with automation, unified governance, and modular pipelines. Integration has accelerated to allow onboarding of three new sources at a time, with hundreds of rules managed and deployed automatically. “We’re now able to standardize and automate detection and response, so our customers always benefit from the latest intelligence,” Merium explains.

Looking to the future, Barracuda plans to migrate all remaining sources to Databricks, expand machine learning use for detection, and deepen collaboration within the security community. “Our mission is to stay ahead of threats and protect our customers. With Databricks, we’re building the responsive, scalable defense that today’s digital world demands,” Merium concludes.