Reimagining SIEM: SAP ECS’s Journey to an Open Security Lakehouse

SAP Enterprise Cloud Services (ECS) is rethinking the traditional SIEM model by building a Security Data Platform with Lakewatch and Anvilogic shifting to an open, AI-ready foundation for cybersecurity.

We’ll walk through how ECS designed and operationalized the platform to replace SIEM-centric workflows with a lakehouse approach that lowers total cost and time to respond using agentic AI. We will discuss the full architecture—routing with Cribl and Kafka, ingestion into Lakewatch, detection engineering in Anvilogic, incident response and reporting. We will close out with agentic AI use cases on the roadmap that are now enabled through the open lakehouse approach.