Unlocking Data Intelligence for Cyber Security

SAP Enterprise Cloud Services (ECS) is rethinking the traditional SIEM model by building a Security Data Intelligence Platform shifting from a bottleneck to an open, AI-ready foundationfor cybersecurity.We’ll walk through how ECS designed and operationalized the platform to replace SIEM-centric workflows with a lakehouse approach that lowers total cost while improvingspeed and coverage.We will discuss the full architecture—routing with Cribl and Kafka, normalization with Lakeflow Declarative Pipelines, CI/CD with Databricks Asset Bundle as well as governance with Unity Catalog, to search in Lakewatch.We’ll then dive into how ECS reduced the “detection engineering tax” by modernising detection engineering with the Anvilogic integration for Databricks. The mission of the platform is to bring a use case from idea into production in 5 days.