NAB Co-Designs New SIEM Platform with Databricks

National Australia Bank (NAB) is working with Databricks to co-develop a new Security Information and Event Management (SIEM) platform called Lakewatch, marking Databricks’ first major move into the cybersecurity market.

NAB is one of five “design partners” helping shape the new platform, which is currently in private preview, meaning it is still being tested and refined before a wider public release.

NAB’s Chief Security Officer, Sandro Bucchianeri, said the bank currently processes more than 30TB of security data every day. The bank wants to bring all its security data together into a single platform and combine it with broader enterprise data to improve cyber threat detection and response.

NAB already uses Databricks on Amazon Web Services (AWS) as part of its enterprise data platform called Ada, which manages large-scale data across the organization. Because Databricks was already a core part of NAB’s data infrastructure, the bank began exploring how the platform could also be used for cybersecurity operations. This led to NAB becoming involved in co-designing the new SIEM platform.

The new platform, Lakewatch, is based on a security lakehouse architecture, which combines data lake and data warehouse technologies. This allows organizations to store and analyze massive amounts of security data in one place and use advanced analytics and AI for threat detection.

Databricks said that data from 15 different security vendors can already be integrated into Lakewatch. The platform is also being promoted as an “agentic SIEM”, meaning organizations can build custom AI security agents that can automatically detect threats, investigate incidents, and respond to security events.

According to NAB, working directly with Databricks to design the platform allows the bank to build a cybersecurity system that fits both its current needs and future security challenges.

The development of Lakewatch reflects a growing trend in cybersecurity where companies are moving away from traditional SIEM systems and toward AI-driven, data-platform-based security systems that can handle massive volumes of data and automate threat detection and response.

Other organizations involved in working with Databricks on security initiatives include software company Atlassian, although the other design partners for Lakewatch have not been publicly named.

This collaboration shows how large organizations like banks are increasingly working directly with technology vendors to co-develop cybersecurity tools, especially as cyber threats become more complex and data volumes continue to grow.