How a bank strengthened cybersecurity using Databricks
By upgrading its SIEM platform to address gaps.
Cybersecurity is hard. Shrinking budgets. Growing attack surfaces. Unending threat vectors. So this bank decided to upgrade its SIEM with off-the-shelf tech.
I met Lavy Stokhamer earlier today for a chat, and he shared the astounding story of how Standard Chartered Bank (SCB) upgraded its SIEM with a unified analytics platform.
Yes, that's Databricks for you.
Intrigued? No kidding - I was too.
Cyber outcomes
This sounds rather whimsical but is firmly grounded in facts. The solution built on Databricks yielded the following:
- 80% reduction in time to detect incidents.
- 92% faster threat investigation.
- 60% better detection accuracy.
- 35% cost reduction.
All thanks to the cutting-edge Databricks solution built by his team.
The tech landscape is changing
But wait. What's the link between data and cybersecurity? The premise here is relatively straightforward.
a. AI and data transformation is ongoing, which will impact cybersecurity domains in both positive and negative ways.
b. Since the birth of the firewall, cybersecurity has always been inextricably tied to data.
- IPS/DDoS.
- Malware signatures.
- Behaviour analytics.
- Traditional SIEM.
- Cloud-native SIEM.
Since all roads lead back to the data (b), why not take a proactive approach in the face of change (a) and leverage an advanced data platform to bolster cybersecurity?
Next-gen, self-managed SIEM
Lavy couldn't share specific details, but he did confirm the following.
- What the team built isn't a replacement for the existing SIEM, which continues to be used. However, it was to address gaps that were identified. One initiative brought down false positives.
- The idea is to find alignment with the existing tech stack to derive greater value. With Databricks, the team benefitted from its rich data connectors, high-performance data lake, data governance and AI capabilities.
- A proactive culture with a "make things happen" attitude is required for this to work. Team members must be willing to explore and learn new skills.
Closing advice to cybersecurity professionals?
Be less reactive and more proactive. Don't wait for new threats to hit first - prepare for them ahead of time. What do you think?
PS: I'm in SF for Databricks Summit 2025 for a couple of days.
