Startup Databahn diagnoses security threats by using AI agents to trawl through masses of log telemetry data.
Dallas, Texas-based Databahn was founded in July 2023 by CEO Nanda Santhana and President Nithya Nareshkumar. Security specialist Santhana came out of the University of Southern California in 2005 with an MS in Engineering and Industrial Management, and joined security company Vaau as a founding member. It was bought by Sun in 2008 to bolster its identity management offerings and he became a regional manager, progressing to Tech Fellow when Oracle bought Sun in 2010. He became a founding member of Securonix, which developed cyber threat detection using machine learning and big data analytics, and stayed there almost 12 years until Databahn was born.
Finance-oriented Nithya Nareshkumar spent 13 years at JP Morgan, finishing as an executive director for wealth management, and then joined The Depository Trust & Clearing Corp (DTCC) as exec and then Managing Director. She left to co-found Databahn with Santhana, as well as investing in early stage startups. The pair reckoned they could build a better way to collect and secure telemetry data by separating it from traditional SIEM (Security Information and Event Management) security platforms and security lakes – think Databricks and Snowflake, which can have high subscription and license fees. Databahn claims it can reduce security telemetry costs by half.
Using seed funding from GTM Capital, Databahn developed its DataBahn.ai offering, using AI and data orchestration to manage distributed security information better, and improve threat detection and analysis. It developed its Cruz AI agent, a self-described data-engineer-in-a-box, to automate processes like log discovery, data onboarding, normalization, transformation, optimization, and operational monitoring. Cruz autonomously keeps track of new event types, automatically addressing schema drifts and format changes, and transforming data into any data model such as CIM, ECS, or OCSF.
What Databahn had developed was a security log data pipeline with a data fabric concept. It saw that businesses were collecting petabytes of logs, alerts, and telemetry but they “typically analyze less than 5 percent of it.” That spelled out an AI large language model (LLM) or agent opportunity. Databahn launched its Reef product to ingest the petabytes of log data and filter, identify, contextualize, and prioritize the high-value data there, in real time, writing it directly to enterprise-owned data lake infrastructure.
It adopted the Model Context Protocol (MCP) to integrate Reef with Cruz AI and has now gained interest from Series A venture capitalists, raising $17 million from Forgepoint Capital, assisted by S3 Ventures and returning investor GTM Capital, taking total funding to $19 million. Databahn will use the cash to develop “autonomous agents that learn from enterprise data flows to automate data engineering tasks – and support global expansion as the company establishes itself as the trusted foundation for enterprises seeking clarity, control and composability in their data pipelines.”
It says it can manage and operationalize telemetry across security, observability, IoT/OT, and AI ecosystems. This will enable “organizations to seamlessly integrate, govern and optimize data pipelines from any source to any destination—with one-click simplicity and enterprise-grade control.“
New “Phantom agents collect telemetry without deploying traditional agents, avoiding footprint bloat and preserving compute resources.” Its software will parse, enrich, and suppress noise at scale and provide federated search capabilities to deliver persona-based insights, beyond just using SQL queries.
Santhana said: “We’re building the foundation for a new era of observability, one where data is not just moved, but understood, enriched and made AI-ready in real time.”
Comment
Analyzing large-scale SIEM telemetry data looks like a great match for AI agent capabilities with proprietary data, a well-defined workload space and ransomware/malware detection ranking high on every organization’s list of concerns. For data protection companies that have pivoted to becoming cyber-resilience suppliers, such as Cohesity, Commvault, Druva, Rubrik, and many others, a company like Databahn could represent a great tuck-in acquisition opportunity – as it could for established security vendors as well.
