Case Study: SAP achieves AI-powered threat detection at enterprise scale with Databricks

Transforming threat detection with AI insights at scale

SAP Enterprise Cloud Services (ECS), part of SAP, manages one of the world’s largest private clouds with over 200,000 virtual machines, but its legacy SIEM could not keep pace with growing data volumes, high ingestion costs, manual threat detection work, and limited MITRE ATT&CK coverage. SAP turned to Databricks, working with Anvilogic’s AI-powered threat detection capabilities on the Databricks Data Intelligence Platform to improve visibility and security operations.

Databricks helped SAP ECS implement a phased, AI-driven detection architecture that integrated with Splunk, routed high-volume telemetry into Databricks, and ultimately moved to a Databricks-native model. The solution automated SPL-to-SQL translation, expanded detection coverage, reduced engineering time, lowered ingestion costs, and enabled faster, more accurate threat response with AI-assisted validation and tuning.

SAP

Roland Costea

Chief Information Security Officer (CISO)