Overview

Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization’s shared goals.

Datadog Security includes:

• Cloud SIEM
• Code Security
• Cloud Security
• App and API Protection
• Workload Protection
• Sensitive Data Scanner

To learn more, check out the 30-second Product Guided Tour.

Cloud SIEM

Cloud SIEM (Security Information and Event Management) detects real-time threats to your application and infrastructure, like a targeted attack, an IP communicating with your systems which matches a threat intel list, or an insecure configuration. Cloud SIEM is powered by Datadog Log Management. With these areas combined, you can automate remediation of threats detected by Datadog Cloud SIEM to speed up your threat-response workflow. Check out the dedicated Guided Tour to see more.

Code Security

Code Security scans your first-party code and open source libraries used in your applications in both your repositories and running services, providing end-to-end visibility from development to production. It encompasses the following capabilities:

• Static Code Analysis (SAST) for identifying security and quality issues in your first-party code
• Software Composition Analysis (SCA) for identifying open source dependencies in both your repositories and your services
• Runtime Code Analysis (IAST) for identifying vulnerabilities in the first-party code within your services
• Secret Scanning for identifying and validating leaked secrets (in Preview)

Code Security helps teams implement DevSecOps throughout the organization:

• Developers: early vulnerability detection, code quality improvements, faster development as developers spend less time debugging and patching.
• Security Administrators: enhanced security posture, improved patch management in response to early vulnerability alerts, and compliance monitoring.
• Site Reliability Engineers (SREs): automated security checks throughout CI/CD workflow, security compliance, and system resilience. SAST reduces manual overhead for SREs and ensures that each release is thoroughly tested for vulnerabilities.

Cloud Security

Cloud Security delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered.

Cloud Security includes Workload Protection, Misconfigurations, Identity Risks, and Vulnerabilities. To learn more, check out the dedicated Guided Tour.

To get started with Datadog Security, navigate to the Security > Setup page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform.

App and API Protection

Datadog App and API Protection (AAP) provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). AAP leverages Datadog APM, the Datadog Agent, and in-app detection rules to detect threats in your application environment. Check out the product Guided Tour to see more.

In addition to threat detection, Datadog provides end-to-end code and library vulnerability detection from development to production with Code Security, which includes the following capabilities:

• Static Code Analysis (SAST) for identifying security and quality issues in your first-party code
• Software Composition Analysis (SCA) for identifying open source dependencies in both your repositories and your services
• Runtime Code Analysis (IAST) for code-level vulnerabilities in your services

Workload Protection

Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of Workload Protection with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads.

• Proactively block threats with Active Protection.
• Manage out-of-the-box and custom detection rules.
• Set up real-time notifications.
• Investigate and remediate security signals.

Sensitive Data Scanner

Sensitive Data Scanner can help prevent sensitive data leaks and limit non-compliance risks by discovering, classifying, and optionally redacting sensitive data. It can scan for sensitive data in your telemetry data, such as application logs, APM spans, RUM events, and events from Event Management. It can also scan for sensitive information within your cloud storage resources.

After you set up Sensitive Data Scanner, use the Summary page to see details of sensitive data issues that have been identified, so that you can triage, investigate, and remediate the issues.

Further Reading

Additional helpful documentation, links, and articles:

Check out the latest Datadog Security releases! (App login required).RELEASE NOTES See a Product Guided TourGUIDED TOUR Begin detecting threats with Cloud SIEMDOCUMENTATION Start tracking misconfigurations with Cloud Security MisconfigurationsDOCUMENTATION Uncover kernel-level threats with Workload ProtectionDOCUMENTATION Read about security-related topics on Datadog's Security Labs blogSECURITY LABS Join an interactive session to elevate your security and threat detectionFOUNDATION ENABLEMENT Elevate AWS threat detection with Stratus Red TeamBLOG Best practices for securing Kubernetes applicationsBLOG Best practices for network perimeter security in cloud-native environmentsBLOG Best practices for data security in cloud-native infrastructureBLOG Security-focused chaos engineering experiments for the cloudBLOG Datadog's approach to DevSecOpsBLOG Investigating a complex denial-of-service attackBLOG Tips to optimize and secure Azure FunctionsBLOG How we use Datadog for detection as codeBLOG Detect lateral movement in hybrid Azure environmentsBLOG Identify the secrets that make your cloud environment more vulnerable to an attackBLOG Cloud security research and guide roundup: Infrastructure and accessBLOG Cloud security research and guide roundup: DevSecOps, threat detection, and AIBLOG Key metrics for measuring your organization's security postureBLOG Security and SRE: How Datadog's combined approach aims to tackle security and reliability challengesBLOG