Getting Started with Cloud Security Management

Overview

Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure. Powered by observability data, CSM includes Misconfigurations and Threats.

This guide walks you through best practices for getting your team up and running with CSM.

Phase 1: Deployment

  1. Install the Datadog Agent (version 7.46 or above).
  2. Enable CSM for for your cloud resources and infrastructure:
    • CSM Threats: Kubernetes, Docker, and host-based installations.
    • CSM Misconfigurations: AWS, Azure, GCP, Kubernetes, and Docker instructions.
    • CSM Identity Risks: Enable AWS resource collection and Cloudtrail logs forwarding.
    • CSM Vulnerabilities: Container image scanning and host scanning instructions for Kubernetes, ECS EC2 instances, and host-based installations.
  3. Check out the CSM homepage to get an overview of your organization’s risks and threats.
  4. Review 500+ out-of-the-box Threats and Misconfigurations detection rules.
  5. Explore security signals and review CSM Misconfigurations findings.
  6. Review and remediate identity risks on the Identity Risks page.
  7. Review container vulnerabilities on the Container Images page, and a consolidated list of vulnerabilities on the Infrastructure Vulnerability page.
  8. Set up notification rules and receive alerts using Slack, Jira, email, and more.

Phase 2: Customization

  1. Set up CSM Threats suppression rules to reduce noise.
  2. Create custom detection rules for CSM Misconfigurations and CSM Threats.

Phase 3: Reports and dashboards

  1. Assess your organization’s posture by reviewing compliance reports.
  2. Use out-of-the-box dashboards or create your own for faster investigations, reporting, and monitoring.
  3. Subscribe to the weekly security digest reports to begin investigation and remediation of the most important new security issues discovered in the last seven days.

Further reading