Application Security Management

A security signal panel in Datadog, which displays attack flows and flame graphs

Datadog Application Security Management (ASM) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, AWS ECS, and (for supported languages) AWS Fargate.

ASM leverages Datadog tracing libraries, and the Datadog Agent to identify services exposed to application attacks. Once configured, ASM leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code.

When a threat is detected, a security signal is generated in Datadog. For HIGH or CRITICAL severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats.

Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by ASM and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel.

With ASM, you can cut through the noise of continuous trace data to focus on securing and protecting your environment.

Until you fully remediate the potential vulnerabilities in your application code, ASM enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click. One-click IP blocking is in private beta. Access early preview through this form.

Understanding how application security is implemented in Datadog

If you’re curious how Application Security Management is structured and how it uses tracing data to identify security problems, read How Application Security Management Works.

Configure your environment

Powered by provided out-of-the-box rules, ASM detects threats without manual configuration. If you already have Datadog APM configured on a physical or virtual host, setup only requires setting one environment variable to get started.

To start configuring your environment to detect and protect threats with ASM, follow the Getting Started documentation. Once ASM is configured, you can begin investigating and remediating security signals in the Security Signals Explorer.

Investigate and remediate security signals

In the Security Signals Explorer, click on any security signal to see what happened and the suggested steps to mitigate the attack. In the same panel, view traces with their correlated attack flow and request information to gain further context.

Next steps