Datadog Security

Overview

Bring speed and scale to your production security operations. Datadog Security delivers real-time threat detection, and continuous configuration audits across applications, hosts, containers, and cloud infrastructure. Coupled with the greater Datadog observability platform, Datadog Security brings unprecedented integration between security and operations aligned to your organization’s shared goals.

Datadog Security includes:

To learn more, check out the 30-second Product Guided Tour.

Cloud SIEM

Cloud SIEM (Security Information and Event Management) detects real-time threats to your application and infrastructure, like a targeted attack, an IP communicating with your systems which matches a threat intel list, or an insecure configuration. Cloud SIEM is powered by Datadog Log Management. With these areas combined, you can automate remediation of threats detected by Datadog Cloud SIEM to speed up your threat-response workflow. Check out the dedicated Guided Tour to see more.

The Cloud SIEM home page showing the Security Overview section with widgets for important signals, suspicious actors, impacted resources, threat intel, and signal trends

Code Security

Code Security scans your first-party code and open source libraries used in your applications in both your repositories and running services, providing end-to-end visibility from development to production. It encompasses the following capabilities:

With IDE integrations, pull request comments, and CI/CD gates, Code Security helps teams implement DevSecOps throughout the organization:

  • Developers: early vulnerability detection, code quality improvements, faster development as developers spend less time debugging and patching.
  • Security Administrators: enhanced security posture, improved patch management in response to early vulnerability alerts, and compliance monitoring.
  • Site Reliability Engineers (SREs): automated security checks throughout CI/CD workflow, security compliance, and system resilience. SAST reduces manual overhead for SREs and ensures that each release is thoroughly tested for vulnerabilities.
A SAST finding within a GitLab repository

Cloud Security

Cloud Security delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Powered by observability data, security teams can determine the impact of a threat by tracing the full attack flow and identify the resource owner where a vulnerability was triggered.

Cloud Security includes Workload Protection, Misconfigurations, Identity Risks, and Vulnerabilities. To learn more, check out the dedicated Guided Tour.

The Security Inbox on the Cloud Security overview shows a list of prioritized security issues

To get started with Datadog Security, navigate to the Security > Setup page in Datadog, which has detailed information for single or multi-configuration, or follow the getting started sections below to learn more about each area of the platform.

App and API Protection

Datadog App and API Protection (AAP) provides observability into application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). AAP leverages Datadog APM, the Datadog Agent, and in-app detection rules to detect threats in your application environment. Check out the product Guided Tour to see more.

A security signal panel in Datadog, which displays attack flows and flame graphs

Workload Protection

Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. As part of the Datadog platform, you can combine the real-time threat detection of Workload Protection with metrics, logs, traces, and other telemetry to see the full context surrounding a potential attack on your workloads.

Sensitive Data Scanner

Sensitive Data Scanner can help prevent sensitive data leaks and limit non-compliance risks by discovering, classifying, and optionally redacting sensitive data. It can scan for sensitive data in your telemetry data, such as application logs, APM spans, RUM events, and events from Event Management. It can also scan for sensitive information within your cloud storage resources.

After you set up Sensitive Data Scanner, use the Findings page to see details of sensitive data findings that have been identified, so that you can triage, investigate, and remediate the findings.

The summary page showing an overview of sensitive findings broken down by priority

Further Reading

Additional helpful documentation, links, and articles:

Check out the latest Datadog Security releases! (App login required).RELEASE NOTES more more See a Product Guided TourGUIDED TOUR more more Begin detecting threats with Cloud SIEMDOCUMENTATION more more Start tracking misconfigurations with Cloud Security MisconfigurationsDOCUMENTATION more more Uncover kernel-level threats with Workload ProtectionDOCUMENTATION more more Read about security-related topics on Datadog's Security Labs blogSECURITY LABS more more Join an interactive session to elevate your security and threat detectionFOUNDATION ENABLEMENT more more Elevate AWS threat detection with Stratus Red TeamBLOG more more Best practices for securing Kubernetes applicationsBLOG more more Best practices for network perimeter security in cloud-native environmentsBLOG more more Best practices for data security in cloud-native infrastructureBLOG more more Security-focused chaos engineering experiments for the cloudBLOG more more Datadog's approach to DevSecOpsBLOG more more Investigating a complex denial-of-service attackBLOG more more Tips to optimize and secure Azure FunctionsBLOG more more How we use Datadog for detection as codeBLOG more more Detect lateral movement in hybrid Azure environmentsBLOG more more Identify the secrets that make your cloud environment more vulnerable to an attackBLOG more more Cloud security research and guide roundup: Infrastructure and accessBLOG more more Cloud security research and guide roundup: DevSecOps, threat detection, and AIBLOG more more Key metrics for measuring your organization's security postureBLOG more more Security and SRE: How Datadog's combined approach aims to tackle security and reliability challengesBLOG more more 2025 cloud security roundup: How attackers abused identities, supply chains, and AIBLOG more more