Security Analytics | Datadog
  • Security Analytics

    Detect security threats with the monitoring data you already collect

    Datadog’s Security Monitoring provides out-of-the-box threat detection and security analytics solutions based on the full set of monitoring data from its more than 500 turn-key, vendor-supported integrations. Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment with a full-stack offering providing threat detection, posture management, workload security, and application security. The Datadog-supported integration set includes key technologies like , , giving you end-to-end security visibility and deep context around possible threats. This insight is provided by leveraging all of the metrics, logs, traces, and synthetics tests that organizations are already collecting with Datadog. Security Monitoring is fully integrated with all of Datadog’s application and infrastructure monitoring products. This allows any user to seamlessly pivot from a potential threat to associated monitoring data to quickly triage security alerts using a single pane of glass.

    Real-time, out-of-the-box security analytics

    Datadog's Detection Rules provide a powerful way to automatically monitor and detect security threats across any environment in real time. Use configurable out-of-the-box rules—mapped to the MITRE ATT&CK™ framework—to track common attacker techniques, such as a VM enumerating all storage buckets in your account; Datadog Security Monitoring will provide threat detection immediately after installation. Engineers can also easily write their own sophisticated rules without having to learn a proprietary language: for example, engineers can create rules that look for possible account takeovers, root user activity, and more by using a simple but flexible editor. Datadog applies Detection Rules to the full stream of log data as it’s received, surfacing threats as soon as they occur.

    Unified visibility for faster triage and cross-team investigation

    Security threats in cloud-native environments move fast, which means that security teams need to have the same visibility into their infrastructure, network, and applications as developers and operations. With Datadog Security Monitoring, all engineering teams now have end-to-end security analytics coverage of their environment from a single, unified pane of glass. And, because everyone is using a single platform, when a threat is detected, security teams can quickly and easily loop in the relevant engineers and share related observability data using the same monitoring system they are already familiar with, leading to faster investigations.