Cloud Security Management

Datadog's unified DevSecOps approach has improved our ability to manage risks, prioritize responses, and remediate issues. As a result, we've been able to reduce tool sprawl and foster a culture of shared security ownership throughout the organization.

Eric Saam

VP of Engineering, Business Insider

Using Cloud Security Management was like having a member of the InfoSec team embedded within our engineering team. They could easily see the number of misconfigured resources in a single view without having to wait for someone from InfoSec reach out and let them know there was an issue.

Chad Upton

VP of Infrastructure, Firstup

Datadog gives me confidence that we know where our entire organization sits from a security standpoint, as well as a simple way to show senior leadership measurable improvements to our security posture that result from our collective efforts.

Kelly Bettendorf

Security Engineer, Stavvy

Feature Overview

Datadog Cloud Security Management uses an agentless technology within your cloud to scan your entire infrastructure in minutes for vulnerabilities, misconfigurations, identity risks, and compliance violations. In addition, Datadog’s lightweight, open-source agent gives Security and DevOps teams more granular and timely visibility into active risks and threats that can be fixed in a few clicks. Tightly integrated in a unified platform with observability context, Cloud Security Management allows you to detect, prioritize, and fix security issues faster and more effectively to continuously improve your security posture.

Secure your entire cloud in minutes with safe agentless security

Available with Agentless setup

Quickly detect vulnerabilities, misconfigurations, identity risks, and compliance gaps without deploying an agent
Continuously discover risks across your cloud accounts without sending snapshots outside your environment
Prioritize risk more effectively with automatic correlations between security findings and severity-based scoring in Security Inbox

Fix the most critical vulnerabilities across your cloud infrastructure

Available with Agentless and Agent-based setup

Detect, prioritize, and manage vulnerabilities in your organization’s containers and hosts
Prioritize cloud vulnerabilities based on potential business impact, real-time observability context, and Datadog’s curated security research
Streamline collaboration between security and DevOps teams by providing shared visibility across infrastructure monitoring and security views

Learn more

Track and improve your cloud infrastructure and Kubernetes security posture

Available with Agentless and Agent-based setup

Strengthen the security posture of your cloud accounts, hosts, containers, and Kubernetes deployments with continuous configuration checks
Fix misconfigurations faster by leveraging resource ownership to automatically route alerts and remediation steps to the right team
Address specific security requirements by tailoring detection rules, either by duplicating an existing control or designing one from scratch

Learn more

Uncover and remediate excessive permissions to reduce identity risk

Available with Agentless and Agent-based setup

Secure your cloud infrastructure from IAM-based attacks by mitigating excessive permissions gaps, controlling administrative privileges, and reducing the potential blast radius of security incidents
Access full summaries of detected identity risks, including how resources can be accessed, related permissions, and remediation steps for efficient mitigation
Proactively defend against evolving identity risks with curated rules and best practices, continually updated by Datadog’s security research

Learn more

Cloud Infrastructure Entitlement Management

Protect your cloud workloads against attacks as they happen

Available with Agent-based setup

Get kernel-level visibility into workload activity across your hosts and containers to uncover threats
Use curated out-of-the-box workload threat detection rules researched, developed, and maintained by Datadog security research
Detect unknown threats and anomalous process, network, or file activity using workload behavior modeling
Maintain critical file controls and detect problems in real time with Datadog File Integrity Monitoring (FIM)
Gain unparalleled visibility into your workloads with support for most major Linux distributions, Windows Servers, AWS Fargate, Docker, and Containerd

Learn more

Confidently adhere to industry and custom compliance benchmarks

Available with Agentless and Agent-based setup

Track conformance to requirements of industry benchmarks and other controls, such as CIS, PCI DSS, SOC 2, and more or create custom frameworks
Continuously benchmark your Kubernetes deployments against industry-standard frameworks to strengthen your security posture
Evaluate your organization’s compliance and security progress across teams and accounts with the Datadog Posture Score
Create, monitor, and report on custom compliance frameworks by leveraging Datadog’s 1,000+ detection rules or your own