Datadog earned three badges in the 2025 Latio Cloud Security Market Report—Cloud Security Leader, CADR Leader, and Code to Cloud Leader—by offering a unified platform that links code, observability, and runtime security to reduce investigative complexity and alert noise. The platform combines log management, UEBA, Cloud SIEM, IDE integrations, and automated PR gates to provide end-to-end visibility and prioritize exploitable production vulnerabilities. #Datadog #Latio
Keypoints
- Datadog received three recognitions in the 2025 Latio Cloud Security Market Report: Cloud Security Leader, CADR Leader, and Code to Cloud Leader.
- Latio’s CADR concept emphasizes unifying log streams and correlating lines of logs to produce a complete attack narrative for cloud-hosted applications.
- Datadog’s platform is built on scalable log management and integrates UEBA to enrich security signals with entity context for improved detection and investigation.
- Cloud SIEM in Datadog supports in-depth exploration of entities (IAM users, assumed roles, SAML users, service identities, S3 buckets, EC2 instances) with over 1,000 integrations and detection rules.
- Bits AI Security Analyst agentic workflows automate triage and investigation by surfacing model reasoning and granular behavior details.
- Code to Cloud capabilities include IDE extensions for VS Code, JetBrains, and Visual Studio, inline PR comments, and automated PR gates to prevent insecure code from reaching production.
- Datadog’s approach combines early code scanning with runtime prioritization to reduce vulnerability noise by over 90% and focus on exploitable, production-impacting issues.
MITRE Techniques
- [T1078] Valid Accounts – Used to explore and investigate IAM users, assumed roles, and SAML users within Cloud SIEM (“IAM users, assumed roles, and SAML users”).
- [T1098] Account Manipulation – Monitoring of users authenticating through service providers or web applications using MFA, OIDC, OAuth, cookies, or username/password logins to detect misuse (“Users authenticating through service providers or web applications using MFA, OIDC, OAuth, cookies, or username/password logins”).
- [T1536] Credentials in Files – Detection of service or account misconfigurations that could expose credentials or secrets (“Service or account misconfigurations”).
- [T1078.003] Cloud Accounts – Tracking and analysis of machine identities such as S3 buckets and EC2 instances to identify unauthorized access or misuse (“Machine identities, such as S3 buckets and EC2 instances”).
- [T1110] Brute Force – Correlating logs and entity behavior with UEBA to surface authentication anomalies and potential brute-force activity (“User and Entity Behavior Analytics (UEBA) to identify emerging threats”).
- [T1609] Container and Resource Discovery – Use of container telemetry and application traces combined with logs to build a full attack narrative across hybrid-cloud environments (“manually combine cloud logs, container telemetry, and application traces”).
- [T1486] Data Encrypted for Impact (Ransom) – Prioritization and runtime-based visibility to focus on vulnerabilities that are exploitable in production, aiding response to impactful attacks (“prioritization, security teams are shown only the critical and high-severity vulnerabilities that are present in production, exploitable, and exposed to real attack paths”).
Indicators of Compromise
- [Log sources] examples – cloud logs, container telemetry, application traces used for correlation and investigation (no specific filenames provided).
- [Integrations/Rules] context – over 1,000 integrations and detection rules used to automatically surface threats (no specific rule names provided).
- [Entities] context – IAM users and assumed roles (examples: SAML users, service principals), and machine identities (examples: S3 buckets, EC2 instances).
- [Developer tools] context – IDE extensions and PR artifacts used in detection and prevention (examples: VS Code extension, inline PR comments in pull requests).
Read more: https://securitylabs.datadoghq.com/articles/why-datadog-is-a-cloud-security-leader/