How Datadog uses observability data to secure its platform

Teams use observability data to understand why a system behaved the way it did during an outage or a security incident. This visibility is traditionally associated with performance monitoring, but it is equally important for security investigations. Reconstructing an attack path requires knowing how cloud identities, services, and other resources interacted, and teams can obtain this context from observability data—metrics, events, logs, and traces (MELT).

With LLM applications and services now becoming a bigger part of distributed environments, the cost of fragmented tooling and infrastructure blind spots only multiplies. Practices like vibe coding increase the number of application vulnerabilities, and emerging AI attack techniques can direct systems to respond in unintended ways. At the same time, AI can help teams move faster during investigations by identifying relationships between large volumes of security signals. Both cases stress the need for observability data when monitoring application performance and security.

In this post, we’ll look at how observability data improves the accuracy of security signals and investigations and the role it plays in environments that take advantage of AI’s capabilities.

How Datadog uses observability data to secure its platform | Datadog

Related reading

What’s new in Cloud SIEM: AI-powered investigations, enhanced threat…

Engineering | Datadog Official Blog

Centralize observability management with Datadog Governance Console | Datadog

Turn security signals into structured investigations with Case Management in…

How to investigate cloud credential compromise with Bits AI Security Analyst |…

Bringing observability data hosting to the UK on AWS | Datadog