Cloud-native SIEM and security posture management from Datadog, unifying threat detection, compliance, and infrastructure monitoring in one pane.
Disclosure: We may earn a commission if you buy through our links, at no extra cost to you. Details.
Datadog Cloud Security is the natural security extension for organizations already running Datadog for infrastructure monitoring, APM, or log management. Rather than deploying a separate SIEM, these organizations can activate Cloud SIEM, Cloud Security Posture Management (CSPM), and Cloud Workload Security (CWS) on the same Datadog account they already use for observability.
The integration advantage is significant: Datadog Cloud SIEM can correlate security signals with APM traces, infrastructure metrics, and log data in a single platform. A security alert can immediately be enriched with the underlying service's deployment history, recent code deployments, and infrastructure anomalies — context that would require multiple tool hops in a traditional SIEM+APM stack.
Cloud SIEM uses log-based detection rules (written in Datadog's detection rule DSL or imported as Sigma rules) to identify threats across cloud provider logs, SaaS logs, and custom application logs. CSPM continuously evaluates cloud resource configurations against CIS benchmarks and compliance frameworks (SOC 2, PCI DSS, HIPAA). Cloud Workload Security uses eBPF-based runtime monitoring to detect container and host-level threats.
Pricing is consumption-based: Cloud SIEM is charged per GB of logs analyzed, starting at approximately $0.20/GB. This model works well for teams with predictable log volumes but can become expensive at scale compared to per-user models. Datadog Security is not the right choice for organizations without existing Datadog deployments — the setup overhead does not justify adopting Datadog solely for security.
Procurement checklist for Datadog Cloud Security: confirm the current pricing and plan limits on the official pricing page, then validate the feature tier against your team size, data-retention needs, integration requirements, and support expectations. For SIEM & Monitoring buyers considering Datadog Cloud Security, the practical questions are whether the product fits the current workflow, whether administrators can configure it without heavy consulting, and whether the vendor's documentation supports the claims used in this review. If Datadog Cloud Security will handle regulated or customer-sensitive data, review its data-processing agreement, security documentation, access controls, and export options before committing. Use the linked official sources and a trial or proof of concept for final validation of Datadog Cloud Security; do not treat this review as a private hands-on test claim.
A standardized buyer checklist for every product page, avoiding unsupported hands-on testing claims.
Important details to help you make the right choice
Best for cloud-native teams already using Datadog for observability who want unified security and monitoring in one platform
Not the right fit for organizations not already using Datadog — the setup overhead doesn't justify adopting Datadog solely for SIEM.
Compare the top SIEM platforms for 2026. Splunk Enterprise Security, Elastic Security, and Datadog Cloud Security rated on detection quality, cost, and deployment complexity.
Compare the 4 best cloud monitoring tools in 2026 — Site24x7, Datadog, Splunk, and Elastic — for IT teams choosing observability and SIEM platforms.
Splunk Enterprise Security review for SIEM & Monitoring: buyer fit, pricing signals, implementation effort, integrations, and source-backed risks.
Compare Splunk Enterprise Security alternatives for SIEM & Monitoring: pricing visibility, migration tradeoffs, integrations, and buyer fit.
Splunk Enterprise Security pricing for 2026: plan signals, user limits, add-ons, renewal checks, and SIEM & Monitoring alternatives.
Datadog offers a free 14-day trial for Cloud Security, which includes access to Cloud SIEM, CSPM, and Cloud Workload Security features. Pricing starts at $0.20 per GB of analyzed logs for Cloud SIEM, with additional costs for CSPM and workload security based on host or container count. The consumption-based model means costs scale with log volume and monitored resources, so users should monitor usage to avoid surprises.
Pricing source: Official pricing page — Last verified: 5/29/2026
The primary use case is unifying threat detection, security posture management, and compliance monitoring within a single cloud-native platform. It enables security teams to detect threats in real-time using log-based detection rules, assess misconfigurations via CSPM, and monitor runtime threats in container environments with eBPF-based workload security. This integration allows correlating security alerts with observability data like APM traces and metrics for faster incident response.
The platform is best suited for organizations already using Datadog for observability, as they can leverage existing integrations and unified dashboards without additional overhead. It is particularly valuable for DevOps and security teams managing cloud-native environments on AWS, Azure, or GCP, especially those needing compliance reporting for SOC 2, PCI DSS, HIPAA, or CIS benchmarks. New customers without existing Datadog infrastructure may find the initial adoption costly due to the full-platform commitment required.
Setup is streamlined for existing Datadog users, as Cloud Security integrates natively with the Datadog agent and existing log pipelines. The platform supports out-of-the-box integrations with major cloud providers (AWS, Azure, GCP), container orchestration tools like Kubernetes, and over 700 technology partners for log sources. For new users, initial configuration may require deploying the Datadog agent and setting up log forwarding, but guided onboarding templates are available.
A key limitation is the consumption-based pricing, which can become unpredictable and expensive at high log volumes, especially for organizations that generate large amounts of security data. Additionally, the platform delivers best value only for existing Datadog customers, as new users face high upfront costs for full platform access. A viable alternative is Wazuh, an open-source SIEM and XDR platform that offers similar log analysis and compliance features without consumption-based pricing, though it lacks native integration with Datadog's observability tools.
