Datadog Cloud Security
Cloud-native SIEM and security posture management from Datadog, unifying threat detection, compliance, and infrastructure monitoring in one pane.
From $0.20/GB analyzed (Cloud SIEM)Pricing not yet verified
Visit SiteCloud-native SIEM and security posture management from Datadog, unifying threat detection, compliance, and infrastructure monitoring in one pane.
Datadog Cloud Security is the natural security extension for organizations already running Datadog for infrastructure monitoring, APM, or log management. Rather than deploying a separate SIEM, these organizations can activate Cloud SIEM, Cloud Security Posture Management (CSPM), and Cloud Workload Security (CWS) on the same Datadog account they already use for observability.
The integration advantage is significant: Datadog Cloud SIEM can correlate security signals with APM traces, infrastructure metrics, and log data in a single platform. A security alert can immediately be enriched with the underlying service's deployment history, recent code deployments, and infrastructure anomalies — context that would require multiple tool hops in a traditional SIEM+APM stack.
Cloud SIEM uses log-based detection rules (written in Datadog's detection rule DSL or imported as Sigma rules) to identify threats across cloud provider logs, SaaS logs, and custom application logs. CSPM continuously evaluates cloud resource configurations against CIS benchmarks and compliance frameworks (SOC 2, PCI DSS, HIPAA). Cloud Workload Security uses eBPF-based runtime monitoring to detect container and host-level threats.
Pricing is consumption-based: Cloud SIEM is charged per GB of logs analyzed, starting at approximately $0.20/GB. This model works well for teams with predictable log volumes but can become expensive at scale compared to per-user models. Datadog Security is not the right choice for organizations without existing Datadog deployments — the setup overhead does not justify adopting Datadog solely for security.
Important details to help you make the right choice
Best for cloud-native teams already using Datadog for observability who want unified security and monitoring in one platform
Not the right fit for organizations not already using Datadog — the setup overhead doesn't justify adopting Datadog solely for SIEM.
Datadog offers a free 14-day trial for Cloud Security, which includes access to Cloud SIEM, CSPM, and Cloud Workload Security features. Pricing starts at $0.20 per GB of analyzed logs for Cloud SIEM, with additional costs for CSPM and workload security based on host or container count. The consumption-based model means costs scale with log volume and monitored resources, so users should monitor usage to avoid surprises.
Pricing source: Official pricing page
The primary use case is unifying threat detection, security posture management, and compliance monitoring within a single cloud-native platform. It enables security teams to detect threats in real-time using log-based detection rules, assess misconfigurations via CSPM, and monitor runtime threats in container environments with eBPF-based workload security. This integration allows correlating security alerts with observability data like APM traces and metrics for faster incident response.
The platform is best suited for organizations already using Datadog for observability, as they can leverage existing integrations and unified dashboards without additional overhead. It is particularly valuable for DevOps and security teams managing cloud-native environments on AWS, Azure, or GCP, especially those needing compliance reporting for SOC 2, PCI DSS, HIPAA, or CIS benchmarks. New customers without existing Datadog infrastructure may find the initial adoption costly due to the full-platform commitment required.
Setup is streamlined for existing Datadog users, as Cloud Security integrates natively with the Datadog agent and existing log pipelines. The platform supports out-of-the-box integrations with major cloud providers (AWS, Azure, GCP), container orchestration tools like Kubernetes, and over 700 technology partners for log sources. For new users, initial configuration may require deploying the Datadog agent and setting up log forwarding, but guided onboarding templates are available.
A key limitation is the consumption-based pricing, which can become unpredictable and expensive at high log volumes, especially for organizations that generate large amounts of security data. Additionally, the platform delivers best value only for existing Datadog customers, as new users face high upfront costs for full platform access. A viable alternative is Wazuh, an open-source SIEM and XDR platform that offers similar log analysis and compliance features without consumption-based pricing, though it lacks native integration with Datadog's observability tools.
