- SOAR 101
In August, we joined our friends at Datadog for the first-ever virtual version of their Dash Conference. While a virtual conference can’t match the excitement of getting out in the world to congregate with thousands of DevOps, incident response, and cloud industry peers, Datadog did a great job with the event and it was exciting to connect with everyone that came by our virtual booth.
Because Datadog’s solutions span ITOps and security, we were able to get a unique perspective on the challenges of their user base, and how D3 SOAR can help to automate actions and workflows on both sides of the ITOps and SecOps spectrum. Based on those conversations, we came away from the conference thinking about a few ways that D3 SOAR and Datadog can work together to support our joint users.
D3 SOAR adds a major piece to application performance monitoring workflows, namely the ability to orchestrate instantaneous response actions. D3 integrates with cloud platforms like AWS and Azure, so that when Datadog detects an issue, D3 can automate common tasks such responding to resource utilization issues, uploading or retrieving files, deleting buckets, or managing containers.
By integrating Datadog APM and D3 SOAR, users can turn rich data from across your servers, containers, databases, and third-party services into automated workflows. It’s no wonder that visitors to our booth at Dash were excited about the potential time- and cost-savings.
As I’ve written about previously, there are some security incidents that are best detected through a monitoring tool like Datadog. One of the clearest examples is the use-case of cryptojacking.
When a machine in a cloud environment has been compromised, it might create indicators such as high CPU usage, memory usage, and slower response times, which can be detected by Datadog APM. This abnormality could be sent to D3 as an alert, triggering an incident-specific playbook that would start by sending notifications to the owner of the machine and the IT operations team. D3 will then query Datadog for related alerts and orchestrate the appropriate remediation steps, such as blocking the suspicious IP, orchestrating actions to the EC2 instance, and reporting details to the analyst.
This use-case is exciting to joint-users of D3 and Datadog because of how it closes gaps in cloud security by connecting application monitoring and SOAR.
D3 helps cross-functional teams, such as those also using Datadog, to design and deploy automation strategies at scale, using D3’s codeless playbook environment. This allows users, regardless of their coding ability, to leverage D3’s turnkey library of 260+ integrations and build a range of independent or interconnected actions across DevOps, monitoring, security, incident response, and compliance use cases.
Extending automation across all these different functions can bring value, but it usually requires a huge amount of time and coding expertise to implement and maintain. Using D3’s codeless playbooks and Datadog’s aggregated data makes it feasible for any team.
To learn more about how D3 and Datadog work together, check out this joint solution guide.
Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.REGISTER NOW