We are very happy to announce our new partnership with Datadog, the essential monitoring platform for cloud applications. Datadog brings together data from servers, containers, databases, and third-party services to make customers’ stacks entirely observable.
With 85% of enterprises moving their applications and workloads to the cloud, it is critical for security, engineering, and infrastructure teams to combat threats and performance challenges with a unified defense.
This is exactly where D3 comes in. D3 integrates tightly with Datadog to seamlessly transform data into action. D3’s orchestration engine and ~300 integrations make it easy to remediate security threats or performance issues, with little-to-no human intervention. D3’s full-lifecycle playbooks also play an important role by connecting users, teams, and departments on an end-to-end workflow platform for when cross-enterprise investigation, collaboration, and documentation are needed.
So why is this important?
Because marrying observability data with automated orchestration helps organizations work faster, smarter, and with more agility. And the approach can be applied across a huge number of use cases. Here are three of the things you can do with Datadog and D3 that are worth getting excited about.
Datadog generates a rich and varied amount of data that can be used as contextual information or automation triggers in D3. For example, an abnormal CPU usage alert captured by Datadog APM will prompt D3 to automatically contextualize, validate, prioritize and remediate the event. Actions can be carried out across D3’s hundreds of integrated tools, as well as the customer’s network, IT, or security infrastructure. Full or partial automation is supported, and human managers can easily be “brought into the loop” to make key decisions or approve certain actions.
The results are dramatically lower remediation times and reduced human error, leading to a strengthened security posture and enhanced customer experiences. Plus, your human analysts are freed up to focus on problems that actually make use of their skills.
Security isn’t just about automation; it’s also about repeatable workflows that quickly resolve incidents and eliminate future recurrence. By escalating issues captured by Datadog into D3, users can leverage proven, end-to-end incident response playbooks and cross-enterprise collaboration.
By running response playbooks through D3, every step in the workflow and all the associated data are collected in a single place, so the process can be easily monitored and reported on, even when collaboration across teams is required. This allows joint users of Datadog and D3 to enable a diverse user base from across the organization to work together on important incidents. D3 generates a record of every incident, including timelines and visual link analysis, so organizations can learn from incidents and take proactive steps to address issues.
The combination of Datadog’s monitoring and D3’s security orchestration enables automated response to challenging incident types that a single solution is not equipped to handle on its own. Let’s take the example of cryptojacking, which is a common attack against cloud environments like AWS EC2 instances.
Datadog APM could detect the high CPU usage, memory usage, and slower response times from the hijacked machine. This abnormality could be sent to D3 as an alert to be investigated. D3 could then trigger an incident-specific playbook that would start by sending notifications to the owner of the machine and the IT operations team.
D3 will then query Datadog for related alerts and orchestrate the appropriate remediation steps, such as blocking the suspicious IP, orchestrating actions to the EC2 instance, and reporting details to the analyst. Once the incident is closed, a report will be generated for any necessary follow-up.
It’s no secret that we’re big fans of the MITRE ATT&CK framework at D3. We think ATT&CK is the ideal way to understand cyber threats, particularly major incidents involving many separate elements. Datadog shares our affinity for ATT&CK, and like D3 SOAR, Datadog Security Monitoring analyzes events and tags them with the relevant ATT&CK technique(s).
This means that both platforms are “speaking the same language” about security threats. This ATT&CK data from Datadog can feed into D3’s ATT&CK dashboards and kill-chain playbooks, making for better understanding of the type of incidents in your environment, what patterns of adversary intent they reveal, and the root cause that need to be addressed.
Those are just a few of the reasons we’re excited to be partnering with Datadog. To learn more about our integration, check out our Datadog solution guide. If you’re ready to see D3 SOAR in action, schedule a one-on-one demo today.