Last month, Datadog appeared in the 2025 Latio Cloud Security Market Report, earning badges in three categories: Cloud Security Leader, Cloud Application Detection and Response (CADR) Leader, and Code to Cloud Leader. In this post, we break down what CADR is, and how the Datadog Security Platform helps teams solve complex hybrid-cloud challenges.
Datadog as a CADR Leader
Cloud Application Detection and Response (CADR) is a term introduced by Latio report author James Berthoty to simplify the many tools and acronyms for detecting and responding to attacks on cloud-hosted applications.
Security teams are overwhelmed by an increasing number of tools. Many of these tools monitor only a fragment of a modern hybrid-cloud environment and generate high alert volumes. During investigations, security teams must manually combine cloud logs, container telemetry, and application traces due to issues ranging from false positives to critical alerts that lack necessary context for DevOps hand-off.
CADR addresses this by unifying log streams to provide a comprehensive, end-to-end attack narrative for cloud-hosted applications. In a July 2024 blog post, James Berthoty noted that many log sources are not ingested into Security Information and Event Management (SIEM) systems due to cost and complexity. He states that existing tools are not performing the "line-by-line log correlation needed to put together the full attack picture."
Datadog Security is designed to solve this data-complexity issue. As a platform built on a robust log-management foundation, Datadog allows teams to store and analyze operational and security logs cost-effectively, in real-time, and at any volume. The platform integrates User and Entity Behavior Analytics (UEBA) to identify emerging threats, enriching security signals with detailed context and entity attributes.
Here's an example of this in action. In Datadog Cloud SIEM, users can apply intuitive filters or use the search bar to explore specific entity attributes in depth, supporting a broad range of human and non-human entities, including:
- IAM users, assumed roles, and SAML users
- Users authenticating through service providers or web applications using MFA, OIDC, OAuth, cookies, or username/password logins
- Service or account misconfigurations
- Machine identities, such as S3 buckets and EC2 instances
This data, combined with more than 1,000 integrations and detection rules, allows teams to automatically surface threats and investigate them visually. New agentic workflows in Bits AI Security Analyst features automate triage and investigation by providing granular model behavior and reasoning.
Code to Cloud Leader
The Code to Cloud Leader recognition highlights platforms that connect code with production environments. These solutions map source code to deployed assets across various infrastructure-as-code (IaC) types, giving both developers and security teams visibility from commit to runtime.
Datadog's ability to monitor infrastructure, applications, and code provides a unified view that connects the application's actions with its running status. Datadog Security supports DevOps and Security teams in protecting their environments, from when a developer begins coding until the application is running in production.
The earliest point to check code security is within the developer’s IDE. Datadog’s IDE extensions—available for VS Code, JetBrains IDEs, and Visual Studio—provide continuous, local static analysis. Once installed, the extension scans code using Datadog’s prebuilt rulesets, giving developers immediate feedback. For instance, it can flag insecure defaults, such as a missing timeout parameter in Python’s requests module. Developers can quickly apply suggested fixes directly from the editor.
Once code reaches the pull request phase, Datadog automatically posts inline PR comments that specify the exact files and lines where an issue was found. Datadog also enforces security guardrails through automated pull request gates. These checks validate that the code meets organizational security policies before it can be merged, for example, blocking a deployment if a critical vulnerability remains unresolved. Together, the IDE integration, PR comments, and PR gates help teams prevent vulnerable code from reaching production while keeping developers self-sufficient and in flow.
By combining early detection with runtime-based prioritization, security teams are shown only the critical and high-severity vulnerabilities that are present in production, exploitable, and exposed to real attack paths. This approach reduces noise by over 90%.
Cloud Security Leader
Latio defines the Cloud Security Leader badge as recognition for standalone cloud-security platforms that deliver end-to-end protection, from code to cloud to runtime.
Datadog offers a unified platform that integrates easily with the tools developers already use. The platform is built on an observability foundation, offering a context-aware approach that links signals across the stack. Its application-layer visibility and deep application insights at runtime help security teams understand how issues affect production systems.
By placing cloud alerts in the context of application services, Datadog helps enable faster and more informed decision-making. Because Datadog's capabilities include code security, SIEM, and workload protection, teams can collaborate on investigations within the platform.
Read the full Latio 2025 Cloud Security Market Report to learn more.
