Datadog Security Labs
Security Labs

Tales from the cloud trenches: Using AWS CloudTrail to identify malicious activity and spot phishing campaigns

Illustration depicting a cartoon of identify malicious activity

Amazon SNS and SES are SMS and email sending services. These are a juicy target for attackers, and frequently targeted when an access key leaks. Based on CloudTrail logs, we have identified malicious actors and toolsets abusing these services. Additional OSINT led us to discover a phishing campaign impersonating official French Government websites!

Security Feature Releases

Kubernetes Security Posture Management (KSPM)

App image: Kubernetes Security Posture Management (KSPM)

In recent years, the popularity of Kubernetes deployments has surged—as has the prevalence of security risks associated with the technology. Red Hat’s State of Kubernetes Security for 2023 reveals that 67 percent of organizations have encountered delays in application deployments due to Kubernetes-related security issues.

That’s why we are excited to introduce our new Kubernetes Security Posture Management (KSPM) capabilities, which are available within Datadog Cloud Security Management (CSM).

KSPM helps you proactively strengthen the security posture of your Kubernetes deployments by benchmarking your environment against established industry best practices, such as those defined by CIS, or your own custom detection policies.

Check out our KSPM documentation to get started, or head to the Frameworks page in Datadog CSM.

SCA Extends to the CI

App image: SCA extends to the CI

Datadog is proud to announce the launch of Datadog SCA (previously Application Vulnerability Management). This represents an expansion of our Datadog Application Security capabilities to help teams leverage open-source with confidence, from source code, to production services.

Datadog SCA helps you track and manage the open-source libraries within your applications, including security risks (malware and vulnerabilities), business risk (SBOM), and licensing.

Our secret sauce is our end-to-end coverage: Datadog SCA analyzes your libraries as early as when developers commit code (new in Beta), and all the way to the existing production applications (Generally Available), even without access to the source code. Also, our prioritization system takes into account the entire context, reducing the number of alerts and increasing your productivity.