Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Rising log volumes are making it harder than ever for security and SRE teams to balance visibility with cost. Every network, CDN, and security layer generates continuous streams of telemetry, but deciding what to parse, retain, or drop often requires manual configuration, specialized knowledge, and extensive tuning.

We have just released the 2025 State of Cloud Security study, where we analyzed the security posture of thousands of organizations using AWS, Azure, and Google Cloud. In particular, we found that: In this post, we provide key recommendations based on these findings, and we explain how you can use Datadog Cloud Security to improve your security posture.

The Model Context Protocol (MCP) is a popular framework for connecting AI agents to data sources, such as APIs and databases. Because this technology is still new and evolving, its security standards are also in the early stages. This means that MCP servers are susceptible to misuse, so teams building and running them internally need visibility into server interactions to keep their environments safe from attacks.

Organizations running containerized environments face complex security challenges as they scale Kubernetes and adopt dynamic, ephemeral infrastructure. Traditional security tools often miss activity inside containers, making it difficult to detect policy violations or threats at runtime. Falco is a runtime security monitoring tool for containerized infrastructure.

Static application security testing (SAST) is foundational to modern application and code security programs. Yet these tools inevitably produce false positives that require manual review. When scanners find vulnerabilities that are not genuine issues, they erode trust, slow down remediation, and make it harder for teams to understand which alerts require attention.

Prompt guardrails are a common first line of defense against client-level LLM application attacks, such as prompt injection and context poisoning. They’re also a critical component of a full defense-in-depth strategy for LLM security at the infrastructure, supply chain, and application level. The specific guardrails that teams implement depend highly on use case, but they are typically designed to.