惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
SecWiki News
SecWiki News
Martin Fowler
Martin Fowler
T
Tor Project blog
N
Netflix TechBlog - Medium
C
Cybersecurity and Infrastructure Security Agency CISA
V
Vulnerabilities – Threatpost
V
Visual Studio Blog
GbyAI
GbyAI
PCI Perspectives
PCI Perspectives
D
DataBreaches.Net
Jina AI
Jina AI
H
Heimdal Security Blog
云风的 BLOG
云风的 BLOG
P
Privacy International News Feed
A
About on SuperTechFans
J
Java Code Geeks
美团技术团队
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News | PayPal Newsroom
有赞技术团队
有赞技术团队
MyScale Blog
MyScale Blog
博客园 - 司徒正美
C
Check Point Blog
T
Threat Research - Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
宝玉的分享
宝玉的分享
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Apple Machine Learning Research
Apple Machine Learning Research
Hugging Face - Blog
Hugging Face - Blog
The Last Watchdog
The Last Watchdog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
I
InfoQ
阮一峰的网络日志
阮一峰的网络日志
Cisco Talos Blog
Cisco Talos Blog
W
WeLiveSecurity
Hacker News: Ask HN
Hacker News: Ask HN
Recent Commits to openclaw:main
Recent Commits to openclaw:main
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
D
Docker
博客园 - Franky
Security Archives - TechRepublic
Security Archives - TechRepublic

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
Threat modeling with Datadog App and API Protection
Izar Tarandach, Karishma Asthana, Mallory Mooney · 2023-05-02 · via Datadog | The Monitor blog

Threat modeling is a critical part of building high-performing, secure systems. It is responsible for “analyzing representations of a system to highlight concerns about security and privacy characteristics.”1 Creating an effective threat model involves two main steps: system modeling to map out all existing system components and the relationships between them, and threat elicitation to identify areas in the system that could be vulnerable to a security issue.

Threat models should provide an organization with visibility into its systems, and actionable findings to use as a basis for securing them. Developing threat models that fulfill these expectations can be difficult, as teams can quickly run into one or more of the following pain points:

  • Lack of visibility into the active development of new system components

  • Blind spots in data flows between systems and resources, especially in legacy and third-party systems and integrations

  • Discrepancies between a system’s initial design and its actual implementation

  • Lack of documentation for system functionality and ownership

After clearing these hurdles, organizations must then methodically sift through each modeling session’s findings and suggest mitigation strategies that strengthen security for their systems as needed. This is a cyclic process, because an organization’s threat models must adapt as their systems evolve. If threat models do not keep up with system changes, organizations will end up with an incomplete picture of their infrastructure’s attack surface.

Datadog App and API Protection (AAP) addresses these gaps by helping organizations map their entire system, which can surface design flaws in application and business logic that static threat models may miss. This critical visibility enables organizations to quickly identify threats in their existing application topology and anticipate the flow of potential attacks. By leveraging distributed traces through its integration with Datadog APM and real-time network data, AAP provides organizations with an up-to-date view of the composition and state of their systems before, during, and after requests.

In this post, we’ll look at how you can use distributed tracing and Datadog AAP for system modeling and threat elicitation to build effective threat models.

Develop accurate system models with distributed tracing

Creating threat models for small systems or new system components is relatively straightforward. In these environments, organizations typically have end-to-end visibility into development and deployment, so they can easily see how each piece of a system fits together. But for long-running systems with sprawling, complex infrastructure—where operational knowledge is often limited to a few team members—threat modeling sessions can be impacted by substantial gaps in visibility. On top of that, the implementation of a system might not match its initial design, and outdated system models and documentation can muddy the process.

Threat modeling sessions can become even more complex when integrating modern services with legacy systems. In these (quite common) scenarios, critical data flows between system components—as well as their primary entry points, such as open ports—can become obfuscated. As illustrated in the following diagram, integrating a third-party service with an organization’s legacy system can introduce blind spots in data flows:

System model diagram

Without visibility into what can go wrong in this scenario, you may overlook signs of malicious activity. Installing a web application firewall (WAF) and restricting traffic here could be good first steps towards controlling input. But there may still be other design flaws that could leave the environment vulnerable to an attack. To eliminate blind spots efficiently, organizations can use distributed tracing to develop a comprehensive, accurate view of their entire system, including any new integrations.

Visualize systems and their dependencies

Distributed tracing captures the flow of requests between systems and their components. Organizations can leverage distributed tracing tools like the Service Map to visualize all the connections between their system components. This tool strengthens an organization’s threat modeling sessions by allowing them to not only map their complex infrastructure but also to better understand their attack surface.

As illustrated in the following screenshot, the Service Map automatically breaks down a system into its individual components and dependencies, and outlines request flows between them in real time:

Datadog Service Map

This enables organizations to map how data flows through their systems, including from external sources. Clicking on the affected service provides teams with more information about the source of the requests, so they can determine how a threat actor would target their infrastructure.

Identify service owners to support productive threat modeling sessions

Another pain point in developing threat models for complex infrastructure is being unable to identify who owns a particular component, such as the interface with the third-party service in the previous example. Visibility into ownership is critical because it establishes a point of contact in case of a security-related issue. It also helps organizations quickly confirm the relationship between the component and the rest of the system, which fosters more productive threat modeling sessions.

Just as it visualizes system dependencies at a high level, the Service Map can also offer a starting point for identifying the owners of a particular service and facilitate communication between teams. Organizations can pivot from a service they are investigating in the map to other integrated visualizations like the Host Map, where they can review all the service’s underlying hosts to determine who created them. Organizations can use this information to update their threat models accordingly and supplement their service documentation through AAP’s integration with the Service Catalog, which provides quick access to services’ metadata.

For example, when AAP identifies a vulnerability, it will generate a security signal that includes information about who owns the targeted service:

Datadog App and API Protection provides information about service teams

This critical insight enables organizations to successfully fill the visibility gaps that traditional threat modeling sessions may create.

Mitigate threats by anticipating the flow of an attack

As previously mentioned, threat modeling is an iterative process that should adapt to an organization’s dynamic systems. But attacks are also rapidly changing in nature, scope, and impact. Organizations need to ensure that their threat models anticipate what can happen to their mapped systems by answering questions like:

  • How quickly can a particular attack scale?

  • Which parts of a system are susceptible to DDoS attacks?

  • How much will recovery cost if an attack is successful?

That’s why AAP—and the tracing abilities it inherits from APM—can be a crucial part of threat modeling. It captures the complete flow of an attack, giving organizations a reliable, up-to-date view into how their systems became vulnerable. As illustrated in the following screenshot, AAP captured the entire path of a cross-site scripting (XSS) attack, from its source to all affected downstream services:

Datadog App and API Protection shows the path of the attack

AAP also provides additional information about an attack, such as its type, the targeted function, and how the affected system responded to the event:

Datadog App and API Protection provides insight into the nature of an attack

With this rich security context, organizations can make informed decisions on how to keep their threat models up to date. They can also use this information to validate their models and confirm that documented mitigation steps work as expected. For example, they can verify that connections from known-malicious IP addresses are automatically blocked via AAP’s In-App WAF.

Develop threat models with confidence

Datadog AAP enhances threat modeling sessions through its deep integration with the APM platform. By leveraging distributed tracing, AAP enables organizations to easily visualize the composition of their systems and understand how underlying components interact with each other. In addition, AAP identifies legitimate threats to their systems by automatically generating code-level security insights. Together, these capabilities help organizations develop valuable threat models for their systems and use them with confidence.

To see Datadog App and API Protection in action, you can request a personalized demo. If you don’t already have a Datadog account, you can sign up for a 14-day free trial today.

  1. Threat Modeling Manifesto