Datadog announced some cool new products at its Dash 2022 conference yesterday.
CoScreen - a way for engineering and DevOps teams to launch a screen share and collaborate right at the point where DataDog’s Incident Management system flags a problem.
Data Streams Monitoring - Shows an animated diagram of how Kafka message queues are performing in real time. If you don’t design a message queue properly, you hit performance bottlenecks, because some parts of the queue (called partitions) get hit with too many requests. Kafka is the open source queuing system that has become immensely popular, and is the reason why Confluent (CFLT) is growing so fast.
70 new integrations with 3rd party apps like Oracle WebLogic and Salesforce Commerce Cloud.
Continuous testing with a codeless Web Recorder
Cloud security management - yep, DataDog is entering the lucrative cybersecurity space by warning you about threats and misconfigured resources. And you can now “prevent attacks by blocking malicious IPs directly from Datadog and in one click.”
That’s just the top 5 I saw, there are at least 15 more feature announcements that you can read about at
Following these announcements, Canaccord has upgraded DDOG to a Buy.
Hey all. I found that Datadog’s announcements were scattered all over the place between PR, blogs, Dash keynote, and the IR meeting. Here’s a boil down of all the product news that I gathered across all those.
Lots in here to mull over but clearly moving into Security and Shift Left as they continue to deepen the Observability (o11y) features.
- they added Service Catalog (GA in Aug-22), a new capability in APM to catalog and track all distributed services within an organization and seamlessly tie in other capabilities like golden metrics, incident reporting, and viewing upstream & downstream dependencies
- they released Cloud Cost Mgmt (GA in AWS, others coming early 2023) to track the trends and changes in the costs of the underlying cloud infrastructure used in app stacks, and to tie those costs in as KPIs for DevOps to monitor and alert on
- they announced Data Streams Monitoring (in private beta), as a new capability for continuously monitoring event and data pipelines like Kafka, AWS Kinesis, and RabbitMQ, and the hierarchy of services built around them as producers, consumers, and queue handlers [no blog posts on this yet, but was featured in the keynote]
- they released CoScreen (GA), a tool for remote DevOps collaboration via screen sharing and video chat, as well announced a new tighter integration into Incident Management (in private beta) – which is from their acquisition of CoScreen in Feb-22
- they added Powerpacks (GA in Jul-22) as a way to create pre-defined dashboard templates used within an org
- they added OpenTelemetry support (GA in Oct-22), to enable using OpenTelemetry (OTEM) agents to send data to Datadog, and (vice versa) to use the Datadog agent to send data to 3rd-party platforms that support OTEM
- the blog highlighted o11y enhancements such as Sensitive Data Scanner being expanded from Log Mgmt to APM/RUM, a new Log Forwarder to 3rd-party services in Log Pipelines, and new PCI compliance for Log Mgmt & APM and HIPAA compliance across Log Mgmt & SIEM
- even more o11y enhancements include expanding test recording in Synthetics to mobile apps in iOS/Android, adding heat maps to RUM to see aggregate user behaviors for isolating UX patterns in front-end apps, a new no-code UI for building Observability Pipelines, and an expansion of products available in their new FedRAMP Moderate level platform in GovCloud [all only mentioned in a recap blog post]
- they released Continuous Testing (in GA), to create, manage, and run automated end-to-end tests over web apps via session recording in Synthetics, tying it in with APM & RUM, and integrating with a number of popular CI/CD pipelines
- added a new Intelligent Test Runner feature to CI Visibility (in beta), which leverages AI/ML to isolate the areas of an app that a code change will impact, and only run those tests – which greatly minimizes the time in developer feedback loops during the build stages of CI/CD
- added a new Dynamic Instrumentation capability in APM (in beta) to allow developers to inject and track real-time debugging information into code and 3rd party libraries running in production – which has to be from their Ozcode acquisition in Nov-21, but they made no mention [no blog posts on this yet, but was featured in the keynote]
- the release of Cloud Security Mgmt as a new overarching product line housing their cloud security products like CSPM and Cloud Workload Security (a CWP)
- announced a new Resource Catalog capability in CSM (in beta) for tracking all cloud assets to oversee all security and risk postures
- announced new Workload Security Profiles capabilities in CSM (in private beta) to leverage AI/ML in security to establish baseline profiles for services in order to isolate anomalous behaviors
- announced that their CSPM has now been extended to GCP (in beta)
- announced a number of enhancements to their new Application Security Monitoring product, including one-click remediation to block suspicious IPs, open-source library vulnerability tracking (SCA), and coming real-time native (in-app) protection capabilities (RASP) [no blog posts on this yet, but was featured in the keynote]
- also they recently announced a new security-focused blog in Jul-22 called Security Labs
- announced Workflows as a new no-code/low-code orchestration and automation tool (in beta) for running complex app & app stack processes and remediation playbooks across DevOps and Security use cases, with integrations to over 600+ actions over 10+ platforms like AWS, GitHub, Slack, Okta, Jira, Cloudflare, Fastly, PagerDuty, and ServiceNow [similar to a Monday or Asana tool for workflow automation, but for app stacks]
- announced a new Events Management capability in their core platform (in private beta), to leverage their AI/ML to automatically interconnect disparate events, alerts, security signals, and tracked incidents across the Datadog stack, in order to prevent investigation silos by unifying them and center team collaboration into a single interface [no blog posts on this yet, but was featured in the keynote]
- announced various enhancements to WatchDog AI/ML, including expanding Alerts (automated anomaly detection) and Insights (automated remediation tips) to more of the platform [no blog posts on this yet, but was featured in the keynote], plus highlighted the new Root Cause & Impact Analysis capabilities (GA in Aug-22)
What excited you most?
Hi Muji, you asked what excited us the most. Well you have to take what I say with a grain of salt as I’m no techie at all.
In Observability I’d vote for Cloud Cost Management and Data Streams Monitoring, and CoScreen too but a little less.
In Shift Left, Continuous Testing
In Security, Cloud Security Management sounds important.
And then Workflow Management could be important but I can’t really tell.
I admit it. I was excited every time I understood what one of the advancements does.
When you said…
They are “doubling down” on observability, moving deeper into more and more advanced capabilities to upsell into customers, and which helps them become an easier-to-use and stickier platform. Gartner projects this alone will go from a $41B market
in 2022 to $62B in 2026. APM and DEM, in particular, continue to be iterated on.
They are not only focused on visibility over app stacks (observability and now security) but also now on taking action, by allowing one-click remediation in their dashboards and through the use of automation capabilities to trigger responses. This is what SIEMs typically integrate as SOAR (security orchestration and automated response) – but for Datadog, we should leave out the “S” for Security, as their automation moves also apply to DevOps processes and app stack deploys.
With all the added complexity in the use cases Datadog is tackling, I’m most happy to see Watchdog develop into a more robust and wide spread offering. Hopefully, every enterprise will see the benefit of an increasing number of automated responses to what they’re observing and the upsell opportunities continue.
Thanks for the write up, Muji
If this is verging of course for this thread, please ignore. but, I’d like to ask…
With every direction Datadog is taking in their supporting Developers, I see Datadog moving toward becoming, if not a platform, than a bundle of tools available on a platform like GitHub for example.
And given, I wrote in my last post a quote from Muji’s Hhhypergrowth.com article describing some of what Datadog offers that is not specifically supporting developers.
What is an accurate biggest picture way of thinking about Datadog?
I don’t think it’s accurate to think in terms of 3 Pillars any longer
SSI has posted a brilliant review of DDOG’s product announcements:
Peter is an incredible product analyst and very generously shares his thoughts for free.
Peter Published this the same day I asked the question, with all his amazing thoroughness as well of course.
*All of the disparate components of the Datadog platform are relevant for a modern DevSecOps function. DevSecOps represents the shared interests of developers, operations and security personnel. It encompasses all of the principles of DevOps and infuses security into each step, with the overall mantra that application and infrastructure security issues should be addressed before they reach the production environment… all 21 of the individual modules displayed above are relevant for the combined DevSecOps function and remain within the scope of application delivery and hosting.
The user can easily navigate through modules by following the data, moving from one indicator to another until they have identified the root cause of the issue. This common platform facilitates a shared view across DevSecOps and “removes silos”, which were often the source of immense frustration as developers and operators argued over root cause because their “tools” showed different interpretations of the data.
And that is why point solutions, even free open source alternatives, will always introduce a handicap for the DevSecOps team. If several solutions are bundled together to address all monitoring functions (going far beyond just logs, metrics and traces), they will create drag for the team, as operators have to go back in time and start toggling again. Datadog’s value is in the shared view and common data plane across all facets of the platform, because it saves time and eliminates arguments. It’s all or nothing to make observability really work.*
This is really an amazing forum!
And while it may appear that some of the newer additions to the platform, like security or developer experience, may be feature islands off on their own, Datadog has been very selective in the functions they are choosing to address. For security, the modules are grounded in application security, SIEM and the cloud infrastructure workload. Datadog isn’t trying to do endpoints, because those are outside the purview of a DevSecOps function. Similarly, for developer experience, they are focusing on the integration and testing steps that precede the production environment. These by definition represent the connection points between developers, operators and security teams, I didn’t need to wait even one day for an amazing answer to my above question.
Oh sweet the new forum will auto-quote if you highlight some text and hit reply. So much more friendly on mobile! (As I type this on my phone)
Anyhow, 3 pillars is still apt way to think about Observability (their core) … covering the metrics, logs, and traces. But yes they are expanding even there. I like the deeper moves in APM (RUM, Synthetics, Continuous Profiler) plus now moving observability deeper into other parts of app backend like databases and now data streaming platforms.
From there they are pushing right and left. Right into security, trying to protect the app stack infrastructure they are already instrumented into and allow security teams to oversee the DevOps teams that ultimately have to fix the issues and close the gaps. And shift left into developer concerns around code and CI/CD pipelines. These move them into new markets against more established security players in CNAPP as well as DevOps platforms like GitLab.
I love to see their focus on core DevOps users throughout as they expand their product lines and audience. New features like cloud costs and cloud/app security are approached from the perspective of the developer and ops teams, so even those are pushing their advantage in DevOps as they move into finance and sec engr users. As I asked about on IR Q&A, the CEO said even their new workflow automation tool is focused on DevOps and sec use cases … aka they are staying in their wheelhouse and improving the usefulness and stickiness of their platform. Peter and I both see them moving into product analytics and other BI tools from here - but again, all through the lens of “how does this make the DevOps team work better and more efficient”.
I loved this very clear summation from Peter Offringer’s news letter (bolding is mine):
Once again, they stepped up the pace, highlighting 18 separate product announcements versus 10 at Dash a year ago. The breadth and scope of their product reach continues to expand.
While the feature list is sprawling, Datadog’s product strategy is consistent. They remain focused on serving all needs of a modern DevSecOps function from a unified interface and shared data set. This creates advantages in efficiency and clarity over bundling together multiple open source and commercial point solutions, eliminating toggling between tools and reconciling inconsistent performance indicators. While Datadog reaches further into new areas like developer tooling and security, they are disciplined about delivering what is relevant for a DevOps context. This deliberate strategy should allow them to continue to grow their addressable market without infringing on core offerings of entrenched competitors in adjacent categories.