Lacework vs. Datadog
Modern cloud security demands more

Secure your environment with an end-to-end platform created by security innovators, not a rules-based SIEM with limited functionality

See the difference

By submitting this form, you agree to our privacy policy.



Secure from build to run from one place

Lacework Polygraph® Data Platform
A single platform for full build time and runtime protection Consolidating to a single interconnected platform provides the context needed for faster decision making while reducing overall spend
Correlates build time and runtime data for full cloud visibility and protection from a single platform
Datadog is an incomplete CNAPP1, lacking build time vulnerability scanning and infrastructure as code (IaC) security
Behavior-based threat detection, rules optional Identify suspicious behavior in your cloud, without the manual effort of writing rules
Builds a baseline for cloud activity, then flags anomalies
Datadog uses a rules-based SIEM for cloud detections which can lead to gaps in threat visibility and the potential for high data ingestion costs
Infrastructure as code security Find and address security risk at the earliest stage possible
Automates security guardrails early in IaC development to avoid cloud misconfigurations
Datadog lacks IaC security (as of 04/2023)
Agentless data ingestion Quickly assess risks from vulnerabilities, misconfigurations, and exposed secrets across cloud workloads, without the use of agents
Offers plugin scanners, snapshots, and API ingestion to get cloud activity data
Datadog lacks agentless scanning functionality, which is a critical component to comprehensive cloud security (as of 04/2023)
Attack path analysis Agentless attack path analysis capabilities can help prioritize risks and speed alert triage and response
Contextualizes cloud breach path exposures
Datadog lacks attack path analysis, which supports customers in speedy alert triage and response (as of 04/2023)
Custom vulnerability scoring Create operational efficiencies by reducing vulnerability noise via a custom risk score
Combines industry insights with context specific to environment to prioritize risks
Datadog has gaps in visibility and does not prioritize based on a unique customer environment
Cloud Infrastructure Entitlement Management (CIEM) Prioritize identity risks, while detecting identity-based attacks
Lacework surfaces your riskiest cloud identities, while using anomaly detection to pinpoint identity-based threats
As of 6/23/2023, Datadog doesn’t offer CIEM capabilities

1 2023 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
2 Frost Radar™: Global CNAPP, 2022

Customers love Lacework

3 reasons why customers choose
Lacework over Datadog

Lacework is a CNAPP leader with deep cloud expertise.

Since 2017, Lacework has offered a complete CNAPP with both agent and agentless protection. Analysts have rated Lacework a leader; Datadog has been left off the list.1, 2

Lacework can operationalize security in minutes.

With agentless deployment, Lacework can add quick value. Datadog has no agentless deployment, and teams can get bogged down by its manual, rules-based approach.

Datadog lacks modern security features.

A maturing cloud security practice should be supported by a single platform.2 Datadog lacks critical build time security features, which will have you fixing issues when they’re most costly.

Make everything you build cloud secure

Stop costly mistakes at the source

Fix vulnerabilities and misconfigurations before they hit production. Add security checks early in development, including infrastructure as code (IaC) scanning. Empower developers to scan locally, in registries, and CI/CD while building, at scale.

Develop code with security built in

Prioritize your most exploitable risks

Tie together risk factors — vulnerabilities, misconfigurations, network reachability, secrets, and more — to see how attackers can compromise your cloud. Automatically connect with insights into what’s happening in runtime to prioritize critical risks, investigate faster, and even see suggestions for remediation.

Shine a light on what’s running

Know your cloud and its weak spots

Deploy agentlessly to understand cloud risks in minutes. Get instant visibility into what’s deployed, how it’s configured, and pinpoint vulnerabilities and misconfigurations. We scan everything – workloads, container images, hosts, and language libraries – so no secret can hide.

Uncover cloud account compromise

Our patented Polygraph® technology continuously learns your normal to root out suspicious and unusual behavior. Data-driven monitoring reveals compromise and the resulting blast radius. Rich context helps you quickly understand what happened, how, and where to fix it. Our patented approach not only automates threat detection, but can also significantly reduce your SIEM ingest costs too.

Find threats known and unknown

Continuously protect critical applications and environments with our workload and container security agent. Find new risks lurking in production and understand changes in behavior. Our data-driven approach connects the dots to detect known and unknown threats – even zero day attacks. And do it all automatically without endless rule writing and deep security expertise required.

Fewer tools. Faster outcomes. Better security.


See value in less than 1 week

2 – 5

Average tools replaced


Reduction in alerts

Ready to see our CNAPP in action?