Datadog (DDOG) announced innovative products and features at Dash 2020, its annual developer conference. Besides the regular updates that will have competitors wondering how a peer can be innovating so fast, we believe Datadog’s strategy of “breaking down IT silos” will have far-reaching effects in adjacent IT segments.
Going forward, the shifting reality for competitors in IT-Ops and SecOps is undeniable. Below, we explore some of the value-creating capabilities.
Security Operations/Cloud Security
Spending on Cloud Security is predicted to increase by 33% becoming a $585M market this year – Gartner
The growing adoption of cloud-based DevOps platforms is challenging the positioning of cybersecurity players. DevOps players have the first claim to cloud infrastructure assets and data lanes as DevOps teams are staffed from the application development stage to the deployment phase. As soon as a project hits production, the need to staff a SecOps team becomes more critical. This explains Datadog’s strategic focus on improving its shift-left (pre-production) testing and monitoring capabilities via the recent acquisition of Undefined Labs and the general availability of Private Locations for Synthetic Monitoring.
The primary copy on Datadog’s website positioned it as a “Modern monitoring and analytics platform” until last month. It is interesting to know that the text has now changed as it’s evident in hindsight that “analytics” is a category differential that doesn’t sell the real power of Datadog’s capabilities in cybersecurity. Today, the text positions Datadog as a “Modern monitoring and security platform.” By using shift-left testing capabilities to move the market towards its strong side, Datadog can innovate in DevSecOps to expand its total addressable market. Pre-production testing is where Datadog’s sales team gets to build lasting relationships with its customers as it evolves its SecOps and cloud security capabilities. This is a real competitive advantage.
As SecOps and cloud security players watch Datadog attempt to reinvent their secret sauce, they will wait to see how Datadog completes the recipe as it attempts to develop capabilities like threat intelligence, patch management, and threat prevention. This is where Datadog has to be innovative in its partnership strategy as it risks being perceived as an incubator for competitors to take-off by giving them capabilities in cloud infrastructure visibility and monitoring. Mutual collaboration appears to be the best option as DevOps and SecOps players can growth-hack each other’s platforms by providing customers with end-to-end DevSecOps solutions.
Source: Author (estimates)
We are adding threat intelligence enrichment to Datadog Security Monitoring. Threat intelligence provides valuable external context to ingested log events so you can more quickly triage Security Signals. – Source – Dash 2020
As expected, Datadog is improving its threat intelligence capabilities. Security-conscious customers are expected to push for depth and breadth when shopping for threat intelligence solutions. While its threat intelligence capabilities are compelling, Datadog will have to keep investing in improving its capability in this segment. The same logic applies to its vulnerability assessment and patch management capabilities. CVE coverage, risk scoring, risk prioritization, and patch management capabilities are technical advantages that vulnerability management players have developed to innovate in cloud security and SecOps. This explains Rapid7’s (RPD) strategic focus on the DevSecOps space via its acquisition of DivvyCloud. Qualys (QLYS) has also developed its cloud security and SecOps capabilities to play in the DevSecOps market.
Rapid7 is one of the cybersecurity players that is producing regular content on shift-left testing and other evolving trends in the DevSecOps space. Other players actively watching the DevSecOps space include Palo Alto Networks, (NYSE:PANW) CyberArk (NASDAQ:CYBR), and Check Point Software (CHKP). Network security and big tech players have made the traditional moves of innovating via internal product development or acquisitions to evolve their cloud security capabilities. Players like Palo Alto, IBM (IBM), Check Point, FireEye (NASDAQ:FEYE), Zscaler (NASDAQ:ZS), VMware (NYSE:VMW), and Broadcom have mostly acquired or developed capabilities in cloud security and security operations. Other cybersecurity companies with strategic acquisitions in cloud workload protection or cloud security posture management are no doubt aware of this trend.
Datadog also introduced capabilities in compliance security. With compliance monitoring, Datadog is evolving capabilities to enter the cloud security posture management (CSPM) subsegment of the cloud security market. Its ability to monitor servers, containers, cloud workloads, and Kubernetes environments mean it can also address the cloud workload protection platform (CWPP) sub-segment of the cloud security market. There is not much that potential endpoint security competitors can do about this, as it isn’t the best practice to use endpoint protection platforms to protect cloud workloads.
With compliance monitoring, Datadog can also offer identity and access management (IAM), and file integrity monitoring solutions. Access management and file integrity monitoring are two important and sizable segments of the cybersecurity market. As Datadog goes more granular in its cloud security capabilities, it has the potential to give IAM and file security vendors a run for their money. With IAM players, there might be roadblocks. Activities like device lockdown and privilege access control extend threat detection and threat hunting capabilities. Given that IAM players have the keys to the access control kingdom, DevOps players have to collaborate with IAM players to complete their SecOps strategy.
Going forward, there is a high probability that Datadog shifts its security strategy to align more with the SecOps space by using its logging capabilities to build SIEM and SOAR solutions. This is more compelling than a competitive positioning geared towards cloud workload protection or cloud security posture management. Datadog’s SecOps capabilities will be supported by its innovation in logging (Logging without Limits and Log Rehydration). This will also be assisted by its improving IT-Ops capabilities.
With incidents (incident management), Datadog blurs the line between DevOps, IT operations, and security operations teams. This is the stuff of future IT platforms.
Now, when you get paged by one of your integrated on-call services like PagerDuty or OpsGenie, the notification contains a link to the relevant in-app Datadog alert. Source – Datadog
The mobile app released at Dash serves as the platform for IT engineers to jumpstart their ITOps and cyber breach investigations.
While there won’t be a single ITOps platform that will emerge due to the preferences of developers for platforms like Slack (WORK), OpsGenie, and PagerDuty (PD), having a mobile app as the repository of key IT-Ops insights is a big boost for Datadog’s positioning in ITOps.
There is no doubt Datadog has widened its near term monetizable TAM (total addressable market) with its newly acquired capabilities in security and ITOps. Network and application visibility, monitoring, threat detection, and alerting are the core capabilities of modern security platforms. Elastic’s (ESTC) foray into SecOps via its acquisition of Endgame is a close comparison to Datadog’s security evolution. While Elastic is positioning itself as an endpoint security and SIEM platform with superior data analytics capabilities via its search technology, Datadog is leveraging its first-class insights about cloud assets and resources to build its cloud security capabilities into an all in one platform for IT teams. This market positioning is how Datadog sets itself apart from similarities with Elastic, which appears to be its closest rival in terms of DevSecOps capabilities.
The overall implication of Datadog’s value creation capabilities is huge. With its SecOps and incident management capabilities, CTOs and CISOs of cloud-native enterprises can architect a DevSecOps solution that achieves incident resolution at the set MTTR (mean time to restore) while also achieving Zero Trust security capabilities. This is a hard task given Datadog’s limited capabilities in threat prevention and cloud access security. We expect these DevSecOps engagements to be paired with multiple partnerships.
Lastly, the unlocked potentials in its Network Monitoring product shouldn’t be underestimated. The network traffic analysis market is a sizable market that can further expand Datadog’s total addressable market.
Category Parity & Difference
To improve the capabilities of its current offerings, Datadog introduced a couple of impressive features. These include continuous profiling, Synthetics CI/CD testing, Recommended Monitors (Smart Alerting as Instana appears to own a trademark on the keyword “Smart Alerts”), and error tracking. Datadog also introduced Mobile Real User Monitoring for mobile apps.
There is a revenue-sharing mechanism. I don’t think we’ve announced it publicly, but it’s already set up with those partners. And we’re ready. We’re going to — we’re in the market with that right now… And that’s the mechanism similar to what you see in AWS. Source – Datadog at Oppenheimer
With Marketplace, Datadog has launched a platform for DevOps enthusiasts and partners to build and share new capabilities. This is important given the recent open-source announcement by New Relic. Marketplace is a platform that can drive more revenue akin to offerings by Atlassian (TEAM) and Dynatrace. It is still early days for Marketplace; however, the potential inherent in the platform shouldn’t be overlooked.
Gartner’s latest magic quadrant lists Datadog as a visionary in the APM space behind leaders like Dynatrace (DT), New Relic (NEWR), Broadcom (AVGO), and AppDynamics (Cisco). Infrastructure is still the major driver of new logos for Datadog.
With the new capabilities, the potential for Datadog to land with more offerings is more compelling as it improves its APM and UX capabilities. These updates add more conviction to the assumptions that drive the financial models of Datadog’s growth factor. With these capabilities, the average deal size of new logos will grow. The upsell opportunity into the installed base also improves.
Other category differences include APM Live Search and new integrations. These include integrations with Amazon Firehose (which will leverage its superior logging capabilities) and BigPanda for root cause analysis.
With the category differentiating features, Datadog improves its win rate for new deals. DBNER also improves as churn is expected to reduce.
We will be hesitant to update our model. However, we will put more faith in bullish growth estimates provided by analysts. We believe these estimates have been baked into the current valuation. The game-changer is the cloud evolution that is unfolding. Datadog has DevOps, ITOps, and SecOps candies to prevent its customers from looking outside. Married with its flexible pricing model (consumption-based) and innovations like Logging without Limits and Tracing without Limits, the possibilities are endless.
If you enjoyed this article and wish to receive updates on our latest research, click “Follow” next to my name at the top of this article.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.