New functionality helps AWS Lambda and Step Functions users leverage services instrumented with OpenTelemetry, troubleshoot issues faster, and detect security threats and vulnerabilities
Datadog, the monitoring and security platform for cloud applications, announced expanded security and observability support for AWS serverless applications built on AWS Lambda and Step Functions services. The functionality announced today at AWS re:Invent helps AWS Lambda and Step Functions users detect security threats, get a high-level overview of how their state machine performs at a single point in time and monitor services instrumented with OpenTelemetry.
Serverless applications eliminate the need to provision and manage infrastructure components, including servers, databases, queues and containers, so teams can focus on writing code while minimizing operational overhead. These applications also come with unique challenges as they must be monitored and secured differently than traditional ones. Datadog already provides out-of-the-box observability for AWS serverless applications and today expanded these capabilities to include:
- Support for W3C Trace Context Propagation Across All Lambda Runtimes: Teams can now view complete distributed traces across upstream and downstream services instrumented by various OpenTelemetry-compatible instrumentation libraries. This provides teams with improved visibility into their serverless applications so they can efficiently troubleshoot any issues.
- AWS Lambda OpenTelemetry API Compatibility Custom Instrumentation: Developers can now use vendor-neutral code instrumentation to submit custom OpenTelemetry spans from Lambda applications to Datadog in Node.JS and Python runtimes, allowing them to adhere to open source standards.
- Threat Detection for Serverless Applications Deployed on AWS Lambda Functions: The new support enables both DevOps and security engineers to detect and protect against attacks targeting their applications running on AWS Lambda functions.
- Open Source Vulnerability Detection for AWS Lambda Functions: Available in public beta, this capability provides engineers with real-time, continuous vulnerability detection in third-party libraries that are being run in their AWS Lambda applications.
- AWS Step Function Execution Visualization on State Machine Maps: To make troubleshooting issues within AWS Step Functions easier, developers can see the exact path of a Step Function execution, drill into anomalous executions and identify problematic states with ease.
“Datadog helps us detect attacks against our serverless applications and triggers an automated response to block those attempts as they happen,” said Micha Katz, CISO at Yellow Card. “Application Security Management was simple to enable and further configure to meet our needs. It provides an informative, well-organized UI, where we can drill into attack details, trigger additional actions using predefined workflows, and gain important insights that help us calibrate and optimize our detection rules. Additionally, we can better prioritize our remediation efforts within our service layers with vulnerability detection and contextualized severity ratings.”
“Securing serverless applications can be a unique challenge because they are highly distributed and comprise several ephemeral, stateless components,” said Vikram Varakantam, Senior Director of Product Management at Datadog. “By providing full visibility into serverless applications on AWS Lambda, Datadog Application Security Management’s threat detection capability helps DevOps and security teams understand and prioritize the risks and attacks associated with their serverless applications so that they can work to resolve and mitigate any potential breach.”