Support 100% Independent Research With Our 7-Day Free Trial
Datadog (NASDAQ: DDOG), a leader in observability and security, is reportedly in advanced talks to acquire Israeli cybersecurity firm Upwind for approximately $1 billion, according to a report by Calcalist. The move comes just months after Upwind raised $100 million in a Series A funding round, valuing the startup at roughly $900 million. As Datadog continues expanding its product portfolio, especially in cloud-native security and AI observability, the potential acquisition of Upwind signals a strategic push deeper into cloud workload protection and runtime security. Upwind’s solutions—focused on real-time visibility, vulnerability detection, and attack prevention—could plug critical gaps in Datadog’s current security suite, which already serves over 7,500 customers, including more than half of the Fortune 500. As Datadog rolls out aggressive AI-driven features and logs-based SIEM enhancements, integrating Upwind may provide essential capabilities to secure highly dynamic cloud-native infrastructures. Below, we explore the key potential synergies and implications of this acquisition.
Enhancing Datadog’s Cloud Security Posture Management (CSPM) & Runtime Protection
Upwind has carved a niche in Cloud Workload Protection Platforms (CWPP), offering runtime visibility and real-time threat mitigation. While Datadog currently provides cloud security capabilities such as agentless infrastructure scanning and threat detection through its Cloud SIEM and workload protection tools, integrating Upwind could significantly bolster runtime security at the container and Kubernetes level. Upwind’s ability to track ephemeral workloads, enforce least-privilege policies, and alert based on actual runtime behavior would fill a strategic gap in Datadog’s product stack. This becomes particularly relevant as more enterprises shift to ephemeral, autoscaling infrastructure that traditional static scanning tools cannot keep pace with. The integration of Upwind’s capabilities could help Datadog differentiate in a crowded CSPM/CWPP market dominated by Palo Alto Networks, Wiz, Lacework, and Orca. Furthermore, with Upwind’s lightweight eBPF-based agent, Datadog could expand its zero-friction security monitoring across modern architectures without performance degradation—crucial for retaining DevOps user trust. A deeper integration of Upwind’s real-time enforcement with Datadog’s observability and incident response stack could make the platform more comprehensive for DevSecOps teams managing large-scale multi-cloud environments.
Strengthening Datadog’s Position In Kubernetes & Container Security
With Kubernetes adoption skyrocketing, container-level runtime security has become mission-critical. Upwind offers native Kubernetes protection with automatic mapping of workload behavior, identification of lateral movement risks, and prioritization of exploitable vulnerabilities based on live data. While Datadog’s existing container monitoring solutions already track metrics, logs, and traces from containerized environments, incorporating Upwind’s insights could transform Datadog into a full-stack Kubernetes security provider. Upwind enables context-aware alerting that reduces noise—only flagging vulnerabilities that are accessible from the internet or actively exploited. This would allow Datadog to deliver higher-fidelity threat detection, improving customer satisfaction and reducing alert fatigue. The ability to correlate container runtime behavior with observability telemetry from Datadog’s APM, Logs, and Infrastructure products could also give customers end-to-end context in incident investigations, accelerating remediation efforts. Moreover, with enterprise demand increasing for tools that support secure deployment pipelines (shift-left security), Upwind’s runtime feedback loops could feed valuable data back to Datadog’s Code Security and App Builder tools. Together, these integrations could lead to tighter alignment with DevSecOps workflows and higher average contract values in security-focused expansion deals.
Expanding Total Addressable Market & Accelerating Security Revenue Growth
Datadog reported that over 7,500 customers are now paying for its security products, which represents about 25% of its total customer base. This still leaves a substantial headroom to grow within its existing install base. Upwind’s technology could enable Datadog to expand deeper into cloud-native security use cases, unlocking upsell opportunities in the CWPP, CSPM, and Kubernetes security segments. Notably, many of Upwind’s currententerprise users likely overlap with Datadog’s observability customers, allowing for easier cross-sell opportunities. The addition of Upwind may also help Datadog compete more effectively in high-value security deals and potentially raise its win rate against best-of-breed security vendors that offer runtime protection and attack surface management. Furthermore, the transaction could push security revenues to a greater share of Datadog’s ARR—currently at a lower mix compared to observability—diversifying revenue streams and helping to offset any seasonal or usage-based fluctuations in core telemetry data products. As enterprises increasingly consolidate tools and vendors, an integrated security + observability platform becomes highly attractive, potentially making Datadog a more defensible long-term choice for large enterprises and regulated industries.
Aligning With Datadog’s Long-Term AI Strategy Through Secure Observability
One of Datadog’s most emphasized strategic themes in its recent Dash 2025 conference and Q1 earnings call was its commitment to building secure AI-powered observability tools. This includes LLM Observability, Agent Monitoring, and secure development workflows using Bits AI. However, as more organizations integrate AI agents into critical applications, the attack surface expands, and runtime behavior becomes harder to monitor with traditional rule-based tools. Upwind’s architecture and real-time detection capabilities are well suited for protecting ephemeral AI workloads, serverless functions, and cloud-native agents. Combined with Datadog’s Bits AI agents and APM/Logs/Infra telemetry, Upwind could help create proactive security loops where AI-generated code is not only deployed and observed—but also protected in real time based on behavioral anomalies. This is especially relevant as Datadog’s customer base in the AI-native sector (now 8.5% of ARR) continues to expand rapidly. Furthermore, the acquisition aligns with Datadog’s broader push into data security and compliance, with recent products like Flex Logs, Sensitive Data Scanner, and LLM prompt protection all converging toward a vision of unified, AI-secure observability. Upwind’s tools could serve as a foundational layer to support that vision.
Key Takeaways
Datadog’s rumored $1 billion bid for Upwind represents more than just a bolt-on acquisition—it reflects a calculated bet on the convergence of observability and real-time cloud-native security. The synergy appears strong on paper: Datadog would gain deeper container and runtime protection capabilities, expand its security revenue base, strengthen its Kubernetes positioning, and reinforce its AI observability ambitions. However, integrating Upwind’s eBPF-based technology stack with Datadog’s existing infrastructure could pose engineering and performance challenges. There is also competitive risk, as security-focused rivals like Wiz and Palo Alto are aggressively innovating and expanding. Financially, while Datadog has sufficient cash reserves, a $1 billion acquisition for a recently valued $900 million startup could face scrutiny depending on the timing of revenue realization. Ultimately, if executed well, the acquisition could sharpen Datadog’s competitive moat in cloud security—but if integration or product overlaps are mismanaged, it could become a costly distraction. Whether or not the deal materializes, it underscores the strategic importance Datadog places on becoming not just a top observability vendor, but a full-spectrum security platform for the AI-native enterprise.
