Scaling unified threat detection and response across a global media platform

Arc XP is a cloud-native digital experience platform powering more than 2,500 websites across 24+ countries and serving over 1.5 billion unique visitors each month. Operating at enterprise scale, Arc XP continuously advances its security and observability capabilities to ensure real-time threat detection, coordinated incident response, and resilient performance across its hybrid cloud environment.

With teams fully distributed across security, DevOps, and IT operations, Arc XP sought to streamline security visibility across multiple systems as its AWS hybrid environment scaled. Security signals, investigations, and incident response workflows were scattered across multiple systems, introducing operational inefficiencies and limiting real-time correlation across systems. Maintaining complete and auditable case histories for compliance was labor-intensive, further taxing the team.

As Arc XP expanded its platform to serve more clients and digital properties, these inefficiencies threatened to outpace the organization’s ability to respond effectively to threats. The company needed a solution that could centralize security data, prioritize the riskiest alerts, and simplify workflows for analysts, engineers, and Security Operations Center (SOC) teams.

Unifying threat detection, case management, and incident response

As part of its enterprise-scale security architecture, Arc XP partnered with Datadog to further unify observability across its stack. At the foundation was Datadog Flex Logs, which introduced scalable, cost-efficient log retention across Arc XP’s workloads and enabled consolidation of fragmented log data into a single platform. This gave teams shared, real-time context that now underpins both Security and DevOps—enabling a more proactive, data-driven engineering culture with enhanced cross-team visibility.

“With Datadog Flex Logs, we have significantly more functionality, and it's much easier to visualize what's happening across our environment. We're able to detect more granular details that strengthen our firewall protections. The experience is now seamless and consolidated into a single platform.”

On that foundation, Arc XP implemented a blended solution that unified Cloud SIEM, Case Management, and Incident Management, enabling it to prioritize the riskiest alerts with actionable insights, resolve incidents faster through structured workflows, and maintain audit-ready case histories. For a platform trusted by leading global media brands, security and reliability are not support functions—they are foundational to customer trust and business continuity.

With Cloud SIEM, the team gained the ability to normalize security data across cloud and on-prem environments. Risk-based insights enabled analysts to focus on high-impact threats, while correlation of identity, configuration, and activity data made it possible to detect subtle attack patterns that might otherwise go unnoticed. “As our platform scaled, we needed a more unified way to correlate activity across systems,” says Ian Gallagher, Senior Security Engineer at Arc XP. “With Cloud SIEM, we can detect and investigate threats from a single place—it’s changed the way we work.”

At the same time, Incident Management capabilities simplified response workflows. Automated alert routing, structured on-call schedules, and collaboration tools enabled SOC analysts and DevOps teams to triage and escalate incidents more efficiently. “Datadog’s Incident Dashboard has become essential for us,” says Angelica Marinho, Site Reliability Engineer at Arc XP. “We use it daily to track issues and report on performance. Having a consistent, centralized view has helped us organize our response processes and identify where we can improve.”

Finally, Datadog Case Management helps ensure that every investigation into a threat is documented with full context, evidence, and timelines. This supports regulatory compliance and enables continuous improvement.

Extending defense in depth across the stack

To strengthen its defense-in-depth strategy, Arc XP also adopted Datadog Application and API Protection, which extends detection beyond the edge to the application layer. By using distributed trace data, the team can now identify abnormal request patterns and signs of attacks that their WAF may miss, enabling detection and remediation earlier in the attack chain.

Arc XP also uses Datadog Cloud Security to continuously monitor its AWS environment for misconfigurations, risks, and policy violations. As an AWS Certified Partner operating a cloud-native platform purpose-built for global media organizations, Arc XP follows best practices for cloud governance and compliance. Datadog’s automated findings and risk-based prioritization make it easy for engineers to focus on what matters most while maintaining compliance across a growing hybrid cloud footprint.

Finally, with Datadog Code Security and Dependency Security, Arc XP gains visibility into vulnerabilities and insecure code paths early in the development life cycle. “We use nearly everything in the security suite,” says Gallagher.

“Datadog complements Arc XP's broader security architecture and governance framework. It helps us enhance continuous, proactive threat detection across a globally distributed platform.”

Faster threat response, efficiency gains, and scalable security operations

Arc XP achieved immediate and measurable results after adopting Datadog, significantly reducing mean time to detection (MTTD) and mean time to resolution (MTTR) and enabling analysts to respond faster to potential threats. “Datadog has made our investigation process dramatically faster,” says Gallagher. “What used to take hours of piecing together logs and alerts now takes minutes, ingesting significantly more security signals without increasing overhead.”

Just as importantly, the team gained consistency and confidence in their operations. Cloud SIEM and Case Management now provide structured workflows that ensure consistent visibility and tracking of all actionable alerts. Centralized visibility gave teams a single view of logs, alerts, and cases, eliminating fragmented workflows and improving situational awareness.

Operational efficiency improved dramatically, with analysts saving 2-4 hours per week per engineer—a 20% reduction in time previously spent on manual triage, documentation, and other processes and workflows. Collaboration across security, DevOps, and IT operations teams also became smoother and more effective. Datadog Incident Management, in particular, has made it much easier to involve the right people from various departments during incidents. “We’ve been able to bring together threat detection, incident management, and case tracking into one workflow. This level of unified integration significantly enhanced our cross-functional collaboration,” says Gallagher. “Security, SRE, and engineering can all see the same incident timeline and contribute directly, which cuts down on back-and-forth and improves response times.”

As Arc XP’s platform and customer base continue to grow, Datadog has also enabled the team to scale without adding headcount. With Cloud SIEM and its standardized attributes and Open Cybersecurity Schema Framework (OCSF) enrichment, Arc XP can ingest more security signal sources and log data without increasing operational overhead. On the SRE and operations side, Case Management and Incident Management have reduced the number of moving parts (such as tickets, documents, and collateral) down to a single incident, and the specific tickets are automatically generated from it, simplifying coordination across teams.

“Datadog gives us confidence in our security posture at scale. We know we're not just reacting—we're proactively detecting and resolving issues before they become major incidents.”

Today, Arc XP is better equipped to detect sophisticated threats, respond efficiently, and scale security operations alongside business growth. By unifying security, incident, and case management, Arc XP has turned operational complexity into clarity, strengthening its foundation for ongoing digital innovation. “Datadog gives us a true end-to-end view of our security operations from code to cloud and across our threat landscape,” says Jason Taylor, Head of Cybersecurity, Arc XP. “It secures our applications, APIs, and cloud environments while unifying threat detection, case management, and incident response in a single platform. The result is simple: we scale faster, cut manual work, and make sharper decisions across the organization.”