Webdox builds a unified, enterprise-grade security operation on Datadog | Datadog
Webdox builds a unified, enterprise-grade security operation on Datadog

Case Study

Webdox builds a unified, enterprise-grade security operation on Datadog

About Webdox

Webdox is the leading AI-native contract lifecycle management platform in Latin America, built for large enterprises to operate contracts as strategic business assets—with full context, control, and governance.

Enterprise Software
Chile
“Datadog gives us the visibility and integration we need 
to strengthen our security posture without slowing 
down the business.”
case-studies/webdox/headshot-cesar-torres
“Datadog gives us the visibility and integration we need 
to strengthen our security posture without slowing 
down the business.”
César Torres VP of Security Webdox

Why Datadog?

  • Unifies security and observability in a single platform, eliminating the overhead of managing disparate tools
  • Native integrations with critical security tooling accelerate time to value from weeks to days
  • Continuous compliance monitoring against ISO 27001, SOC 2, ISO 42001, NIST, and CIS benchmarks replaces manual audit preparation
  • Scales security team capacity without increasing headcount

Challenge

As Webdox grew to support 800+ enterprise customers across 13 countries, its security team proactively set out to unify its tooling, accelerate threat detection, and build a compliance program that could scale—without sacrificing the speed of growth.

Key Results

18 days → 6 days

CVE resolution time

25% improvement

In MTTR year-over-year

200+ hours saved annually

On audit preparation per certification cycle

5–6 tools → 1

Security stack consolidated onto a single platform

The foundation of a secure SaaS platform

Webdox was built to help enterprise organizations manage contracts as strategic business assets. Across Latin America’s financial services, energy, telecommunications, and retail sectors, that means giving legal and commercial teams the control, traceability, and intelligence they need. For these enterprise customers, security isn’t a backstage concern—it’s a core part of what they expect from a platform handling their most sensitive contracts. For Webdox’s security team, that trust isn’t incidental to the business. It is the business.

To secure it, Webdox built a mature, three-part security function. A compliance team maintains the certifications that enterprise customers require. A Blue Team manages internal device configuration, account security, and defensive monitoring. A Red Team tests the platform’s defenses through offensive security exercises, probing for vulnerabilities before adversaries can find them. Together, the three teams form the backbone of Webdox’s CyberSOC—its Security Operations Center—responsible for monitoring, protecting, and continuously improving the security posture of a platform that handles contracts at scale across the region.

As Webdox grew, the team saw an opportunity to build something better. Security logs, alerts, and metrics were spread across five or six separate tools, each requiring custom configurations to share information across platforms. With a lean security team managing a growing and complex environment, César Torres, VP of Security at Webdox, recognized that this was the moment to consolidate—redirecting the time spent on integration maintenance toward higher-value security work. “We wanted one platform, one view, and a team that could focus entirely on building a stronger security program,” says Torres.

The compliance picture presented the same opportunity. Webdox holds ISO 27001, ISO 27701, ISO 27018, ISO 42001, and SOC 2 certifications—and with each renewal cycle, the bar rises. Preparing evidence manually—walking auditors through server configurations cluster by cluster, producing static snapshots on demand—was a process the team knew could be better. They wanted to arrive at future audits with something more scalable, more automated, and more reflective of the security program they were building.

To get there, the team needed to stop managing security and observability through a patchwork of disconnected tools and build something that could scale with them.

From fragmented tools to a unified CyberSOC

The decision to consolidate wasn’t triggered by a single incident. It was the product of a growing realization: the security team’s maturity model had outgrown its tooling. Webdox’s environment spans the Google Cloud Platform (GCP) as its primary cloud provider, alongside Elastic Cloud, MongoDB Atlas, Qdrant, and OpenAI services—a complex, multi-platform stack that demanded a security approach to match. Rather than running multiple platforms in parallel, the team made a deliberate call: consolidate onto Datadog, deprecate the other tools, and rebuild it as the single foundation of the CyberSOC. “Building our security strategy on Datadog meant we could finally monitor user behavior, attack surface, and infrastructure all in one place. That unified view is what makes our security team effective,” says Torres.

The impact was felt immediately. Native integrations with the tools Webdox considered most critical, including Microsoft Defender and Intercom, meant the team wasn’t starting from scratch. Pre-loaded detection rules gave them a strong baseline on day one, with the flexibility to build custom rules on top as their environment evolved. The difference from their previous experience was stark. A Microsoft Defender integration that had consumed three weeks of effort with another tool, without ever fully working, was completed in Datadog in under a week—with a live dashboard, metrics, and real-time alerts flowing to the Blue Team. “Before, we spent three weeks trying to get that integration working with no good result,” says Torres. “With Datadog, in one week we had the dashboard, the metrics, and the team receiving notifications.”

That speed of integration compounded across the stack. As the team built out the CyberSOC, they continuously refined their rules, tuned their alerting, and expanded their integrations—all within a single platform. With all logs, alerts, and security signals flowing into one place, the Blue Team and Red Team were finally working from the same data source. Tasks that had previously required dedicated maintenance time were simplified to the point where the entire team could participate. Responsibilities that had been bottlenecked through one person were distributed across the team—one engineer focused on integrations, another on rules—all within the same ecosystem. “Before, we had one person spending most of their time just modifying integrations and fixing logs,” says Torres. “Now with Datadog, it’s much simpler. The whole team can contribute.”

“The decision was clear—we needed one platform that could do it all. Datadog became the cornerstone of our security strategy and it’s transformed how our security team operates.”

Compliance as a competitive advantage

Unifying the CyberSOC on Datadog didn’t just solve an operational problem—it changed what was possible on the compliance front entirely. What had been a manual, reactive exercise became a continuous, automated capability, and what had been a burden became a differentiator.

Cloud Security Management gave the team complete visibility into the compliance posture of every project and critical service package across their GCP environment, measured continuously against the international standards that matter most to their enterprise customers: ISO 27001, ISO 27701, ISO 27018, ISO 42001, SOC 2, NIST, and CIS benchmarks. The static, point-in-time snapshots that auditors had previously required were replaced by live dashboards tracking configuration compliance, vulnerability status, and security posture trends over time. “What auditors want to see isn’t that you were compliant on one day,” says Torres. “They want to see that you’ve been consistent. That’s what the dashboard gives us.”

The operational shift was just as significant. Common vulnerabilities and exposures (CVEs) flagged through GitLab are piped directly to Datadog, flowing into a single alert stream with clear ownership and response timelines tracked to resolution. What previously took an average of 18 days to resolve now takes 6, security incidents requiring escalation have fallen 35% year-over-year, and MTTR has improved by 25% year-over-year.

With Datadog, Webdox can now meet that expectation visibly and in real time, showing customers compliance rates, key rotation policies, and configuration standards at a glance. A certification cycle that once required three weeks of manual audit preparation now takes three days, freeing over 200 hours annually for higher-value security work. “Our customers are entrusting us with their most critical business agreements. Being able to demonstrate our security posture continuously, not just at audit time, is how we honor that trust,” says Torres.

For a SaaS platform built on the confidence of enterprise organizations across Latin America, that shift from manually assembled evidence to continuous, real-time security intelligence is significant. It means Webdox can grow its customer base, expand into new markets, and take on more complex compliance requirements without rebuilding its security foundation each time. Looking ahead, the team sees Datadog as central to that trajectory, providing the visibility, threat detection, and response capabilities that will allow Webdox to continuously raise its security standards and protect customer data as the platform grows across Latin America.

“When you can monitor threats, demonstrate compliance, and respond to incidents from a single platform, security starts being a competitive advantage.”

Resources

case-studies/atem_group

case study

ATEM Group revolutionizes IT management with Datadog and BW Soluções
case-studies/glovo-thumbnail

case study

Glovo builds an enterprise-wide culture of security with Datadog Cloud Security
solutions/201909-new/solutionsbriefs_secanalytics_200220_final

solutions

Security Analytics