The foundation of a secure SaaS platform
Webdox was built to help enterprise organizations manage contracts as strategic business assets. Across Latin America’s financial services, energy, telecommunications, and retail sectors, that means giving legal and commercial teams the control, traceability, and intelligence they need. For these enterprise customers, security isn’t a backstage concern—it’s a core part of what they expect from a platform handling their most sensitive contracts. For Webdox’s security team, that trust isn’t incidental to the business. It is the business.
To secure it, Webdox built a mature, three-part security function. A compliance team maintains the certifications that enterprise customers require. A Blue Team manages internal device configuration, account security, and defensive monitoring. A Red Team tests the platform’s defenses through offensive security exercises, probing for vulnerabilities before adversaries can find them. Together, the three teams form the backbone of Webdox’s CyberSOC—its Security Operations Center—responsible for monitoring, protecting, and continuously improving the security posture of a platform that handles contracts at scale across the region.
As Webdox grew, the team saw an opportunity to build something better. Security logs, alerts, and metrics were spread across five or six separate tools, each requiring custom configurations to share information across platforms. With a lean security team managing a growing and complex environment, César Torres, VP of Security at Webdox, recognized that this was the moment to consolidate—redirecting the time spent on integration maintenance toward higher-value security work. “We wanted one platform, one view, and a team that could focus entirely on building a stronger security program,” says Torres.
The compliance picture presented the same opportunity. Webdox holds ISO 27001, ISO 27701, ISO 27018, ISO 42001, and SOC 2 certifications—and with each renewal cycle, the bar rises. Preparing evidence manually—walking auditors through server configurations cluster by cluster, producing static snapshots on demand—was a process the team knew could be better. They wanted to arrive at future audits with something more scalable, more automated, and more reflective of the security program they were building.
To get there, the team needed to stop managing security and observability through a patchwork of disconnected tools and build something that could scale with them.
From fragmented tools to a unified CyberSOC
The decision to consolidate wasn’t triggered by a single incident. It was the product of a growing realization: the security team’s maturity model had outgrown its tooling. Webdox’s environment spans the Google Cloud Platform (GCP) as its primary cloud provider, alongside Elastic Cloud, MongoDB Atlas, Qdrant, and OpenAI services—a complex, multi-platform stack that demanded a security approach to match. Rather than running multiple platforms in parallel, the team made a deliberate call: consolidate onto Datadog, deprecate the other tools, and rebuild it as the single foundation of the CyberSOC. “Building our security strategy on Datadog meant we could finally monitor user behavior, attack surface, and infrastructure all in one place. That unified view is what makes our security team effective,” says Torres.
The impact was felt immediately. Native integrations with the tools Webdox considered most critical, including Microsoft Defender and Intercom, meant the team wasn’t starting from scratch. Pre-loaded detection rules gave them a strong baseline on day one, with the flexibility to build custom rules on top as their environment evolved. The difference from their previous experience was stark. A Microsoft Defender integration that had consumed three weeks of effort with another tool, without ever fully working, was completed in Datadog in under a week—with a live dashboard, metrics, and real-time alerts flowing to the Blue Team. “Before, we spent three weeks trying to get that integration working with no good result,” says Torres. “With Datadog, in one week we had the dashboard, the metrics, and the team receiving notifications.”
That speed of integration compounded across the stack. As the team built out the CyberSOC, they continuously refined their rules, tuned their alerting, and expanded their integrations—all within a single platform. With all logs, alerts, and security signals flowing into one place, the Blue Team and Red Team were finally working from the same data source. Tasks that had previously required dedicated maintenance time were simplified to the point where the entire team could participate. Responsibilities that had been bottlenecked through one person were distributed across the team—one engineer focused on integrations, another on rules—all within the same ecosystem. “Before, we had one person spending most of their time just modifying integrations and fixing logs,” says Torres. “Now with Datadog, it’s much simpler. The whole team can contribute.”
“The decision was clear—we needed one platform that could do it all. Datadog became the cornerstone of our security strategy and it’s transformed how our security team operates.”
Compliance as a competitive advantage
Unifying the CyberSOC on Datadog didn’t just solve an operational problem—it changed what was possible on the compliance front entirely. What had been a manual, reactive exercise became a continuous, automated capability, and what had been a burden became a differentiator.
Cloud Security Management gave the team complete visibility into the compliance posture of every project and critical service package across their GCP environment, measured continuously against the international standards that matter most to their enterprise customers: ISO 27001, ISO 27701, ISO 27018, ISO 42001, SOC 2, NIST, and CIS benchmarks. The static, point-in-time snapshots that auditors had previously required were replaced by live dashboards tracking configuration compliance, vulnerability status, and security posture trends over time. “What auditors want to see isn’t that you were compliant on one day,” says Torres. “They want to see that you’ve been consistent. That’s what the dashboard gives us.”
The operational shift was just as significant. Common vulnerabilities and exposures (CVEs) flagged through GitLab are piped directly to Datadog, flowing into a single alert stream with clear ownership and response timelines tracked to resolution. What previously took an average of 18 days to resolve now takes 6, security incidents requiring escalation have fallen 35% year-over-year, and MTTR has improved by 25% year-over-year.
With Datadog, Webdox can now meet that expectation visibly and in real time, showing customers compliance rates, key rotation policies, and configuration standards at a glance. A certification cycle that once required three weeks of manual audit preparation now takes three days, freeing over 200 hours annually for higher-value security work. “Our customers are entrusting us with their most critical business agreements. Being able to demonstrate our security posture continuously, not just at audit time, is how we honor that trust,” says Torres.
For a SaaS platform built on the confidence of enterprise organizations across Latin America, that shift from manually assembled evidence to continuous, real-time security intelligence is significant. It means Webdox can grow its customer base, expand into new markets, and take on more complex compliance requirements without rebuilding its security foundation each time. Looking ahead, the team sees Datadog as central to that trajectory, providing the visibility, threat detection, and response capabilities that will allow Webdox to continuously raise its security standards and protect customer data as the platform grows across Latin America.
“When you can monitor threats, demonstrate compliance, and respond to incidents from a single platform, security starts being a competitive advantage.”