The IT Nerd

Contrast Security has announced a new integration that brings verified application runtime intelligence directly into Datadog Cloud SIEM. The integration enables Security Operations Centers (SOCs) to distinguish real application-layer exploits from background noise and then stop those attacks.  

Closing the Application Security Context Gap

Datadog’s State of Application Security report further highlights the scale of the problem, finding that although organizations face thousands of vulnerabilities, only 3% of critical vulnerabilities represent truly high-priority risks. And, according to Contrast’s Software Under Siege 2025 report, applications are attacked every 3 minutes on average, with more than 31% of viable exploits targeting weaknesses such as unsafe deserialization that perimeter tools routinely miss. 

Together, these findings underscore the urgent need for runtime visibility and high-confidence signals that separate genuine threats from the overwhelming noise of logs and low-fidelity alerts.

Many teams struggle to separate genuine application attacks from the flood of low-value alerts generated by perimeter tools. WAF alerts, for example, correlate to real exploits less than 0.25% of the time, forcing analysts to spend hours manually validating threats. Contrast ADR closes this gap by detecting and blocking attacks inside the application itself, then streaming verified alerts, including needed context, directly into Datadog Cloud SIEM as trusted triggers for automated workflows.

Verified Alerts, Automation-Ready

With this integration, joint customers can:

• Confidently detect and respond to application-layer attacks that evade traditional tools, including untrusted deserialization and OGNL injection, which can lead to data exfiltration and ransomware.
• Automate triage by sending verified alerts directly to your ticketing, chat, and case management systems, complete with the context developers need to investigate and respond quickly.
• Reduce Application Layer MTTR from days to minutes by feeding verified runtime intelligence into Datadog Workflows, thereby eliminating noisy alerts and speeding up response steps, with the ability to automate them.
• Accelerate remediation with Contrast SmartFix AI, which not only identifies the correct fix but also automatically generates pull requests, delivering ready-to-merge code changes that speed up repairs and improve productivity.

Availability

Datadog customers can find Contrast ADR in the Datadog platform. 

One year after launching Application Detection and Response (ADR) at Black Hat, Contrast Security is accelerating its mission to secure modern software from the inside out. While legacy AppSec tools struggle to keep pace with AI-accelerated pipelines and cloud-native environments, Contrast has delivered a new approach built on runtime context, AI-driven remediation, and shared visibility across Dev, AppSec, and SecOps.

Contrast Security’s ADR adoption reached 40% of its customer base, reflecting rapid market validation and strong demand for a runtime-native approach to securing applications and APIs in production.

The Northstar release, announced earlier this year, marked a major evolution of the platform. It unified detection, remediation, and observability into a single experience, powered by the Contrast Graph, a real-time behavioral model of the application layer that maps attack surface, defenses, vulnerabilities and more, providing the rich context app/API security demands. Northstar also introduced SmartFix, Contrast’s agentic AI for auto-generating validated code fixes, and Deployment Hub with Flex Agent, which makes it easy to scale ADR across complex enterprise environments.

According to Contrast’s Software Under Siege 2025 report, application-layer attacks now occur every 3 minutes, yet most security teams lack the runtime context to detect or respond in time.

This week, Contrast is expanding the reach of Northstar with two new ecosystem integrations that make runtime security even more accessible and effective:

• GitHub Copilot Integration – Developers can now apply AI-generated fixes that are validated by live runtime evidence, bridging the gap between detection and developer action. Unlike traditional AI suggestions that lack runtime context, Contrast SmartFix works with GitHub Copilot to generate secure code fixes based on runtime vulnerability details, proven exploitability, attack details, defenses available, and context from the Context Graph. This streamlines remediation by delivering ready-to-review pull requests that are both context-aware and safe for production, helping developers fix real issues faster without disrupting their workflow and ship with confidence.
• Sumo Logic Integration – Contrast attack telemetry now flows directly into Sumo Logic, enabling SOC teams to triage, investigate, and respond with full application-layer context. Security teams gain real-time visibility into exploit attempts, vulnerable code paths, and application behavior, all enriched through the Contrast Graph. By integrating runtime intelligence into existing SIEM workflows, organizations can stop breaches faster, reduce mean time to detect (MTTD), cut investigation overhead, understand the blast radius and close the loop between AppSec and incident response.

The updates to the Northstar release align with Contrast’s vision of securing software across the full lifecycle, from production back to code, with a single, unified platform.

Contrast ADR is the first runtime-native platform for defending applications in production, built to detect, block, and remediate real threats as they happen. By uniting developers, AppSec, and SecOps around the same runtime intelligence, Contrast ADR delivers the shared context teams need to act faster, fix smarter, and stop chasing noise.

The adoption of ADR has been especially strong in industries with the highest security and compliance demands, including financial services, healthcare, manufacturing, and technology. Organizations in these sectors are replacing legacy scanners and fragmented workflows with Contrast’s unified runtime platform to reduce time-to-fix, eliminate false positives, and improve real-world outcomes.

To see Contrast ADR in action, visit Booth #1861 at Black Hat USA 2025, or learn more at contrastsecurity.com.