Datadog's Cloud Workload Security (CWS) now analyzes DNS activity in addition to file and process activity to detect security threats in real time. This new feature provides visibility into DNS lookups, enabling detection of malicious activity such as cryptojacking attempts and data exfiltration. CWS includes out-of-the-box workload threat detection rules that flag suspicious activity, including unexpected password changes, web shell creations, and nmap executions. The platform also correlates related security signals to provide contextual information, helping users determine whether suspicious behavior is malicious. With the addition of DNS-based threat detection, Datadog's CWS provides another layer of protection for environments, detecting threats at the network level and providing a more comprehensive view of security posture.