Spacelift Enhances Container Security and Incident Response with Upwind’s Custom-Built gVisor Visibility
"The technical expertise we saw in the Upwind team and their average time of response were the key indicators that this would be a strong partnership — one that guarantees the security of our platform."
About Spacelift
Spacelift is a modern infrastructure-as-code (IaC) platform that helps DevOps teams manage complex cloud deployments securely and collaboratively. Known for its flexibility and performance, Spacelift operates public-facing EC2 workers where customer workloads run in isolated containers using gVisor, a security-focused sandbox. While gVisor offers powerful isolation, it also limits visibility — a critical challenge for security and operations teams. To address this, Spacelift partnered with Upwind, which delivered custom-built support for gVisor — giving Spacelift deep runtime visibility into container behavior while preserving strict tenant isolation.
Challenges
- Limited visibility into gVisor workloads made it nearly impossible to observe internal container behavior, forcing the team to infer security events from indirect indicators like CPU or network usage.
- Incident investigations were time-intensive, requiring manual correlation of logs across systems and delaying root-cause analysis.
- Balancing strong tenant isolation with security monitoring proved difficult, particularly when dealing with cryptomining attempts, misconfigurations, or abusive behavior.
- Zero Trust Approach — required deeper runtime insight to ensure customer data integrity and operational resilience — beyond “checkbox” security frameworks.
Solutions
- Upwind built support for gVisor, enabling Spacelift to gain process-level visibility into isolated containers from inside the platform, without an additional abstraction layer.
- Upwind’s runtime-powered detection drastically reduced incident response times, allowing engineers to see exactly what happened inside containers and take quick action — whether that meant alerting the customer, killing a malicious process, or preventing future abuse.
- Custom POC collaboration enabled rapid iteration, with Spacelift testing real-world attack patterns observed in wild malware samples, and Upwind delivering tailored features in record time.
- Dynamic network graphs and runtime vulnerability prioritization allowed the team to track service communication patterns, identify drift, and focus on real exploitable risks — not just theoretical ones
Visibility Inside Isolated Containers
Spacelift’s use of gVisor provided strong sandboxing and tenant isolation, but it came at the cost of visibility. The lack of runtime insight made it time-consuming to monitor network activity and understand events leading up to a security incident. Upwind’s gVisor feature solved this problem, providing Spacelift with full visibility into what was happening inside containers in real time. They could now trace every process, identify the actor behind it, and act decisively — all while preserving the container isolated gVisor was designed to enforce.
With Upwind, we can finally see inside each container without breaking isolation. If an abusive process is run in a customer’s environment, we know exactly what happened — and we can respond immediately, not hours later.”
Precision Detection and Accelerated Response
Before Upwind, identifying incidents was a slow, uncertain process. The team had to work backwards from symptoms like resource spikes or network anomalies, conducting detailed log-based investigations to reveal the source. Now, Upwind provides real-time visibility into each container’s execution, including detailed process activity, which has fundamentally changed their response workflow. Issues that once took hours to diagnose now take minutes, enabling much faster remediation.
A Security Partnership, Not Just a Vendor
The collaboration between Spacelift and Upwind was both technical and operational. During the proof of concept, Spacelift worked closely with Upwind engineers to test malware samples, abusive workload patterns, and failure scenarios. The Upwind team not only responded quickly but delivered new features tailored to Spacelift’s environment — including gVisor support.
We tried reaching out to other vendors, but Upwind was the only one who moved fast, built what we needed, and treated us like a real partner. That’s rare — and it made all the difference.”
Real-Time Architecture Awareness and Vulnerability Context
With Upwind’s network topology maps, Spacelift gained real-time insight into how services communicate within their multi-cloud environments. This helped identify drift from intended architecture, support documentation efforts, and improve operational awareness. Meanwhile, Upwind’s vulnerability engine correlates findings with live workloads — prioritizing vulnerabilities that are actively in use or pose a real risk.
Going Beyond Compliance
Spacelift holds SOC 2 Type II certification, but for their organization — compliance is only a foundation. Their broader goal is to build industry-leading security practices that go beyond paper checklists and directly protect their platform and customers. Upwind helps them achieve this by embedding runtime security directly into their operational workflows, giving them the tools to detect, respond, and harden their infrastructure in real time.
We don’t just want to tick compliance boxes. We want to build real security for the specific risks our business faces. Upwind makes that possible.”
Summary
By partnering with Upwind to deliver runtime visibility inside gVisor, Spacelift has fundamentally improved the security, observability, and efficiency of its multi-tenant infrastructure. What began as a unique challenge — isolating workloads while still needing deep visibility — became a success story in custom collaboration, fast execution, and mutual trust. Today, Spacelift uses Upwind to monitor containers in production, streamline incident response, reduce risk exposure, and provide security that goes far beyond regulatory obligations.
Uplift Your Cloud
Security Today
Schedule a meeting with a cloud security experts today to secure your cloud, reduce friction between your teams and proactively protect your cloud infrastructure and applications.
