Validator-e

Reinventing CSPM with Dynamic Testing of Security Risks

Denise Ashur

By Denise Ashur

Oct 30, 2025

In modern cloud environments, risk moves between developers pushing new code, operations managing infrastructure, and security teams overseeing the broader threat landscape. In addition to the shared risk and collaboration challenges, teams are also often inundated with thousands of configuration alerts on a daily basis, making it difficult to prioritize truly critical risks with evidence of real-world impact on their business.

How to See the Full Picture, Not Just Alerts

In order to simplify security teams’ daily operations and boost productivity, we are excited to introduce a new layer of context to Upwind’s platform that will dynamically test and validate exposure and improve any risk findings with real-world conditions. Instead of relying solely on alerts and configuration data, Upwind will now dynamically test whether assets are truly reachable from the internet and whether a misconfiguration translates into a live risk. The result is operational clarity that enables teams to move with speed, as well as evidence-backed prioritization and measurable efficiency for security leaders who are tasked to drive organizational impact.

Evidence that Powers Organizational Impact

Upwind already performs dynamic testing on APIs to find and validate OWASP and application risks, and with this latest release, we are extending this very same concept with a dynamic, runtime-centric and real-time approach to CSPM. This dynamic evidence elevates cloud security teams and proves the validity of risks.

With this release, we are extending configuration analysis with a validation layer that runs controlled, protocol-aware checks against live cloud environments- determining which resources can actually be reached externally and which exposures are exploitable in practice. 

For example, Upwind now tests against findings, such as:

  • EC2 instances running Jenkins that are exposed to the public internet and verifies whether they are vulnerable to a known Remote Code Execution (RCE) flaw.
photo_2025-10-28-19.07.42
Single-finding-side-panel-3-1
  • Potential exposures of sensitive data in Amazon S3 by attempting to connect to the S3 bucket and verify whether sensitive or personally identifiable information (PII) can be accessed.
Single-finding-side-panel-4
  • Publicly accessible Amazon RDS database instance, by attempting to connect to the RDS instance to confirm accessibility.
Single-finding-side-panel-2-1

As a result, this capability turns posture findings into verified, evidence-backed results that can immediately guide remediation and risk reporting. By combining configuration context with runtime-style validation, teams gain a complete picture of exposure that drives better decision-making and faster action.

Upwind’s Validation Engine

At the core of this capability is a playbook-driven validation engine. Each playbook executes modular, protocol-aware steps, such as external reachability checks, handshake verifications, and optional CVE behavior verification. This allows teams to tailor validation across different resource types while maintaining safety and reproducibility.

Single-finding-side-panel-1

Key capabilities include:

  • Playbook-driven engine: Modular and extensible validation logic designed to adapt across cloud services.
  • External reachability checks: Live probes confirm whether assets are actually accessible from the public internet.
  • Controlled CVE verification: Optional, non-destructive proof-of-concept checks confirm known CVE behavior when deeper testing is required.
  • Step-level evidence: Each validation produces structured outputs, screenshots, and reproducible commands.
  • Prioritization of real risk: Noise findings are filtered out, leaving only verified exposures that demand attention.

The result is a concise and defensible set of validated findings that teams can act on immediately.

“We don’t just want to tick compliance boxes. We want to build real security for the specific risks our business faces. Upwind makes that possible.”

-Wojciech Syrkiewicz-Trepiak, VP Security, Spacelift

Redefining How Teams Ascertain Risk

Without validation, posture management remains theoretical. Security leaders must rely on assumptions when reporting exposure or allocating remediation effort. Upwind eliminates that uncertainty by providing runtime evidence at the CSPM layer.

Single-finding-side-panel

With the Upwind’s dynamic CSPM, teams can:

  • Reduce alert fatigue by validating which findings represent real, reachable risks.
  • Accelerate remediation through reproducible commands and structured validation artifacts.
  • Build trust and accountability by sharing transparent, evidence-backed results with stakeholders.
  • Support compliance and audits with documented proof of exposure and remediation actions.

Validated exposures drive faster decision-making, stronger collaboration between security and engineering, and measurable reductions in wasted effort.

Upwind is not just a security tool — it’s a platform that makes our engineering, security, and audit teams faster and more effective.”

-Aman Sirohi, SVP, Chief Security Officer & Platform, People.ai

Designed for Scale

Upwind’s dynamic CSPM was designed for organizations managing complex, distributed cloud estates. In testing across production-scale environments, it consistently narrowed thousands of posture findings down to a small set of verified exposures. Teams can validate individual assets or perform full environment rescans within 24 hours, with automated coverage expanding over time.

By turning static posture data into dynamic, evidence-based intelligence, Upwind helps teams move from reactive alert handling to proactive exposure management. This capability comes at no additional cost to users as a part of the Upwind platform, providing dynamic validation of risks without any additional overhead.

What’s Next

This initial release includes dynamic CSPM validation playbooks for network-exposed storage, databases, and compute services.

This is the first part of a continuing release, which will soon include:

  • Expanded service coverage, including managed Kubernetes, serverless, and API endpoints.
  • Custom and modular playbooks that allow customers to define their own validation logic.
  • Scheduled and parameterized scans to continuously monitor specific environments or resources.

These enhancements will roll out in the coming weeks as part of Upwind’s continued investment in dynamic CSPM.

Learn More

Upwind’s evidence-based findings and dynamic CSPM advance cloud security from detection to validation. It brings transparency and prioritization to exposure management, enabling organizations to focus their resources where they have the greatest impact.

By combining configuration insight with live, controlled validation, Upwind gives security teams a reliable way to identify what is truly exposed and to act with confidence. To learn more about how Upwind validates configuration findings, schedule a demo with the Upwind team today.

Reinventing CSPM with Dynamic Testing of Security Risks

Further Reading

Investigate Tab-c
Product

Accelerate Vulnerability Investigations with Visual Contextualized Queries

Denise Ashur Screenshot 2025-10-23 at 11.21.50 AM

By Denise Ashur & Gal Azulay

Oct 28, 2025

Modern cloud environments generate a constant stream of vulnerability information across thousands of assets, frameworks, and packages. While filters are essential to navigate this data, they can quickly become overwhelming as environments grow. Upwind’s new Investigate tab introduces a more efficient and guided way to explore vulnerabilities. Instead of relying on long lists of filters, […]

Security-Risks
Product

Introducing Security Risks: A Unified Model for Understanding Cloud Risks

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Oct 22, 2025

Cloud security teams face an overwhelming amount of data. Misconfigurations, vulnerabilities, identity risks, and exposures often live in separate tools and dashboards, making it difficult to see how they connect. The real challenge is understanding how these signals intersect to create true risk. That’s why we are excited to introduce Upwind Security Risks – a unified […]

entra_id
Product

Upwind Strengthens Cloud Identity Security with New Microsoft Entra ID Detection Coverage

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Oct 21, 2025

We are thrilled to announce that Upwind has expanded its Microsoft Entra ID (formerly Azure Active Directory) detection coverage to provide deeper visibility into identity changes, privilege escalation, and credential misuse across Azure environments. These new detections help security teams identify and respond to identity-driven threats faster, before they can compromise the tenant or persist […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security