cloud-parity-b

Expanding CSPM with Runtime Advantage: Deep Data Scanning & Multi-Cloud Parity

Moshe Hassan Upwind

By Moshe Hassan

Dec 03, 2025

We are excited to announce a major expansion of the Upwind Runtime Attack Surface Management. This release extends support for GCP and Azure resources, bringing true multi-cloud parity while deepening AWS support with expanded support for AWS Lambda, SNS, Elasticache, and Redis.

Beyond coverage, we are introducing Deep Data Scanning – a new ASM playbook capability that goes beyond metadata to validate data exfiltration risks by inspecting content itself using trained models to identify unique and critical data.

Paired with a refreshed UI and on-demand re-scanning, this release gives teams the evidence they need to move faster and total modularity to playbooks.

Expanded Runtime Coverage 

We have extended our sensor-based and agentless visibility to match our deep AWS coverage, ensuring you have a unified runtime view across all major providers.

  • Google Cloud Platform (GCP) – We have brought full parity to GCP with new support for Compute Engine hosts and serverless Cloud Functions. This expansion includes deep visibility into your data and infrastructure layers, covering Cloud Storage buckets, Cloud SQL, and Memorystore.
  • Microsoft Azure – Our Azure coverage now mirrors our deep AWS capabilities, delivering full runtime support for Azure Virtual Machines and Azure Functions. We have also expanded our granular visibility to critical data services, including Azure SQL Database, Blob Storage containers, and Azure Cache for Redis.
  • AWS – Building on our existing foundation, we have further deepened our AWS sensor capabilities to cover serverless and messaging architectures. This release adds extended runtime visibility for AWS Lambda, Amazon SNS, and ElastiCache & Redis.

New Capability: Deep Data Scanning & Exfiltration Risk

Our validation engine now goes deeper. Instead of just checking if a resource is accessible, we can now verify if sensitive data is exposed.

  • Content-Aware Playbooks: New validation steps scan the actual contents of storage objects (S3, Cloud Storage, Blob Storage) and databases to identify PII, secrets, and sensitive intellectual property.
  • Exfiltration Simulation: The playbook now simulates “read” operations to confirm if an attacker could successfully exfiltrate data, moving risk assessment from “potential” to “proven.”
s3
  • AI-Powered Asset Identification: We are leveraging specialized AI and ML models to automatically discover mission-critical assets and functions. This intelligence allows us to differentiate between standard data and high-value targets, significantly increasing risk clarity for your team.

Experience & Usability Upgrades

  • New UI & Visual Indication: We’ve overhauled the findings interface. Critical, verified risks now feature distinct visual indicators (badges and high-contrast highlights) across the entire system, from the topology map to the alerts list, ensuring validated risks never get lost in the noise.
Configuration-finding-list
  • On-Demand Re-Scan: You no longer need to wait for the next scheduled interval. Trigger a specific validation playbook or full asset re-scan instantly with a single click to verify remediation immediately. You can now even simulate specific parts of a playbook without running the entire sequence.
RDS

What’s Next

We are already working on the next wave of enhancements to give you even more control over your runtime security:

  • Playbook Management: A new builder interface allowing you to customize validation logic, edit existing playbooks, and create your own risk scenarios.
  • Discovery vs. Aggressive Mode: As our attack engine evolves, we are introducing distinct operational modes. Discovery Mode will focus on read-only actions to identify risks, while Aggressive Mode will run impactful playbooks – ranging from CVE exploitation to bucket write actions, to prove exploitability where necessary.
  • Internal Cloud Testing: New capabilities to test your environment from the inside, enabling the validation of identity risks and lateral movement paths.
  • Oracle Cloud (OCI) Support: Extending our runtime visibility and attack surface management to Oracle Cloud Infrastructure.

To learn more about Upwind’s runtime security enhancements, schedule a demo with our team today.

Expanding CSPM with Runtime Advantage: Deep Data Scanning & Multi-Cloud Parity

Further Reading

map improvements
Product

Introducing the Upwind Asset Map: Complete Visibility into Cloud Architecture, Exposure, and Risks

Denise Ashur

By Denise Ashur

Dec 03, 2025

Cloud risks arise across multiple layers and dimensions: (1) infrastructure such as compute, networks, storage, and identities; (2) applications and their API or service-to-service communications; and (3) the dependencies that link them together, including vulnerabilities, secrets, and sensitive data flows.  Upwind’s Graph Inventory overlays cloud assets, configurations, SBOMs, runtime sensor & cloud activity logs signals, […]

photo_2025-12-02 05.52.41
Product

Upwind x NVIDIA: Securing the Next Generation of AI Infrastructure at Runtime

Screenshot 2025-08-04 at 6.32.03 AM

By Alon Saban

Dec 02, 2025

Artificial intelligence is rapidly transforming the enterprise landscape, powering everything from autonomous agents to large-scale LLM applications. However, as organizations adopt AI infrastructure at scale, they face an urgent challenge: ensuring the integrity, safety, and trustworthiness of their AI operations in the face of increasingly sophisticated cyber threats. Moreover, a new set of threats comes […]

AI Security (2)
Product

Introducing Upwind’s Unified AI Protection, Built for Modern Cloud Environments

Denise Ashur Moshe Hassan Upwind

By Denise Ashur & Moshe Hassan

Dec 01, 2025

Today, we’re expanding the Upwind CNAPP with Upwind AI, a set of tightly integrated capabilities that take AI security far beyond configuration checks or endpoint monitoring. As AI becomes embedded in every layer of cloud infrastructure, security teams need a way to understand not just where AI is running, but how it behaves, what it […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security