Customer Case Study: Tickmill

“With Upwind, we finally understand exactly what our resources are doing at any given moment.”

Siim Kobin
Head of IT Operations, Tickmill


  • Tickmill wanted a comprehensive cloud security solution that would give them increased visibility into their infrastructure and applications
  • Tickmill needed a solution that went beyond build time, shift-left practices to also include runtime insights and provide insights into typical resource behavior
  • Tickmill wanted a platform that would extend their security team’s capabilities and help them stop threats in their production environment


  • The Upwind Cloud Security Platform provides Tickmill with with a comprehensive security platform that gives its security team real-time visibility into infrastructure and applications
  • Upwind’s runtime insights give Tickmill real-time visibility into network traffic, empowering its security team to prioritize critical risks and understand resource behavior baselines
  • Upwind’s CDR helps Tickmill identify and prioritize threats and risks, saving the team time by focusing on remediating critical risks and proactively securing its cloud environment.

About Tickmill

Tickmill is a forex broker operating in the financial services industry. Tickmill is a trading name of Tickmill Ltd, a member of Tickmill Group, which is regulated by the Seychelles Financial Services Authority (FSA). Tickmill leverages the Upwind Cloud Security Platform to ensure proactive and robust cloud security practices, including prioritizing critical risks, end-to-end infrastructure visibility and real-time threat detection and response.

Upwind has given us an incredible amount of visibility into our operations. This has transformed how we do security. Having these runtime insights has been key in helping us prioritize risk, understand what we have deployed and how resources are behaving.”

Siim Kobin
Head of IT Operations, Tickmill

How Tickmill Leverages Upwind

Tickmill had originally been unsure if they wanted to focus on a solution that offers shift-left best practices and focuses on build-time information, or if they wanted a platform that also included runtime insights. After evaluating Upwind, it became clear to their team that there was significant value in receiving runtime insights into their production environment.

Upwind’s runtime insights empowered their team to gain increased visibility into what infrastructure and applications were doing in production, understand network communication, and get end-to-end resource context.

Cutting Down Alert Noise to Focus on Real Risks

Tickmill wanted a way to not only discover all vulnerabilities, but to also prioritize them based on real risk and determine which vulnerabilities they should fix first. Upwind’s runtime vulnerability prioritization helps Tickmill’s security team to immediately identify critical risks, cutting down more than 95% of alerts to focus on the 5% of vulnerabilities that are truly critical to the organization.

This highly prioritized approach has enabled Tickmill to rapidly remediate critical vulnerabilities, decreasing time to remediation and proactively reducing their attack surface.

Extending Security Team Capabilities with Upwind

Tickmill has undergone a significant rebuilding of its SecOps team to adopt a DevSecOps approach to security. As a part of this transformation, they wanted a tool that would empower the new team to do more with less effort, saving time and manpower. Upwind’s risk prioritization engine and real-time insights has given the team the ability to cut down alert investigations and focus on the few risks that pose actual risk to the organization.

Upwind’s Issues Page also gives the team a starting place every day, surfacing the most critical issues and providing end-to-end insights into each risk and built-in root cause analysis. This deep context has saved Tickmill’s team time, streamlining investigations and cutting down time to remediation.

Understanding Behavioral Baselines for Resources

Tickmill wanted a way to understand resource behavior and automatically identify potential threats. Upwind’s runtime-powered CDR gives them the ability to identify threats the second they appear and stop them in real time.

Using Upwind’s behavior baselines, Tickmill is also able to understand what typical communication looks like for every resource and immediately identify unusual or potentially malicious behavior. This increased visibility and understanding of normal resource behavior has empowered Tickmill to adopt a proactive approach to securing resources.

Upwind’s ability to recognize abnormal behavior and correlate it with threats goes beyond any other solution that we have seen. The behavioral baselines feature has been instrumental in showing us exactly how our users and resources typically behave and immediately alerting us to deviations.”

Siim Kobin
Head of IT Operations, Tickmill


Prior to using Upwind, Tickmill relied on shift-left solutions practices that helped them maintain compliance, but failed to include a runtime element. Since using the Upwind Cloud Security Platform, Tickmill has received unparalleled insights into their resource behavior at runtime, amplifying their security team’s capabilities and enabling them to prioritize risk and stop threats in their production environment.

Upwind has allowed us to significantly extend the capabilities of our DevSecOps team by focusing efforts on our most critical risks. We needed a tool to streamline our processes, and Upwind has gone above and beyond in doing so - speeding up our time to remediation to about 5x faster than what it was prior to using Upwind."

Siim Kobin
Head of IT Operations, Tickmill

Uplift Your Cloud
Security Today

Schedule a meeting with a cloud security experts today to secure your cloud, reduce friction between your teams and proactively protect your cloud infrastructure and applications.

Make Cloud Security Simple.