Severless framework

A New Standard for Serverless Security: The Upwind Serverless Framework

Sep 12, 2025

Today, we’re introducing the Upwind Serverless Framework, a new runtime-first compliance framework purpose-built for serverless environments. Upwind has long provided runtime visibility into serverless workloads; this framework builds on that foundation by aligning real-time behavior with compliance controls, making it easier to detect misconfigurations, enforce least privilege, and surface risks that matter. It helps security teams and platform engineers bring structure and clarity to the dynamic nature of serverless applications without relying on static analysis or manual auditing.

In this blog, we’ll walk through what makes serverless environments challenging to secure, how the framework addresses those challenges, and the benefits it offers to engineering and security teams.

What Are Serverless Environments and Why Are They Hard to Secure?

Serverless computing has become a key enabler of modern cloud-native development. Platforms like AWS Lambda and Google Cloud Functions allow teams to run isolated units of code without managing servers or infrastructure. These functions are ephemeral, event-driven, and highly scalable, offering clear operational advantages.

But the characteristics that make serverless appealing also make it difficult to secure. Functions are short-lived, which limits the effectiveness of traditional monitoring tools. They often rely on broad permissions, and they scale horizontally, sometimes creating hundreds or thousands of points of exposure. Visibility gaps are common, and misconfigurations are difficult to detect, especially when runtime behavior is not fully understood. This creates a situation where even simple serverless applications can introduce meaningful security risk.

CleanShot-2025-08-28-at-10.48.09@2x
The Upwind Platform observes an ECS Fargate instance via its Real Time Topology Map

How Upwind Addresses These Challenges with the Upwind Serverless Framework

The Upwind Serverless Framework is part of our broader family of Upwind Frameworks: pre-built, customizable, and continually evolving collections of policy checks based on real runtime behavior. These frameworks are designed to move beyond static posture assessments by surfacing actual exploitability and aligning security controls with live activity across cloud environments.

Applied to serverless, this model provides real-time visibility into how each function behaves during execution. The framework monitors access patterns, resource calls, permission usage, and network interactions without requiring agents or code modifications. With this data, it builds a behavioral profile of each function and automatically detects deviations from expected patterns.

This approach enables security teams to identify and prioritize real risks, such as over-permissioned roles, unnecessary public exposure, or dormant functions with embedded secrets, based not just on configuration, but on how those functions actually operate in production. Policy recommendations are context-aware and tied directly to runtime evidence, which means teams can remediate issues with high confidence and minimal disruption.

CleanShot-2025-08-28-at-11.17.46@2x

Benefits of the Upwind Serverless Framework

By extending Upwind’s runtime-first model to serverless workloads, the Serverless Framework helps teams gain clarity and control over environments that are otherwise difficult to observe. It surfaces the risks that matter, connects them to actual behavior, and makes it easy to take action.

CleanShot-2025-09-02-at-18.16.38@2x
The Upwind Platform identifies a public AWS Lambda function vulnerable to a critical CVE and storing Google Cloud secrets, then provides additional context and remediation options.

With the Upwind Serverless framework, teams can:

  • Understand what functions are doing in real time, including what data they access, what permissions they use, and whether they deviate from expected behavior
  • Reduce the attack surface by identifying and eliminating excessive or unused permissions through automated, least-privilege policy recommendations
  • Detect issues that static checks miss such as dormant functions with publicly exposed endpoints or embedded secrets – by looking at runtime activity and historical trends
  • Demonstrate compliance with auditable evidence that ties policies to function behavior, not just theoretical intent

These capabilities turn serverless environments into manageable and secure components of your infrastructure, without compromising the agility they’re meant to deliver.

CleanShot-2025-08-28-at-10.59.15@2x
The Upwind Platform checks for public serverless functions with crital CVEs that store CI/CD secrets

Conclusion

Serverless architectures are foundational to how modern applications are built, but their speed and scale come with new challenges. Traditional security models were not designed for workloads that spin up in milliseconds and disappear just as quickly. The Upwind Serverless Framework brings a purpose-built, runtime-aware solution to this space, combining visibility, enforcement, and automation into a framework that meets the moment.

Discover how the Upwind Serverless Framework can help your team secure cloud-native functions with runtime-first visibility and control. Schedule a customized demo with us.

A New Standard for Serverless Security: The Upwind Serverless Framework

Further Reading

murky-panda
Product, Research

MURKY PANDA and the Blind Spot in Modern Cloud Security

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Sep 10, 2025

August 21, 2025 – CrowdStrike disclosed ongoing activity by MURKY PANDA, a state-aligned Chinese espionage group purpose-built for the cloud. Unlike many threat actors who adapt legacy tactics, MURKY PANDA designs operations around cloud-native infrastructure from the ground up. Their latest campaign combines a Linux malware strain, a Commvault zero-day exploit, and identity abuse in Microsoft […]

Upwind-OX
Product

Securing the Full Application Lifecycle with Upwind and OX Security

Denise Ashur

By Denise Ashur

Sep 09, 2025

In today’s fast-paced development environments, the speed of software delivery has outpaced traditional security workflows. APIs are often published before they’re reviewed, cloud resources are deployed via automation, and new vulnerabilities emerge in runtime that never existed in dev or staging. It’s estimated that over 50% of data breaches by 2025 will originate from unprotected […]

API Vulnerability Testing
Product

Proactively Reduce API Risks with Upwind’s API Vulnerability Testing

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Sep 03, 2025

APIs are the foundation of modern software. From mobile apps to cloud-native platforms, they allow services to communicate, scale, and deliver value quickly. In fact, more than 70% of all internet traffic flows through APIs today, which makes them both essential and high-risk. But as APIs have become more critical, they’ve also become one of […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security