Upwind’s real-time threat detection capabilities have helped our customers identify threats and bad actors the moment they enter their cloud environment. This real-time, runtime-powered capability is the definition of shift-right security, and we have now taken it one step further by providing the ability to respond to threats as soon as they are detected.
With this new capability, Upwind users will now be able to methodically kill threats at the process level, giving you the ability to selectively target and stop threats without interrupting your cloud operations.
Proactive Threat Response
In order to understand how Upwind’s response capabilities work, you first need to understand the logic behind our threat detection machine. Upwind constantly monitors cloud workload behavior, deploying a lightweight eBPF agent to inspect packets at the kernel level. This allows the Upwind agent to read every system call and identify any abnormal behaviors or threats in real time. Using machine learning, Upwind also recognizes known security patterns, malware signatures and new or unusual behaviors that signify a threat is present.
As soon as a threat detection is made, you are given the relevant detection information including severity, root cause and whether or not it is an active threat.
For active threats of every severity, you have the option to respond to the threat. By choosing the response option, you can kill the malicious process and quickly stop it from causing damage within your environment.
Upwind Response: Automatically Kill the Process at the Source
Using Upwind’s threat detection machine, you are also able to view the detection process tree and relevant context to give you absolute certainty about the need to remediate it and any child processes that stem from the original process tree.
This is significant because it gives you the ability to not only kill a single malicious process, but to also kill processes running on multiple different containers at the same time. By killing the malicious process itself and not the container, you are able to rapidly secure your workloads without disrupting your cloud operations.
Upwind’s Threat Prevention
Perhaps most importantly, Upwind now also provides you with the ability to create a prevention strategy over time that will repeatedly kill a malicious process when it tries to run. This goes beyond the response capability to provide security teams with the tools needed to not only stop threats but also prevent them from occurring in the future.
Upwind also keeps a response audit log, giving you the ability to identify who within your organization chose to use the response feature, when it was used and if it was successful.
Automated Response with eBPF
Upwind is able to provide this cutting-edge detection and response capability through our eBPF agent, which brings a host of advantages that revolutionize the way we approach runtime security:
- Lightweight: eBPF’s minimalistic footprint ensures that the Upwind agent operates seamlessly without imposing unnecessary overhead on your applications or infrastructure. This means you can secure your workloads without sacrificing performance.
- Kernel-Level Precision: One of the most powerful capabilities of eBPF is its ability to operate at the kernel level. This grants us unparalleled visibility and control, allowing us to track and respond to threats with precision, even in the deepest layers of your runtime environment.
- Real-time Visibility into Process & Network Activity: eBPF allows for efficient real-time monitoring of processes & network activity, which translates to valuable insights into process executions, traffic patterns, connections and potential security anomalies. This level of visibility is crucial for proactive threat detection.
To learn more about Upwind’s Intelligent Threat Detection and Response capabilities, refer to the Upwind Documentation Center (login needed).
To see a live demo of Upwind in action, please email us at [email protected].
Up & Upwind! 🏄♂️