With Upwind’s recent major releases of Inventory 2.0 and Custom Policies and Frameworks, security teams can now define security posture rules that reflect their specific requirements. These rules automatically adapt to infrastructure and workload, keeping compliance in step with real time conditions.
In this article, we will dive into how the Upwind Explorer enables teams to perform detailed cloud environment queries and directly convert them into policy rules. These powerful new capabilities enable teams to maintain continuous compliance with security and operational standards, facilitating a shift from reactive security to automated compliance.
What is the Upwind Explorer?
The Upwind Explorer is Upwind’s real-time query engine for in-depth cloud investigations. It is a graph database that maps cloud resources and their relationships in a complex cloud infrastructure environment, allowing users to easily query their most in-depth questions such as resources containing specific configurations and carrying specific risks, including public exposure. For example, the Upwind Explorer can identify containers that are vulnerable to RCEs, which also contain high permissions and are actively communicating with a database that contains sensitive information.
The Upwind Explorer allows teams to perform detailed and customized cloud environment searches based upon live data that reflects the true state of an environment. It also empowers teams to turn those customized queries into configuration policies. This helps bring the gap between analysis and compliance. Teams can act quickly on their findings, transforming insights into preventative measures. The result is a more secure cloud environment where every query can lead to direct action.
Using the Upwind Explorer, teams can easily build custom queries using either a visual query builder or Rego (the open-source policy language behind OPA). The Upwind Explorer taps into Upwind’s full dataset – including CVEs, package versions, container behavior, privileges, IAM bindings, and exposure metrics, providing you with highly detailed answers to your queries.
Use cases include:
- Finding containers running Python, exposed to the internet, handling sensitive data, and operating with elevated privileges
- Tracing policy violations across multiple clouds or accounts
- Identifying assets that match risk conditions across infrastructure, identity, and runtime behavior
The Upwind Explorer enables teams to convert complex and precise queries and then turn them into checks that reflect their real-world risk priorities. These rules are surfaced in the Configurations module, Upwind’s centralized place for managing security posture, and can be tracked across dashboards for ongoing visibility and control. These rules automatically integrate into the Configurations module and dashboards – allowing organizations to track and automate their unique security posture at scale.
Leveraging Runtime for High-Fidelity, Prioritized Posture Findings
Our recent enhancements to posture and inventory show how runtime context can be applied to cut through alert noise and improve data fidelity to solve known cloud security gaps – in this case, providing a solution to overwhelming posture alert noise and poor data fidelity.
The difference in our approach comes down to our use of runtime data. Runtime data is what your systems generate while they’re actively running. This means live signals from real workloads, not snapshots or design-time guesses. At Upwind, this data powers everything from real-time alerting to customizable posture policies, helping teams focus on what actually matters right now.
That’s different from static data, which comes from scans or design-time assumptions rather than what’s actually happening in your environment. The Upwind Platform, including the Upwind Explorer, leverages runtime data to ensure that teams are receiving highly accurate, updated findings as they occur, as well as prioritizing those findings based on real-world risk.
For example: what if an organization has an EBS volume – or GCS volume – that is unencrypted, contains secrets, and is attached to a workload that is vulnerable to remote code execution and publicly exposed to the internet? This is an active breach path, not a low-priority misconfiguration. However, posture tools that leverage static scanning will flag this as three separate issues, treating each with equal weight and burying the real risk in a sea of alerts. This makes it difficult for teams to prioritize critical findings, often sorting through thousands of equally-critical alerts per day, rather than zeroing in on critically exposed attach paths.
Upwind’s runtime-centric approach focuses on high-fidelity, exploit paths containing multiple risk factors that, when correlated, create open paths to exploitation and represent true operational risk.
Final Thoughts
Compliance and security require up-to-date information. Teams can’t rely on batch updates or lagging snapshots when making critical decisions. They demand real-time visibility and prioritized action. The Upwind Explorer bridges the gap between awareness and compliance by allowing you to build precise, real-time queries and instantly turn them into actionable policies.
Whether you’re tracking cloud misconfigurations, identifying policy violations, or preventing risky behavior before it impacts your environment, the Explorer empowers you to operate with confidence and speed. Upwind keeps your compliance decisions aligned with the current state of your environment. Instead of relying on old scans or stale data, you’re working with live, accurate information.
Learn more
Curious how this could apply to your environment? Try building a policy from one of your own real-time queries and see what you uncover. Book a personalized demo today or drop us a line at [email protected] and let us show you how.
