How to Deploy the Upwind Sensor in 5 Minutes

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

May 06, 2025

The Upwind Platform is a hybrid solution, enabling a best of both worlds approach with agentless deployment options for rapid time-to-value and a sensor for industry-leading realtime and runtime security. While we’ve previously covered our agentless cloud sensors, this post focuses on how quickly you can deploy the Upwind sensor and gain deep, real-time visibility into your infrastructure and applications.

“Within minutes of deployment we had real-time protection of our entire infrastructure. The entire process using Upwind was incredibly simple.” – Alon Reznik, Chief Architect, Rivery

What is the Upwind Sensor?

The Upwind sensor is lightweight, high performance, easy to deploy, and simple to operate. It provides real-time and runtime visibility into system calls, process executions, file access, and networking traffic at layers 3, 4, and 7 of the OSI model. 

Powered by eBPF, the sensor is engineered for efficiency. It uses less than 1% CPU and under 1 GB of RAM, even when scanning large container images. For example: at h2O.ai, it successfully scanned a 30GB container image using just ~3% of the image size in memory

The Upwind Sensor enables granular, process-level insight into containers and VMs –  without adding operational drag.

A table describes the 7 OSI layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical, including each layer’s function and example protocols or devices such as HTTP, TCP, and Ethernet.
The Upwind Sensor enables visibility into layers, 3, 4, and 7 of the 7-layer OSI Networking Model.

The Upwind Sensor is also secure, requiring mutual, certificate-based authentication to connect to the Upwind Console. The Upwind Sensor’s capabilities are limited to getting policies from Upwind Console and sending event data to the Upwind Console. The Upwind Sensor has no ability to interact with Upwind Console beyond the websocket –  a design choice that enhances security and minimizes blast radius risk.

A LinkedIn post by James Berthoty praising Upwind Securitys onboarding process, detailing steps like account setup, connecting services, triggering alerts, and MDR SOC checks, all completed quickly. He expresses high satisfaction.

How to Install the Upwind Sensor

When we built the Upwind Platform, we understood the need to make it easy to install. Exact deployment steps vary slightly, depending on environment – you can read about your specific scenario in our documentation here. For this guide, we’ll walk through deploying the Upwind Sensor in a Kubernetes cluster using a Helm operator. 

Step 1. Generate Credentials

Only needed if you want to create new client credentials. If you already have client credentials, you can skip this step.

Select the + (plus) symbol at the top of the screen and select “Connect Kubernetes Cluster.” Select “Generate a new one” to create a new client ID and client secret. Provide a name and select “Generate”. Alternatively, you can generate credentials in the Credentials page in the console. For more information, review the documentation on Credentials.

After you have generated credentials, they will automatically be copied into step three and inserted into the UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET fields.

Step 2. Add Upwind Helm Repository

To add Upwind to the Helm repository, execute:

helm repo add upwind https://charts.upwind.io/ && helm repo update

Copied

Step 3. Deploy Upwind Operator

With the Upwind Helm repository added, you can now deploy Upwind to your cluster. If you are re-using a credential be sure to add it into the UPWIND_CLIENT_ID & UPWIND_CLIENT_SECRET fields.

To install the helm chart, execute the install command as follows:

For containerd:

helm install upwind-operator upwind/upwind-operator \
    --namespace upwind \
    --set credentials.clientId="${UPWIND_CLIENT_ID}" \
    --set credentials.clientSecret="${UPWIND_CLIENT_SECRET}" \
    --create-namespace

Copied

For CRI-O:

helm install upwind-operator upwind/upwind-operator \
   --namespace upwind \
   --set credentials.clientId="${UPWIND_CLIENT_ID}" \
   --set credentials.clientSecret="${UPWIND_CLIENT_SECRET}" \
   --set agent.values.containerd.enabled=false \
   --set agent.values.crio.enabled=true \
   --create-namespace

Copied

Step 4. Test Connectivity

It is recommended to validate that none of the resources deployed by Upwind are in a Pending/Failed or any other error state, which will prevent the Upwind sensor from operating as expected.

Run the following command to validate that all the resources are in a Running state:

kubectl get agent,clusteragent --namespace upwind

Copied

That’s it. Your Upwind Sensor is now running and you’re collecting real-time signals and runtime context from your environment –  all in under 5 minutes. For troubleshooting, see the troubleshooting pages corresponding to your deployment scenario in the Upwind documentation.

Learn More

Sensor deployment may differ slightly by environment, but the core idea remains: installation should take minutes, not hours. To prove our point, you can view the video of our sensor being deployed on an Amazon EC2 instance in 5 minutes in the video linked in this blog. 

Get full-stack runtime visibility and protection, starting today. Schedule a demo, or drop us a line at [email protected] to find out how.

How to Deploy the Upwind Sensor in 5 Minutes

Further Reading

The Upwind logo in black and purple is in the top left, with a large stylized A in a white hexagon surrounded by blue hexagons on a light blue background.
Product

Upwind for Microsoft Azure: Fast, Agentless Protection for Every Workload

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

May 22, 2025

Upwind is a hybrid solution that utilizes both agentless cloud scanners along with our industry-leading eBPF-based sensor to ensure deep visibility and security in every environment. Our Agentless Azure Cloud Scanner builds out graph inventory, then overlays secrets exposure, vulnerabilities scanning, internet exposure, configuration findings and more – enabling a rapid onramp to capabilities such […]

Logo image with the word Upwind in black next to the word Jit in pink, separated by a vertical line, on a white background with purple and pink geometric accents.
Product

Upwind + Jit: Bringing Runtime Context to AI-Powered Vulnerability Triage

Denise Ashur

By Denise Ashur

May 19, 2025

Security teams are drowning in alerts. Static scanners surface thousands of issues, but most are irrelevant. The real challenge isn’t finding problems, it’s knowing which ones to fix. The Upwind + Jit integration brings runtime intelligence directly into AI-powered workflows so you can stop guessing and start fixing what matters. By combining Upwind’s real-time context […]

A white Ū symbol is centered on a blue background, surrounded by twelve yellow stars with arrows pointing outward from the symbol to each star, resembling the EU flag with a modern twist.
Product

Simplify EU Data Compliance with Automatic Regional Control

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

May 14, 2025

If you store or process customer data in the European Union (EU), knowing exactly where that data resides isn’t optional – it’s the law. For growing companies, meeting those requirements without friction can also be a strategic advantage. That’s why we’re excited to announce our independent region capability: enabling one-click data residency compliance directly within […]

Stay in touch

Product

CNAPP
Vulnerability Management
CSPM
Container Security
CWPP
CDR
API Security
Identity Security

General

About
Contact
Careers
Feed
Events
Case Studies
Get A Demo
Glossary

Social

Twitter
LinkedIn
Facebook

Resources

Documentation

Privacy Policy
Terms of Use

© 2025, Upwind Security