Introducing The Upwind Tracer for AWS Lambda Functions: Deep Runtime Security for Serverless Workloads

Today, we’re excited to announce the private preview release of The Upwind Tracer for AWS Lambda Functions, bringing serverless-native runtime security and observability to your Lambda workloads.

As teams continue to adopt and evaluate AWS Lambda for event-driven application architectures, it remains important to verify that its benefits – such as automatic scaling, minimal infrastructure management, and a flexible execution model – are still aligned with current operational requirements and best practices. At the same time, the Lambda runtime is intentionally constrained and abstracted, making it difficult for security and platform teams to see what is actually happening during execution. Traditional agent-based or kernel-level approaches don’t translate to serverless, and log-based methods alone rarely provide enough depth to confidently secure production workloads.

The Upwind Tracer for Lambda is designed to close this gap, delivering deep visibility into network activity and process execution at runtime, without requiring code changes and without impacting function performance.

Introducing the Upwind Tracer for Lambda Functions

The Upwind Tracer extends the Upwind runtime security model to AWS Lambda using a lightweight external Lambda extension designed for performance, compatibility, and ease of use. Rather than modifying your function or instrumenting your code, the extension runs alongside your Lambda as a separate process inside the same execution environment as your function, without modifying your code. This allows Upwind to observe behavior from within the same execution environment, giving security teams a clear understanding of what functions connect to, what processes they spawn, and how they behave at runtime.

The extension is delivered as a statically linked binary via a Lambda layer, ensuring universal compatibility across runtimes and architectures. This makes adoption straightforward for teams using Python, Node.js, Java, Go, or a mix of languages with no separate instrumentation paths, no library changes, and no friction across teams or projects.

The benefits of this approach are manifold:

• Flexibility: The extension is language-agnostic, ensuring broad compatibility across multiple Lambda runtimes.
• Efficiency: The extension encapsulates the monitoring process without interfering with the function’s core logic.
• Ease of Deployment: The extension is delivered as a statically linked binary via a Lambda layer, the extension is simple to add to any function and fits seamlessly into existing deployment patterns.

By operating as a separate process but within the same execution environment, Upwind can monitor what your Lambda functions are doing, including what they connect to, what processes they spawn, how they behave at runtime, without interfering with their core logic. The result is deep runtime visibility that feels native to serverless.

Benefits for Lambda Users

The Upwind Tracer brings Lambda functions into the same comprehensive runtime security model trusted across the Upwind Platform. By gaining visibility directly from inside the Lambda execution environment, teams can understand how their serverless workloads behave, communicate, and interact, closing longstanding visibility gaps that logs alone can’t solve. This empowers organizations to manage and secure Lambda functions with the same confidence and consistency as their containers, VMs, and Kubernetes workloads.

The Upwind Tracer introduces three key benefits for Lambda users:

• Holistic Security & Observability
  Gain an in-depth view of your Lambda’s network activities without affecting its performance. By monitoring network connections and runtime behavior from within the execution environment, Upwind gives teams meaningful insight into how functions communicate and operate.
• Seamless, Always Compatible Integration
  With the solution being language-agnostic, you can effortlessly incorporate it regardless of the Lambda runtime you employ. Because the extension is delivered as a statically linked binary via a Lambda layer, teams can adopt Upwind without modifying code or managing language-specific instrumentation.
• Improved Security Posture
  Identify and remediate runtime-enriched vulnerabilities, bolstering your serverless application’s security framework. Upwind correlates runtime activity from Lambda with broader cloud context, enabling faster investigation and more informed response.

Upwind users will be able to see this information and its associated findings across the Upwind Platform. Examples include:

• Threat Detection: Identify threats affecting AWS Lambda functions in real time and view all related security events in the Threats tab. Each detection includes detailed context and root cause analysis, enabling teams to understand and respond to suspicious runtime behavior quickly.

• Inventory: Discover all Lambda functions across your environment in the Inventory tab, complete with configuration details and context. Lambda functions appear alongside other compute types, enabling teams to manage and understand their serverless workloads from a single unified view.

• Upwind Runtime Map: Visualize Lambda functions and the resources they communicate with in the Upwind Topology Map. Teams can explore real-time network communication, identify external dependencies, and assess risk propagation across serverless components and the broader cloud environment.

Learn More

The Upwind Tracer for AWS Lambda Functions is now available in Private Preview, and we’re working closely with early adopters to refine and extend our serverless security capabilities. If your organization relies on Lambda and needs deeper runtime visibility, better observability, and a more robust security posture for serverless workloads, we’d be excited to collaborate.To learn more or request access to the private preview, reach out to your Upwind representative or drop us a line at [email protected].