Master Risk Prioritization by Leveraging Insights into Runtime Facts & Critical Cloud Misconfigurations

In today’s increasingly cloud-centric business landscape, securing your cloud environment is crucial. The growth and dynamic nature of attack surfaces often make it difficult for security teams to identify and address their most critical risks, resulting in a lack of clear prioritization and delaying remediation. Upwind’s Cloud Security Platform actively addresses this challenge by leveraging […]

Evaluate Your Vulnerability Resolution Over Time

We are excited to announce a new section in the Upwind Platform – the Vulnerability Dashboard.  The Vulnerability Dashboard will give you the ability to see both an overview of your current critical vulnerabilities and the state of your vulnerabilities over time.  Get an instant overview of your current vulnerabilities, including: The Vulnerability Dashboard will […]

Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability

In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities.  These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]

Reduce Attack Surfaces with Distroless Images – Part 1

Upwind pioneered a method to streamline patch management and significantly reduce vulnerabilities for Upwind users through leveraging runtime data. When it’s challenging to eliminate unneeded binaries and artifacts from applications, there are two strategies available: Both approaches aim to minimize image size and reduce the attack surface, while Distroless images require no patching, no upgrading […]

Visualize Internet Exposure Paths in Real-Time

We are excited to announce a new capability – real-time Internet exposure path visualization. This new capability visualizes exposure paths from the Internet for AWS resources, showing you the entire exposure path through Internet gateways, routing tables, security groups and load balancers. This gives you the ability to identify attack paths and better prioritize vulnerabilities […]

Runtime-based Risk Augmentation in Your Cloud Infrastructure Topology 

We’re excited to announce a major capability in our runtime topology map that will now include risk overview context icons and new filter capabilities. Using these new capabilities, you can view each resource’s risk overview at a glance with built-in icons on the topology map. This allows you to rapidly filter and locate at-risk resources […]

Upwind’s SBOM Explorer – Your Weapon for the Next 0-day Attack

We are excited to announce a new feature – Upwind’s Packages Tab. You can now view all of the packages in your environment and their dependencies in Upwind’s Packages Tab. This serves as an SBOM explorer, as it includes all packages (with or without vulnerabilities). With this capability, you can now search for all packages, […]

Automatically Find Exposed Secrets Across Your Cloud Workloads

Supercharge your cloud security with Upwind’s Exposed Secrets scanning!  Exposed secrets include: Exposed secrets can cause serious damage to your organization if they fall into the wrong hands, potentially giving bad actors the opportunity to use these tokens to gain broader access to sensitive data and critical infrastructure.  To keep this from happening, Upwind now […]

A New Deadly Combination in Nginx

Recently a deadly combination of vulnerabilities emerged, posing a severe threat to Kubernetes clusters utilizing Ingress-Nginx. By exploiting three critical vulnerabilities: attackers can execute arbitrary code and escalate privileges, all with access to the Nginx Annotation object. These vulnerabilities have been confirmed in both NGINX and Kubernetes/Ingress-Nginx, as reported by Google and various GitHub issues. […]

Identify Threats & Risks in a LinkerD-based Kubernetes Environment

We are excited to announce a new capability – LinkerD awareness.  LinkerD is a service mesh that allows organizations to secure, connect and monitor traffic to Kubernetes. Upwind will now identify LinkerD sidecars and proxies, in addition to our current Istio monitoring, and use this information as context for our threat detection and risk prioritization […]