
Upwind Sensor now brings runtime visibility to gVisor sandboxed containers, proactively identifying threats in environments built for maximum isolation. gVisor acts as a security layer between containerized apps and the host OS, improving security and isolation, which is especially important for containers running sensitive workloads. With our new support for gVisor, strong isolation no longer comes at the cost of reduced security telemetry, enabling effective threat detection and runtime analysis across all containerized workloads.
What is gVisor?
gVisor is an open source security-focused container runtime, originally developed by Google and written in Go, that provides isolation between applications and their host operating system. Unlike traditional container runtimes that rely on kernel namespaces and cgroups
, gVisor implements a user-space kernel, effectively acting as a “sandbox” for your containers.
Here’s how gVisor strengthens container security:
- Sandbox containers: gVisor acts as a security boundary between your container and its host OS. gVisor intercepts syscalls made by the container, reducing container attack surface.
- Reduce kernel exposure: Since the host kernel isn’t directly exposed to the container while utilizing gVisor, the kernel is less susceptible to container escape vulnerabilities.
- Mitigate kernel-level exploits: Even if the container is compromised, the attacker would still be restricted by gVisor’s user-space kernel.
Why are we enabling gVisor within the Upwind Sensor?
With gVisor operating as a sandboxed kernel, Upwind now supports tracing inside these secure environments, which delivers the deep runtime visibility teams expect, without sacrificing container isolation.

Our integration taps into gVisor’s remote sink protocol and syscall trace points to deliver real-time visibility into container behavior. Even within a user-space kernel, you get the runtime insights needed for effective threat detection – ensuring comprehensive protection for isolated workloads.
Running gVisor? Let us show you how to gain full runtime visibility without giving up the isolation your security depends on – schedule a demo or drop us a line at [email protected].