Keeping open source container images up to date and secure is hard. Teams face long, noisy lists of available updates and often can’t tell which are relevant or risky. Upwind helps by showing what’s actually running in your environment and giving clear, context-based recommendations. The Open Source Security Challenge Most containerized environments rely heavily on […]

Imagine you’re Mike, a security engineer at a fast-growing fintech startup. One morning, you are notified of a zero-day vulnerability in a popular open-source library used across multiple containers. You drop everything, messaging developers, digging through logs, mapping services – only to realize the vulnerable code never actually runs in production. You’ve just spent days […]

As serverless computing continues to gain momentum, developers and DevOps teams are increasingly turning to Microsoft Azure Functions to build scalable, event-driven applications with minimal infrastructure overhead. However, the very benefits of serverless – rapid deployment, fine-grained event handling, and abstracted infrastructure – introduce new challenges for security teams. These environments are harder to monitor […]

Cybersecurity Terms From A (Attack Paths) to Z (Zero Days) What are the most common cybersecurity terms you need to know at a glance? This dictionary goes beyond the basic tools and threats teams need to track, but also defines the principles, architectural risks, and gray areas where even mature organizations struggle. Aligning cloud posture? […]

Container use is here to stay. Even as of 2020, the Cloud Native Computing Foundation found that 92% of organizations had adopted containerized workloads, up 84% from the previous year, and soaring 300% above their initial adoption rate in 2016. Yet that adoption isn’t without risk: 86% of container images in production contain critical or […]

As the adoption of artificial intelligence (AI) models accelerates across business functions, employees and teams are increasingly experimenting with AI tools. From ChatGPT to Midjourney, Claude, and tools built into the apps they already use, they’re often engaging with Large Language Models (LLMs) without oversight, governance, or visibility.  It’s given rise to a new relative […]

All cloud providers have their own defaults within the shared responsibility model, and Amazon is no different. But how is Amazon Web Services (AWS) unique? And what are AWS security issues, risks, and concerns that go a step deeper than “open Amazon S3 buckets” but really get to the heart of the second-level tech challenges […]

With Upwind’s recent major releases of Inventory 2.0 and Custom Policies and Frameworks, security teams can now define security posture rules that reflect their specific requirements. These rules automatically adapt to infrastructure and workload, keeping compliance in step with real time conditions.  In this article, we will dive into how the Upwind Explorer enables teams to […]

Upwind is launching a new capability designed to accelerate time-to-value: Organizational Onboarding. Organizational Onboarding is a new method of deployment for Upwind’s Agentless Cloud Scanners that enables faster, more efficient onboarding and cloud coverage. It is now available for all major cloud providers – including support for AWS, Google and Azure. What is Organizational Onboarding? The […]

We’re excited to announce that the Upwind Sensor now officially supports NixOS. This marks a major step forward for teams running fully declarative infrastructure – NixOS users can now seamlessly deploy and manage the Upwind Sensor using the reproducible, version-controlled workflows they already trust for the rest of their system. What is NixOS? NixOS is […]