The Continuous Integration/Continuous Delivery or Deployment (CI/CD) pipeline integrates and tests code changes, often multiple times per day. And it automatically prepares code for release, sometimes automatically pushing code changes all the way to production without manual intervention. Practicing CI/CD today means faster delivery, more updates, and happier customers, all with fewer errors.  But it […]

Security posture isn’t all about misconfigurations, but can span thousands of combined moving parts across cloud workloads, identities, and SaaS applications, APIs, endpoints, and even AI pipelines.  The problem?  Everyone sees a slice of the total environment, but no one sees the whole. Most organizations plug visibility holes in their environments first with fragmented tools […]

Attackers access cloud systems through vulnerabilities like misconfigured Identity and Access Management (IAM) roles, public buckets, or exposed secrets. But they don’t stay in those initial entryways for long. The time it takes cyberattackers to “breakout” of their initial locations and move laterally across a cloud system is called “breakout time.” And it shapes cyberdefense […]

First, there were perimeters. The idea gradually gave way to endpoints, but today, identities are often the first point of entry to vast, diverse cloud systems. They’re enablers of lateral movement, pivot points in cloud and SaaS environments, that hold the keys to the rest of the environment. In other words, identities deserve attention. In […]

Big win for Upwind: We took home the overall title and earned top honors across every category at the Tamnoon Cloud Security Demo Showdown on June 5th. Upwind placed in the top three for all four categories of the people’s choice categories: Application Security, Cloud Security Posture Management (CSPM), Runtime Security, and Vulnerability Management. These […]

We are excited to announce a new enhancement to Upwind’s posture capabilities, with Upwind now providing comprehensive executive-level Configuration Reports. Users can now generate and download configuration reports, powered by live runtime data, directly from the UI. These reports deliver clear, actionable summaries of posture risk and misconfiguration findings, making it easier for security leaders […]

It’s not about how application programming interfaces (APIs) work. It’s not even about API security. It’s about what shadow or orphaned APIs are live right now — and how your teams can tell. As API use has grown substantially over the past few years, it’s become too easy to lose sight of how many APIs […]

In 2024, Crowdstrike’s faulty agent update drew attention to the risks associated with deploying and updating agents across enterprise environments. But agent-based systems producing valuable alerts correctly can also fail when those alerts are deprioritized by teams who don’t act on them in time (like the 2013 Target breach). And agentless systems come with their […]

Evaluating Extended Detection and Response (XDR) and Security Orchestration, Automation, and Response (SOAR) solutions means wrestling with integration, scalability, detection capabilities, automation — and the overall long-term viability of relying on one, or both, solutions within the current ecosystem. After all, adding tools is no one’s goal. Teams don’t need tools for their own sake; […]

Today, we’re introducing one of the most important upgrades we’ve ever made to the Upwind platform – designed to solve a persistent problem for security teams: connecting inventory data with real-time enforcement and meaningful policy impact. This release brings a new level of enhanced inventory management that redefines how security teams discover, query, and enforce […]