Back to all posts
G100-SAST-Securing-Source-Code

SAST Fundamentals for Securing Source Code

Developers use SAST (Static Application Security Testing) to safeguard code before deployment, making for better coding practices from the start. But using SAST fundamentals for securing source code isn’t a perfect solution, and apart from building team buy-in and expertise, leaders will find they’re contending with secondary challenges as well: compliance requirements, depth of coverage, […]

G-146 EKS Security Best Practices

EKS Security Best Practices

Amazon Elastic Kubernetes Service (EKS) was introduced in 2018 to capitalize on the soaring popularity of Kubernetes and offer a fully managed control plane so organizations could focus on building and deploying applications rather than managing infrastructure. Since launch, EKS has added features like Managed Node Groups, Fargate support, and integrations with AWS’ other services. […]

G-137 LLMjacking, what is it? And Why is it a Concern?

LLMjacking: What is it? And Why is it a Concern?

LLMjacking — the term that describes scenarios in which attackers use exposed API keys or tokens to hijack Large Language Model (LLM) resources — is a brand-new issue. But although it was first identified in May 2024, it’s already a core challenge for enterprises.  With 58% of companies running LLM-based apps, LLMjacking threatens unexpected costs […]

G-136 Kubernetes RBAC Role-Based Access Control Management

Kubernetes RBAC: Role-Based Access Control Management

Overly permissive roles. Service account abuse. Namespace confusion. Complexity in a dynamic environment. Kubernetes Role-Based Access Control (RBAC) management doesn’t look like traditional RBAC. But understanding its scope, granularity, and permissions model is key to evaluating posture risk and Kubernetes security. After all, Kubernetes RBAC handles who can interact with the Kubernetes API, which is […]

G-125 What is Behavioral Analytics?

What is Behavioral Analytics?

The ability to track the activities of every user and application within an organization’s system and network can be key to detecting attacks in progress — it can also create a deluge of data that requires time and expertise to parse.  Security teams would do well to understand the role behavioral analytics plays in their […]

A cartoon penguin holding a pink padlock sits on a pink background. The word upwind appears in white text in the top right corner.

Linux Server Security

Linux servers form the backbone of nearly every enterprise infrastructure, from traditional data centers to cloud-native environments. But securing them isn’t as simple as hardening the OS or ticking off a compliance checklist. Especially in hybrid environments or scaling cloud workloads, Linux server security raises urgent questions: We’ve covered Linux hardening basics. Here, we’re going […]

Four green gear icons with plus signs surround a central circle containing a checkmark, connected by lines, on a light blue background. The word upwind appears in the top right corner.

What is AI-SPM?

As artificial intelligence (AI) adoption accelerates, from internal model development to widespread use of third-party AI technologies and generative tools, teams know their attack surfaces have spread. But that doesn’t mean they’re on board for tool subcategories like AI Security Posture Management (AI-SPM), let alone its compatriots like Cloud-SPM and Identity-SPM.  Yet, faced with the […]

A dark red, scalloped-edged badge with two star-shaped sparkles in the center is displayed on a pink gradient background. The word Upwind appears in white text in the top right corner, hinting at the intriguing question: What is Dark AI?.

What is Dark AI?

In what reads like the summary of an ever-escalating arms race, the CEO of NVIDIA recently predicted that, as artificial intelligence (AI) is increasingly able to produce fake information at high speeds, defenders will have to match that speed using their own AI tools. Is he correct? Are AI adversaries inevitable? Just what are the […]

A circular icon with a pink background displays three symbols: a padlock, code bracket, and gear—illustrating the best DevSecOps tools for security, coding, and settings. Upwind is elegantly inscribed in the top right corner.

Secure Your Private Cloud: Best Practices & Tools

Organizations often require greater security and control than public cloud providers can offer — especially when handling highly sensitive data or operating in heavily regulated industries. In such cases, private clouds provide an ideal solution, offering superior control, customization, and enhanced security by eliminating the shared infrastructure of public clouds. However, this increased level of […]

A stylized bitcoin symbol sits in the center of a sunburst design with a peach background, hinting at the mysterious world of digital currencies and posing the question, What is Cryptojacking? The symbol is surrounded by wavy, white lines. The word upwind is in the top right corner.

Understanding & Preventing Cryptojacking Attacks

Cryptojacking gained prominence in 2017 when browser-based mining made the exploitation of systems to produce cryptocurrency without the permission of users possible. Ever since, cloud-native environments have had to be on guard against this threat. But cryptojacking can be an overlooked threat. It’s not a risky unknown, like a Zero Day threat. And it’s often […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.