Upwind Expands Runtime Protection to Windows Server VMs

Windows workloads remain a critical part of modern cloud environments. From business applications and identity services to databases and internal systems, Windows Server VMs often support some of the most important parts of the enterprise stack.

Today, we’re excited to introduce runtime protection and visibility for Windows Server VMs, expanding Upwind’s runtime coverage to Windows workloads across AWS, Google Cloud, and Microsoft Azure.

With this new capability, security teams can gain deeper visibility into Windows host activity, monitor runtime behavior, detect suspicious activity in real time, and continuously assess Windows servers for vulnerabilities and configuration issues.

Why Windows Runtime Visibility Matters

Cloud security teams need to understand what is actually happening inside their environments, not just what exists in configuration snapshots.

For Windows Server workloads, that means answering questions like:

• Which Windows VMs are running in my cloud environment?
• What processes are executing on those hosts?
• What network connections are being made?
• Are DNS requests showing unexpected behavior?
• Which Windows servers have vulnerabilities or configuration issues?
• Which assets are active, exposed, or behaving abnormally?

Without runtime visibility, Windows workloads can become blind spots. Security teams may know that a VM exists, but they may not have enough context to understand how it behaves, what it communicates with, or whether it is introducing risk.

Upwind’s Windows Sensor helps close that gap.

Bringing Runtime Context to Windows Workloads

With Upwind’s Windows Sensor, teams can extend runtime security to Windows Server VMs across AWS, GCP, and Azure, giving them a more complete view of risk across heterogeneous environments.

Upwind supports Windows Server 2016 or later running on Amazon EC2, Google Cloud Compute, and Microsoft Azure VMs.

Discover Windows VM Assets in the Map

Upwind automatically discovers Windows VM assets and visualizes them in the Upwind Runtime Map, helping teams see where Windows workloads are running, how they connect to other cloud resources, and how they fit into the broader runtime environment.

Monitor Runtime Activity and Enable Real-Time Detections

The Windows Sensor brings Windows Server workloads into Upwind’s real-time detection workflows, helping teams identify behavior that may indicate compromise, misuse, lateral movement, or other security risks.

Gain Visibility Into Process and Network Events

By collecting key telemetry from Windows hosts, including process activity, network connections, and DNS activity, teams can understand what is happening on Windows servers at runtime.

Continuously Scan for Vulnerabilities and Configuration Issues

Assessments of hosts for vulnerabilities and configuration issues, helps teams prioritize remediation based on active cloud assets and runtime context rather than static findings alone.

Supported Coverage

Windows Server VM runtime visibility is supported across key Upwind workflows, including the Runtime Map, Detections, and Sensor components, so Windows workloads can be included in the same visibility, monitoring, detection, and risk prioritization workflows teams already use across their cloud environments.

Sensor Management

Once deployed, Windows VM Sensors appear in Upwind’s Components view. Monitoring, patching, and tracking from one place. No separate tooling, no manual overhead.

See It In Action

If you’d like to see how this feature fits into your environment, or to explore how Upwind can help you prioritize and remediate risk more effectively, schedule a customized demo with us. We’ll walk through your use cases, integrations, and security goals to show how Upwind delivers actionable cloud security at scale.