
Cloud Security
Upwind CNAPP Platform
Cloud and AI security using runtime intelligence and eBPF sensors for agentic response.
Upwind CNAPP Platform Overview
What it does
Upwind was founded in 2022 by Amiram Shachar and the founding team behind Spot.io, which sold to NetApp for $450 million in 2020 (co-founders: Liran Polak, Lavi Ferdman, Tal Zuri). The company has raised $180 million across three rounds: $28M seed (September 2022), $50M (August 2023), and $100M Series A (December 2024) led by Craft Ventures, with participation from TCV, Alta Park Capital, Greylock, Cyberstarts, Leaders Fund, Cerca Partners, and Sheva (founded by NBA player Omri Casspi). Upwind reached a $900 million valuation in December 2024 (tripling in 15 months) and is in advanced talks for a $1 billion acquisition by Datadog (July 2025). The company employs approximately 150 people across offices in San Francisco, Tel Aviv, UK, and Iceland, with plans to double to 300 employees by end of 2025.
How it works
Upwind delivers a runtime-powered CNAPP that uses eBPF sensors to provide deep visibility into cloud workloads at the process, network, and system call level. Unlike traditional CNAPPs that rely on static configuration scanning, Upwind's inside-out security approach analyzes real traffic, API calls, and runtime behavior to detect threats as they happen and prioritize risks based on actual exploitability rather than theoretical vulnerabilities. Customers report 95% alert noise reduction and 7x faster time to remediation through Upwind's contextualized threat detection. In December 2024, Upwind launched its integrated AI Security Suite, introducing AI Detection & Response (AI-DR), AI Security Posture Management (AI-SPM), AI Bill of Materials (AI-BOM), and GenAI Security capabilities that leverage the same runtime intelligence powering its core CNAPP platform. The platform consolidates CSPM, CWPP, CDR, CIEM, DSPM, vulnerability management, container security, identity security, and API security into a unified solution.
Credentials and traction
Upwind is SOC 2 Type II certified and holds ISO/IEC 27001:2022 certification, alongside GDPR compliance. It was named Best Cloud Runtime Security Solution at the 2024 Cybersecurity Excellence Awards and was recognized by CRN in 2024 among the top ten up-and-coming players across the cloud, identity, and data security segments. The platform is used by hundreds of enterprises worldwide, with named customers including Roku, Carvana, Siemens, Wix, and Peloton.
Key Capabilities
mapped to solution categoriesAnalyzes IAM policies across AWS, Azure, and GCP to surface over-permissioned roles, unused permissions, and cross-account trust relationships that create lateral movement opportunities.
Monitors running pod and container behavior against policy, detecting unexpected process execution, network connections, and privilege escalation at runtime rather than at image scan time.
Reads cloud volume snapshots out-of-band to assess workloads for vulnerabilities, secrets, and misconfigurations without agents or touching running instances.
Enforces a single policy definition across AWS, Azure, and GCP resource types, translating to provider-native configurations rather than requiring separate policy sets per cloud.
Correlates individual misconfigurations and CVEs into chained attack scenarios showing lateral movement paths from exposed entry point to a target asset. Produces a prioritized list of attack paths rather than a flat CVE inventory.
Delivers scan results inside developer IDEs and pipeline stages so developers receive findings before code merges, reducing the cost and cycle time of remediation.
Exports compliance evidence pre-mapped to framework control requirements (SOC 2, ISO 27001, PCI DSS), in formats auditors can consume directly: not raw CSV exports requiring manual assembly.
Enriches cloud misconfigurations, vulnerable workloads, and runtime detections with threat intelligence on active exploitation, prioritizing exposures attackers use over theoretical severity alone.
Instruments workload behavior at the kernel level via eBPF without a traditional user-space agent. Provides syscall-level visibility into process execution, network connections, and file access in running containers and VMs.
Discovers and classifies sensitive data in IaaS and PaaS stores such as object storage, databases, and data warehouses, surfacing data exposure risk alongside infrastructure findings.
Analyzes container images and dependencies for CVEs, malicious or compromised packages, and SBOM generation across the build pipeline.
Continuously audits cloud and Kubernetes configuration across AWS, Azure, and GCP against security benchmarks, flagging misconfigurations and identity-permission gaps that create exploitable exposures.
Scans infrastructure-as-code templates (Terraform, CloudFormation, Kubernetes manifests, and Helm charts) for misconfigurations and policy violations before deployment, so issues are caught in the pipeline rather than in production.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 27, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.