web analytics

Upwind Raises $100M to Thwart Cloud Security Vulnerabilities – Source: www.databreachtoday.com

upwind-raises-$100m-to-thwart-cloud-security-vulnerabilities-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author:

Artificial Intelligence & Machine Learning , Cloud Security , Next-Generation Technologies & Secure Development

Firm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud Threats Michael Novinson (MichaelNovinson) • December 2, 2024    

Upwind Raises $100M to Thwart Cloud Security Vulnerabilities
Amiram Shachar, co-founder and CEO, Upwind. (Image: Upwind)

A cloud security startup led by a former NetApp executive raised $100 million to help organizations filter and address vulnerabilities effectively by examining runtime context.

See Also: AI and ML: Ushering in a new era of network and security

Upwind Security said the Series A proceeds will help the San Francisco-based vendor take on long-term cloud security challenges such as API protection, misconfiguration management and vulnerability detection while consolidating functionality, according to Co-Founder and CEO Amiram Shachar. He said Upwind will also invest in artificial intelligence to streamline threat identification and secure AI-driven processes.

“Sometimes, startups raise money and use that to expand into new products,” Shachar told Information Security Media Group. “But actually, what we are going to do with the money is to deepen our existing capabilities because we see that customers are going to continue to buy from us if we deliver them the best-in-class product.”

Upwind, founded in 2022, employs 150 people and has brought in $180 million from outside funding, including a $50 million cash infusion in Sept. 2023. The company has been led since its inception by Shachar, who previously sold cloud infrastructure optimization firm Spot.io to NetApp for $450 million in July 2020. Upwind has tripled its valuation over the past 15 months to $900 million, according to sources.

Why Runtime Remains the Right Approach to Securing the Cloud

Shachar said Upwind will use the latest proceeds to double its headcount to 300, adding 50 engineers to enhance core platform capabilities as well as 50 to 75 go-to-market hires focused on boosting customer engagement efforts globally. Funds will be allocated to improve foundational capabilities rather than diversifying too early, which will ensure high-quality delivery to existing customers, Shachar said.

“In these markets, when you can grow faster, you need to do a lot of pre-assessment,” Shachar said. “Also, it allows us to be a significant player in the market while we’re only two years old.”

While traditional cloud security tools focus on static data and configurations, Shachar said Upwind uses real-time runtime insights to deliver precise, actionable security recommendations. Clients experience a drastic reduction in critical alerts due to the precision of runtime filtering, he said, with the company applying runtime context to vulnerabilities and identity management, not just detection and response.

“How is the technology required? How is this configuration tied with a real risk? Same thing for vulnerability, same thing for identities,” Shachar said. “This is really helping customers go from thousands of alerts to just a few.”

APIs are the backbone of modern applications, but Shachar said the company’s security is persistently challenged due to the introduction of risks such as identity mismanagement and data leaks as well as the need for contextual integration. By incorporating API security into a unified cloud security stack, Upwind addresses API vulnerabilities in the context of broader cloud risks, reducing cost and complexity, he said.

“API is not a standalone activity to look at like a standalone dashboard,” Shachar said. “It’s actually a dashboard that needs to be coherent with the other security functions. API is a cornerstone. It’s a fundamental capability. We’ve been that umbrella concept and tried to solve it with a different product than just generating more code there.”

How AI Advances Inform Upwind’s Mission

Shachar said Upwind is using AI both to enhance operational efficiencies as well as to secure the training and deployment of AI models, addressing vulnerabilities unique to AI-driven processes. Upwind uses AI to reduce the time to detect, resolve and prioritize vulnerabilities as well as to fix issues related to training and operating AI systems such as data poisoning and model manipulation.

“You need to secure that process,” Shachar said. “You need to make sure that someone’s not sending the wrong data. Someone is not poisoning your model. AI has a lot of open source dependencies, so you want to make sure that someone is sitting between you and your model and is actually telling the right AI to do something.”

Upwind primarily competes against Palo Alto Networks, CrowdStrike and Wiz, and Shachar said his firm excels because its technology isn’t tied to legacy endpoint or network tools, or fragmented by acquisitions. And unlike older cloud security technologies that focus on visibility and inventory, Shachar said Upwind emphasizes runtime context and API integration to properly address more advanced customer needs (see: Wiz Fortifies Application Security With $450M Dazz Purchase).

“We’re not based on legacy technology or stacks of acquisitions,” Shachar said. “So, we have a really good chance to provide a much better product experience.”

Upwind has excelled with organizations having between 1,000 and 10,000 employees who have significant usage of cloud, containers, serverless and virtual machines but have retained agility in adopting new solutions. While North America accounts for 80% of Upwind’s business today, Shachar said Upwind will hire technical sales professionals to engage with European customers on technical and strategic levels.

“There’s going to be tens of thousands of security projects for companies to replace their security tools and take their security to the next level,” Shachar said. “When you have a great product and when you have the right amount of funding, you can build a big company.”

Original Post url: https://www.databreachtoday.com/upwind-raises-100m-to-thwart-cloud-security-vulnerabilities-a-26953

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos