Upwind Security
Upwind helps enterprise security teams detect real cloud threats with 95% less alert noise.
Upwind Security is a cloud security platform that consolidates CSPM, CWPP, CDR, vulnerability management, identity security, and container security into a single offering. It uses eBPF kernel-level monitoring paired with cloud telemetry to detect malicious activity and correlate runtime context with build-time data, reducing alert noise by ~95%. The platform serves enterprise security teams protecting cloud infrastructure across AWS, Azure, and other environments.
Problem solved
Security teams are overwhelmed by false positive alerts and fragmented security tools, making it impossible to focus on genuine threats in production cloud environments.
Target customer
Enterprise organizations with significant cloud infrastructure (AWS, Azure) requiring consolidated cloud security across multiple compliance and threat domains. Includes companies like Siemens, Peloton, Roku, Booking.com, and NuBank.
Founders
A
Amiram Shachar
CEO & Co-Founder
Founded Spot.io (acquired by NetApp for $450M in 2020), served as VP at NetApp post-acquisition, previously led IDF Mamaram unit managing military data center infrastructure and virtualization deployment.
T
Tal Zur
Co-Founder
Former colleague from Spot.io.
L
Lavi Ferdman
Co-Founder
Former colleague from Spot.io.
Funding history
Series B
$250M
January 2026
Led by Bessemer Venture Partners
· Salesforce Ventures, Picture Capital, Greylock, Cyberstarts, Leaders Fund, Craft Ventures, TCV, Alta Park, Cerca Partners, Swish Ventures, Penny Jar Capital
Series A
$100M
December 2024
Led by Unknown
· Unknown
Seed
$80M
Unknown
Led by Unknown
· Unknown
Total raised:
$430M
Pricing
Subscription-based model with pricing determined by number of cloud assets and deployment scale. Not publicly listed; enterprise custom quotes required.
Notable customers
Siemens, Peloton, Roku, Booking.com, Abnormal AI, NuBank, Agoda, Vestiaire, Nextdoor, The RealReal, CallRail, H2O.ai, Yotpo, Intezer, People.ai, Cogniteam, Anzu, EvenUp, Tickmill
Integrations
AWS Security Hub (CNAPP partner), Microsoft Azure, NVIDIA AI systems
Tech stack
React (JavaScript frameworks)
jQuery UI (JavaScript libraries)
jQuery Migrate (JavaScript libraries)
jQuery (JavaScript libraries)
core-js (JavaScript libraries)
Swiper (JavaScript libraries)
Vimeo (Video players)
Webpack
LottieFiles
RSS
Open Graph
HTTP/3
WordPress (Blogs)
ShareThis (Widgets)
Site Kit (Analytics)
Google Analytics (Analytics)
HSTS (Security)
Twitter Emoji (Twemoji)
Google Font API (Font scripts)
Google Workspace (Email)
PHP (Programming languages)
Amazon S3 (CDN)
Cloudflare (CDN)
MySQL (Databases)
Google Tag Manager (Tag managers)
Elementor (Page builders)
Yoast SEO (SEO)
Amazon Web Services (PaaS)
WP Engine (PaaS)
CookieYes (Cookie compliance)
Amazon SES (Email)
Hello Elementor (WordPress themes)
Gravity Forms (WordPress plugins)
Priority Hints (Performance)
Apple iCloud Mail (Webmail)
Website
Competitors
Palo Alto Networks
Broader security platform with legacy endpoint tools; Upwind focuses purely on cloud runtime context without legacy baggage.
CrowdStrike
Endpoint-centric security provider; Upwind specializes in cloud workload and infrastructure security with eBPF-based runtime monitoring.
Wiz
Cloud security posture management focused; Upwind integrates CSPM with runtime detection and response capabilities.
Cisco
Network-centric security approach; Upwind emphasizes cloud-native runtime visibility and API integration.
HashiCorp
Infrastructure automation platform; Upwind focuses on security detection and response rather than provisioning.
Why this matters: Upwind achieved unicorn status ($1.5B valuation) just 3 years after founding by solving a real problem: alert fatigue in cloud security. The company's founder built Spot.io (acquired by NetApp for $450M), signaling strong execution capability, and the January 2026 Series B from Bessemer demonstrates sustained momentum in a competitive cloud security market.
Best for: Enterprise security teams managing cloud infrastructure at scale who need to reduce alert fatigue while gaining runtime visibility into genuine production threats.
Use cases
Alert Noise Reduction
Security operations centers (SOCs) receive thousands of daily alerts from fragmented tools, many false positives. Upwind correlates runtime context with vulnerabilities to identify only exploitable threats, reducing actionable alerts by ~95% so analysts focus on real incidents.
Vulnerability Prioritization
Organizations patch vulnerabilities reactively without knowing which are exploitable in production. Upwind pairs build-time vulnerability data with runtime monitoring to show exactly which CVEs pose actual risk in live cloud workloads, enabling prioritized remediation.
Consolidated Cloud Security
Large enterprises use separate tools for CSPM, CWPP, container security, and identity management, creating visibility gaps and operational complexity. Upwind unifies these functions into a single platform with correlated signals across cloud posture, workload protection, detection/response, and identity.
Runtime Threat Detection
Traditional cloud security tools focus on configuration compliance and static analysis. Upwind uses eBPF to monitor actual malicious behavior in Linux kernel at runtime, catching exploit attempts and lateral movement that static posture management would miss.
Alternatives
Palo Alto Networks Prisma Cloud
Broader security platform with stronger endpoint integration; choose Upwind for cloud-native runtime focus without legacy complexity.
Wiz
Focuses heavily on CSPM and configuration compliance; choose Upwind if you need integrated runtime detection and response capabilities.
CrowdStrike Falcon Cloud Security
Endpoint security vendor extending into cloud; choose Upwind for purpose-built cloud workload protection without endpoint baggage.
FAQ
What does Upwind Security do? +
Upwind Security is a cloud security platform that detects malicious activity in cloud environments by combining cloud telemetry with eBPF kernel monitoring. It consolidates CSPM, cloud workload protection, detection and response, vulnerability management, identity security, and container security into a single platform, reducing alert noise by ~95% so security teams focus on genuine threats.
How much does Upwind Security cost? +
Upwind uses a subscription-based pricing model where costs are determined by the number of cloud assets and deployment scale. Specific pricing is not publicly listed; enterprise customers receive custom quotes through direct sales engagement.
What are alternatives to Upwind Security? +
Top alternatives include Palo Alto Networks Prisma Cloud (broader platform but less cloud-native), Wiz (stronger on CSPM, weaker on runtime detection), CrowdStrike Falcon Cloud (endpoint-centric), and HashiCorp/Cisco for different use cases.
Who uses Upwind Security? +
Enterprise organizations with significant cloud infrastructure use Upwind, including companies like Siemens, Peloton, Roku, Booking.com, and NuBank. It's designed for security teams managing AWS, Azure, and other cloud environments at scale.
How does Upwind compare to Palo Alto Networks? +
Upwind is cloud-native and built specifically for runtime threat detection using eBPF kernel monitoring, whereas Palo Alto Networks Prisma Cloud is a broader platform that layers cloud security on top of legacy endpoint tools. Upwind avoids fragmentation from M&A and focuses purely on cloud workload and infrastructure security without endpoint complexity.
What makes Upwind different from other cloud security tools? +
Upwind uniquely combines eBPF kernel-level runtime monitoring with cloud API telemetry and vulnerability data to show which threats are actually exploitable in production. This runtime-first approach reduces false positives by 95% compared to traditional CSPM tools that focus on configuration visibility alone.
Tags
cloud security
CSPM
CWPP
runtime detection
eBPF
cloud workload protection
vulnerability management
container security
cloud infrastructure
threat detection
alert noise reduction
cloud posture