Upwind for AWS Security Hub Extended

I have several use cases for Upwind . I will start with our private cloud that is based on Kubernetes , so we're using it also for Cloud Detection and Response and also for vulnerability scanning. We're also using it on our cloud provider as a CSPM.

For Cloud Detection and Response, one of the biggest challenges is to have detection around containers, which we were missing visibility on, and with Upwind , we get it. Related to the vulnerability, because of the strong runtime sensor Upwind developed, it helps us to reduce many of the vulnerabilities that were classified by the shift left product that we used.

In general, I think that Upwind as a product makes a disruption in the concept of shift left; they come with a new approach by the runtime sensor that they made, making life for the AppSec team much easier.

It's a good question about the best features Upwind offers, but in general, they build a great product. One feature I can think about is their very strong API, allowing us to export most of the data to crunch and work with it. To me, having a wide API to interact with the data is very important.

In general, we use the API to export the asset and then compare it with our findings to improve triage, ensuring we are not missing anything. This is one of the main use cases for the API.

Having access to this API changes our team's efficiency dramatically; programmability makes everyone's life much easier. The operation reduces because of the time that analysts need to spend on triaging, and it also minimizes friction with developers, which is something Upwind helps us with.

Upwind positively impacts our organization overall by helping with the CIS benchmark for Kubernetes , which is definitely one of the strongest parts. Second, by reducing the number of vulnerabilities, we automatically reduce the number of tickets opened with the dev team, which is a big win. It also helps us to tune our vulnerability program better regarding classification and priority.

Currently, we are working with Upwind on API security, which is something we want them to keep pushing. We also want them to be able to record SSH sessions; it's a tough request.

We have been using Upwind for over a year now.

The deployment of Upwind was easy peasy.

The configuration process was pretty straightforward with no challenges.

Upwind is stable in my experience; I haven't faced any downtime or reliability issues.

Upwind's scalability is transparent for me; I haven't faced any workload issues.

From my experience, Upwind has the best support as a vendor; their response time is less than 2 minutes from the moment you slack them.

I would rate the customer support a 10.

We currently also work with customers, but I can't really disclose the names of previous solutions we used before Upwind.

In terms of proof of value, we see results very fast after implementing Upwind; the deployment is quite simple and doesn't require a lot of time. We start a POC for 2 months, and then we roll out to production in 2 to 2 and a half months in our huge production environment. Related to the vulnerability feature, again, with a strong runtime sensor, you can see the value pretty fast.

In terms of the daily day-to-day operation, Upwind has helped us a lot; even at the beginning, we needed to build a process around it because it's something new, but I would say that we feel much more confident knowing what is running in our Kubernetes environment. Related to the critical vulnerabilities, it has helped us to reduce about 70% of the critical vulnerabilities.

Both the licensing process and ROI were very simple, making sense overall.

We compare the return on investment with Upwind versus other companies, but I cannot disclose the specifics.

The pricing, setup cost, and licensing process were pretty reasonable.

Before choosing Upwind, I evaluated Twistlock .

My company does not have a business relationship with this vendor other than being a customer.

What I would change right now is nothing; I'm okay.

The work with Upwind is very collaborative; analysts work closely with them to make things easier for us as a company and for other companies using Upwind. In terms of time saving, it definitely saves many hours. I struggle to quantify it in numbers.

We did not purchase Upwind through the AWS Marketplace .

Currently, there is no integration with other AWS  services, so I cannot comment.

The procurement process was pretty easy and straightforward.

I haven't encountered any surprises regarding the metering and billing experience; everything is clear with our 2-year contract, so we are good to go.

It's hard to dig into it, but I estimate that the number of tickets opened with our dev team drops by probably 30 to 40% after using Upwind.

My advice for others looking into using Upwind is that if you are seeking a strong CNAPP  with an advanced runtime and strong CDR capabilities, this is the product.

On a scale of 1-10, I rate Upwind a 10.

We use Upwind  for runtime security in our cloud environments. We also use Upwind  for cloud security posture management, API security, and cloud vulnerability management.

Upwind has great runtime detection and response capabilities for our cloud workloads. It provides great context for vulnerability management, allowing us to see what our most important vulnerabilities are. Upwind gives us insight into API security threats and helps us identify misconfigurations in our cloud environments to align with security frameworks like CIS or NIST. With Upwind, we have greatly increased our cloud security posture. Our compliance rates have improved significantly, and they have helped us automate vulnerability management and gain insights into API endpoint security.

Upwind just needs to continue on the path they are on. They have some really great ideas and need to keep refining their different tool sets and add to their reporting and automation. However, they have a strong platform as it is.

I started using Upwind a couple of years ago.

It was very easy for us to deploy. Their deployment is much more modern and automated than others that we have seen.

Absolutely, Upwind is stable.

Upwind scales great for us. It is deployed in such a way that whenever we build something new, it automatically deploys to those new resources, and we really don't have to touch it much. So, it scales really well.

Customer support is fantastic. We have a very good relationship with the Upwind team. They are always timely in their response and provide direct integration with us via Slack . Whenever we have issues, they are right there to support us.

Yes, we did. We used another cloud security provider. We switched because they were a more legacy provider and their integrations were not as modern or capable. Their runtime alerting did not surface the same amount of detail or events, and we felt Upwind was cloud-first, which aligns with our company's cloud-first direction.

The initial setup was fairly straightforward. Pretty much everything was done via infrastructure as code, using either Terraform  or CloudFormation . It was as easy as applying those templates to our environment.

Upwind has definitely saved us a lot of time in reviewing the findings with the posture findings. It also saved us time in vulnerability management by significantly lowering the number of vulnerabilities we need to focus on, reducing the time required to address critical issues.

Pricing, setup costs, and licensing were very fair.

I would just say it's a great product. They have greatly improved our visibility. They are great to work with. They are a great overall cloud security platform and they continue innovating and adding new features. I would rate the overall solution a 10 out of 10.