Upwind Raises $250M to Redefine Cloud Security
Cloud security startup Upwind has secured $250 million in Series B funding at a $1.5 billion valuation, signaling strong investor confidence in its "runtime" security approach. The platform helps enterprises prioritize real threats by analyzing active services and internal traffic patterns rather than relying solely on external scans. With major clients including Siemens, Peloton, Roku, Wix, Nextdoor, and Nubank already onboard, the fresh capital will accelerate product development and global expansion as cloud complexity continues to overwhelm traditional security tools.
Credit: Google
From Doubt to Breakthrough: The Unlikely Origin Story
Three years ago, Upwind's future looked anything but certain. Co-founder and CEO Amiram Shachar admits the team spent countless hours questioning their direction, with uncertainty dominating 80% of their strategic conversations. They wrestled with fundamental doubts: Would the market embrace their unconventional approach? Could it integrate smoothly into complex enterprise environments? Would security teams actually adopt it?
The skepticism wasn't unfounded. Unlike typical security founders with decades in cybersecurity, Shachar and his co-founders came from a cloud infrastructure background. They previously built and sold Spot.io—a cloud compute optimization platform—to NetApp for approximately $450 million in 2020. That acquisition became their unexpected gateway into security's biggest pain point.
The "Aha Moment" Inside NetApp's Security Operations
After joining NetApp post-acquisition, Shachar witnessed firsthand how broken cloud security workflows had become. Security teams would run scans and generate lengthy vulnerability reports, but critical context was missing. They couldn't distinguish between a theoretical risk and an actively exploited threat because they lacked visibility into how applications actually operated.
"Security teams flagged issues we knew weren't real risks," Shachar explained. "They didn't understand which APIs were exposed to the internet, which services communicated with each other, or which packages were actually running in production. Meanwhile, our DevOps team understood the infrastructure intimately because we operated it daily."
This disconnect revealed a fundamental flaw in prevailing security models: external scanning creates overwhelming noise without operational context. Teams drown in alerts while critical threats slip through the cracks.
Runtime Security: Seeing Threats From the Inside Out
Upwind's solution flips traditional cloud security on its head with what they call "runtime" protection. Instead of scanning environments from the outside, their platform monitors live application behavior—network requests, API calls, container activity, and service interactions—to determine which vulnerabilities actually matter.
Think of it this way: Traditional tools might flag 500 vulnerabilities across your cloud environment. Upwind analyzes which of those vulnerabilities exist in services currently running, communicating externally, or handling sensitive data. Suddenly, that list shrinks to five critical issues demanding immediate attention.
This inside-out methodology solves security's biggest challenge: alert fatigue. By correlating vulnerability data with real-time runtime context, Upwind helps teams focus remediation efforts where attackers would actually strike—on exposed, active services rather than dormant code.
Why Enterprises Are Betting Big on Runtime Protection
Major brands aren't adopting Upwind because it's novel—they're adopting it because legacy tools failed them during critical moments. One financial services client shared how Upwind identified a critical vulnerability in a payment processing microservice that external scanners had missed for weeks because the service only activated during specific transaction windows.
Another enterprise customer avoided a potential breach when Upwind detected anomalous API traffic patterns between two internal services—a subtle lateral movement attempt that traditional perimeter defenses never saw. Because the platform understood normal communication flows between those services, it flagged the deviation instantly.
These aren't hypothetical scenarios. As cloud architectures grow more distributed—with microservices, serverless functions, and containerized workloads communicating across regions—external scanning becomes increasingly blind to real attack surfaces. Runtime security closes that visibility gap by living inside the environment it protects.
Overcoming the Agent Adoption Hurdle
Early on, Shachar's team faced skepticism about their architecture. Many enterprises resist installing security agents on production workloads due to performance concerns and operational complexity. Upwind addressed this by designing lightweight instrumentation that adds minimal overhead while delivering maximum context.
"We knew adoption would fail if we asked teams to choose between security and performance," Shachar noted. "Our agents consume under 2% CPU in most environments and deploy in minutes through existing CI/CD pipelines. The value becomes obvious within hours when teams see their alert volume drop by 90% while catching threats scanners miss."
This pragmatic approach helped Upwind win over engineering-led organizations where security tools must prove immediate operational value—not just compliance checkboxes.
What $250 Million Will Accelerate
The new funding round, led by prominent growth investors, will fuel three key initiatives over the next 18 months. First, Upwind plans to expand its signal correlation engine to cover emerging cloud-native technologies like WebAssembly runtimes and confidential computing environments. Second, the company will open security operations centers in Europe and Asia-Pacific to support global enterprise requirements for data residency and 24/7 threat monitoring. Finally, they'll deepen integrations with infrastructure-as-code platforms so security validation happens automatically during deployment—not after vulnerabilities reach production.
"We're not building another dashboard for security teams to ignore," Shachar emphasized. "We're embedding security intelligence directly into developer workflows so risks get resolved before they become incidents."
The Bigger Shift in Cloud Security Mindset
Upwind's rise reflects a broader industry pivot from compliance-driven scanning to risk-prioritized protection. Gartner recently noted that organizations using runtime context to prioritize vulnerabilities remediate critical threats 68% faster than those relying on CVSS scores alone. This efficiency matters immensely when the average cloud environment contains thousands of workloads and millions of configuration possibilities.
The startup's success also validates an important lesson: sometimes the best security innovators come from adjacent domains. Shachar's team didn't set out to disrupt security—they set out to solve operational problems they experienced firsthand. That practitioner perspective became their unfair advantage.
Security That Understands Your Applications
As Upwind scales toward its next growth phase, the vision remains focused: security tools should understand applications as deeply as the engineers who build them. That means moving beyond static snapshots to continuous observation of how services actually behave in production.
For enterprises drowning in security alerts yet still vulnerable to breaches, that shift can't come soon enough. The $1.5 billion valuation isn't just a number—it's market validation that runtime security has moved from experimental concept to essential capability. And with cloud complexity only accelerating, the companies that see threats from the inside out will increasingly separate themselves from those still scanning from the outside in.
The journey wasn't smooth, but Upwind's persistence through early uncertainty has positioned them at the forefront of cloud security's next evolution—where context isn't optional, it's everything.
