Security Baselines

Overview

One of the core concepts of the Upwind platform is the use of a Security Baseline which enhances visibility and provides a deeper understanding of typical behavior within your cloud environment. This baseline is crucial for maintaining a secure and well-monitored infrastructure by identifying and alerting on deviations from typical behavior patterns.

Benefits

Enhanced Visibility

Easily view the established baseline for each resource.
Gain a clear understanding of typical behavior within your cloud environment.

Contextualized Investigations

View the baseline values for each resource
Streamline your investigation process.

Advanced Threat Detection

Upwind uses machine learning to understand typical behavior patterns for your resources and alerts you to suspicious or malicious activity that deviates from those baselines.
Proactively identify abnormal human and machine behaviors, going beyond traditional threat detection methods.

Additional Security Layer

The baseline acts as an additional layer of security on top of the Upwind detection engine.
Enriches the detection and threat intelligence capabilities.

Baseline Types

Processes

Upwind monitors and establishes baselines for process executions within your cloud environment, identifying typical behavior and alerting on anomalies.

Network

The platform also monitors network communications, creating baselines for normal traffic patterns and detecting deviations that may indicate potential threats.

File System Events

Upwind tracks file system accesses and modifications, establishing baselines for normal file system behavior and identifying unusual or potentially malicious activity.

The Learning Engine

Learning Time

The baseline algorithm learns your container behavior for the first 24 hours. During this period, the engine builds a complex model that triggers abnormal activities.

Machine Learning

Upwind continuously monitors process executions, network communications, and file system accesses across Kubernetes workloads and virtual machines with the Upwind eBPF sensor. Upwind meshes your cloud environment-trained model with a pre-trained model based on the most common technologies, providing real-time insights into Layer 3, Layer 4, and Layer 7.

Viewing Baseline in the Console

You can view security baselines in the Resource Overview side pane, which can be accessed by clicking on any resource in the Upwind Topology Map. After clicking on Resource Overview, you will see a menu with several options, including a Baseline tab, where you can view baseline behavior for the chosen resource. This allows you to quickly identify and investigate any deviations that might signal potential threats within your cloud infrastructure.

Overview​

Benefits​

Enhanced Visibility​

Contextualized Investigations​

Advanced Threat Detection​

Additional Security Layer​

Baseline Types​

Processes​

Network​

File System Events​

The Learning Engine​

Learning Time​

Machine Learning​

Viewing Baseline in the Console​