Skip to main content

Upwind CNAPP

What is CNAPP?

CNAPP (Cloud Native Application Protection Platform) is a unified set of security and compliance capabilities designed to secure cloud-native applications across development and production environments. Upwind provides this as a single platform, whose focus is adding context to security findings, both agentless and runtime, so you can secure your cloud from the inside out.

A New Dimension of Visibility

Upwind creates a new dimension of visibility by using the Security Runtime Fabric of your environment. Rather than depending only on configuration snapshots or static scans, it uses runtime data - how workloads, applications, and data actually behave - so you can secure your cloud and AI environments from the inside out.

upwind-cnapp-runtime-fabric.png

Six Pillars of security

Upwind's security is organized around six areas:

  • Secure Cloud Configurations - Posture and misconfiguration management across your cloud assets.
  • Secure Workloads - VMs, containers, Kubernetes, and serverless.
  • Secure Applications - Application-layer (L7) visibility and context for runtime behavior.
  • Secure Data - Detect sensitive data and secrets.
  • Secure AI - Security posture and protection for AI models and implementations.
  • Secure Code - IaC, supply chains and containers admission controller.

The Upwind Journey

upwind-cnapp-upwind-journey.png

Upwind’s capabilities span five layers-from posture analysis and discovery to runtime-driven protection:

  1. Agentless - Discovery of misconfigurations, vulnerabilities, and exposed secrets without installing agents.
  2. Runtime-Sensor - Lightweight runtime components for deeper visibility and threat monitoring.
  3. Application Context - How applications and services interact.
  4. Data Security - Protecting sensitive data and reducing exposure.
  5. AI Security - Securing AI workloads and AI-driven security features.

Together they give you a single platform that grows from posture to full runtime defense.

Security Across the Cloud Lifecycle

Upwind fits into three phases: Build, Run, and Protect.

upwind-cnapp-coverage-table.png

Build - Secure by Design

Catch issues before deploying them into production. Enforce guardrails and policies early in the SDLC, and review code, configurations, and dependencies so you prevent risk before deployment.

Use cases:

  • IaC Security - Secure Infrastructure as Code before it’s deployed.
  • Supply Chain Security (SCA & SBOM) - Software Composition Analysis and Software Bill of Materials - analyze your dependencies and look for vulnerabilities.
  • Containers Admission Controller - Control which container images and workloads would be allowed to run in your environment.

Run - Cloud Runtime Visibility

Upwind provides you a single view of your cloud resources and the runtime topology of application network flows. That means real-time visibility of live workloads and services in your cloud accounts, and allows for risk prioritization that reflects current cloud and data security posture.

Use cases:

  • Cloud Security Posture Management (CSPM)
  • Attack Path Analysis & Exposure Management
  • Cloud Infrastructure Entitlements Management (CIEM)
  • Vulnerability Management
  • Data Security Posture Management (DSPM)
  • Container & Kubernetes Security
  • AI Security Posture Management (AI-SPM)
  • Serverless Security
  • AI Security

Protect - Application Runtime Defense

Continuous detection and response (CDR): threats are detected as they happen, and you can respond from the same platform. That includes API security, AI-related threats, and application-layer (Layer-7) attacks. Attack surface management helps you stay ahead of exposure; when something does happen, runtime forensics give you the context to investigate and remediate.

Use cases:

  • Cloud Detection & Response (CDR)
  • Attack Surface Management
  • API Security
  • Dynamic Application Security Testing (DAST)
  • Incident Response (MDR)

Why Runtime-Powered Matters

upwind-cnapp-sensor-and-scanner.png

Runtime data provide valuable information that config-only tools can't:

  • Real-time security and app-layer identity: API and application awareness tied to network flows and process-level identity - what’s actually running and what it communicate with.

  • Automated response: Malicious activity, ransomware, and data exfiltration attempts can be detected and responded to in real time.

  • Runtime to code visibility: Trace a running service back to its repo and pipeline. Both DevOps and security work at the same time.

Context and impact clarity matter, runtime helps prioritization and decision making by enchancing these.