Security practitioners are no strangers to posture security control frameworks, such as the Center for Internet Security (CIS), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the System and Organization Controls (SOC). Each framework is recognized as a standard for security posture compliance and serves as a structured guideline for securing information systems, each tailored to specific regulatory or technological needs.

By adhering to these frameworks or using them as a guide to enhance your security efforts, you can ensure compliance, and build trust among stakeholders by setting and maintaining high standards of data protection and operational control in the cloud. However, the organizations & agencies that maintain these frameworks often struggle to keep pace with evolving cyber security threats and attacks, or to exhaustively cover the depth of controls that advanced organizations expect. Updates to these frameworks can be infrequent, and the guidelines, while comprehensive, may not account for the complexities in a more sophisticated organization’s environment. 

For this reason, we are excited to announce a major enhancement to the Upwind Cloud Security Platform’s posture module: the Upwind Posture Framework

The Upwind Posture Framework

The Upwind posture framework is designed to set a new standard in security frameworks, bridging critical security gaps and offering continually updated controls that cover a broad spectrum of areas and cloud providers. 

Screenshot-2024-06-20-at-5.48.24 AM-1024x492

We built the Upwind Framework based on our extensive feedback from Upwind customers, along with research and with customization by our industry-leading security research team. The Upwind Framework is designed to be a continually evolving framework that will consistently keep pace with the threat landscape and go beyond the security controls in other industry frameworks.

The Upwind Framework focuses on emerging and often overlooked security risks, giving you the ability to adapt to changes, ensure superior security posture protection and streamline proactive posture security adoption. This approach gives you the ability to easily employ the most advanced defense strategies available and strengthen your overall cloud security resilience while maintaining compliance and auditability with existing industry standards.

What Does the Upwind Posture Framework Include? 

The Upwind Posture Framework is dynamic and constantly updated, designed to address advanced and evolving posture risks that the Upwind security research team continuously monitors.

6-External-exposure-1024x873

The set of controls available in the Upwind Posture Framework’s initial release focus on immediately addressing gaps that are overlooked by other frameworks, offering robust controls to identify external exposures for AWS.

The Upwind Posture Framework’s initial release offers controls for external exposures across AWS services, including:

  • S3 Buckets
  • DNS settings
  • Lambda functions
  • Amazon Simple Queue Service (SQS)
  • Amazon Simple Notification Service (SNS) 
  • SageMaker
  • EMR clusters

The Upwind Posture Framework will be frequently updated to include additional controls and directly address emerging advanced security threats. This initial release offers comprehensive coverage against advanced threats in AWS, and future iterations will also include additional controls for Google Cloud and Azure. 

Learn More

To learn more about the Upwind Posture Framework and Upwind’s CSPM capabilities visit the Upwind Documentation Center (login required), or request a demo.