How Adversaries Use Telegram to Evade Detection
In recent years, there has been a significant increase in adversaries exploiting popular messaging apps such as Telegram, Discord, Signal, and others to conceal their malicious activities. Among these platforms, Telegram stands out due to its robust security features, including end-to-end encryption and anonymous account creation, making it a go-to tool for cybercriminals. Overview Most […]
Understanding File-Based Attacks
File-based attacks are a growing concern in cybersecurity. These attacks involve tampering with files to gain unauthorized access, steal information, or cover up malicious activities. In this post, we’ll break down what file-based attacks are, look at some real-world examples, and walk through a typical attack scenario. What Are File-Based Attacks? File-based attacks exploit how […]
Enhance Your Threat Detection Capabilities with Custom Policy Scope
We are excited to announce a significant new capability, giving you the ability to customize threat detection policy scope in the Upwind platform. Upwind has always provided powerful out-of-the-box threat detection policies based on predefined attack vectors, ensuring real-time threat detection. With this new capability, Upwind provides even more customization to fit your unique infrastructure […]
How Organizations Use Upwind’s File-Based Threat Monitoring
Upwind’s threat detection capabilities give you real-time protection against cloud attacks, including malicious file activities. Upwind’s lightweight, high-performance eBPF sensor goes beyond monitoring file activities to enrich that data with information about an event’s context and provide insights into the actions taken on the file, including read, write, and truncate (delete). You can leverage this […]
Power Your Cloud Security with Software Development Lifecycle (SDLC) Context
We are excited to introduce a new capability that enables you to bring-your-own version control system to the Upwind platform – which integrates rich context from pull requests and build-time activities directly into our cloud infrastructure security platform. Upwind offers unprecedented end-to-end visibility of your cloud infrastructure and applications, marrying intelligence from both build time and […]
Connect the Dots for Security Findings with Upwind’s Issue Stories
We are excited to announce the release of Upwind’s “Issue Stories” – a GenAI-based capability designed to address the challenge of connecting the dots between seemingly isolated security findings. By providing a unified narrative that consolidates and contextualizes events Upwind has determined to be related, Issue Stories enhance the comprehensiveness of our existing Issue types […]
Prioritize & Eliminate Critical Risks with Upwind
Upwind brings a new approach that redefines the speed, visibility and actionability of cloud security, cutting 95% of alert noise to help you focus on your most critical risks. The Upwind Cloud Security Platform gives you the ability to: Accelerate productivity and empower your Dev, Security, and DevOps teams to innovate within a secure & […]
Detect Malicious File Activities
We are excited to announce a significant new capability in the Upwind Cloud Security Platform – threat detections for malicious file-based activity. Upwind’s threat detection and response capabilities have always allowed customers to detect and respond to threats in real time, powered by our innovative eBPF-based sensor. With this new capability, Upwind’s threat detection capabilities […]
Detect Suspicious Communication with a Public DNS Resolver
We are excited to announce a new capability to detect unusual DNS resolver activity. This detection notifies you of unusual behavior by a virtual machine or container in your cloud environment, which is communicating with a public DNS resolver that it hasn’t communicated with recently. DNS Resolvers Trusting your DNS resolvers is a critical part […]
Detect Malicious Port Sweep Activities
We are excited to announce support for a new detection type – the identification of malicious port sweeps. Port sweeps can occur when compromised hosts or containers within your environment probe a port on a large number of publicly routable IP addresses or a large number of internal IP addresses. This type of activity is […]
