This is part two of a two-part blog series on how Upwind helps DevOps teams. You can read part 1 here.
The Upwind Cloud Security Platform helps organizations accelerate productivity and empower their Dev, Security, and DevOps teams to innovate within a secure and efficient environment. In our last article on how Upwind helps DevOps teams, we looked at ways that The Upwind Security Platform enables the new operating model of cloud security, with powerful, instant network and infrastructure visibility.
In this post, we will continue looking at how Upwind helps DevOps teams with key initiatives including continuous API monitoring, streamlined root case analysis and secured identity management.
1. Discover APIs & Track Sensitive Data Movement
Upwind automatically discovers your API catalog, creating a centralized repository of APIs and dynamically cataloging and mapping your APIs in real time. Through the analysis of actual traffic using eBPF technology, Upwind takes a significant step forward to add information from Layer 7 (the application layer). This ensures a thorough understanding of your API landscape, providing real-time adaptation to the dynamic nature of cloud environments and allowing you to easily view API schemas and JSON.
Upwind’s layer-7 awareness automatically discovers sensitive data movements in APIs by identifying sensitive attributes such as PII, PCI and PHI through hundreds of regexes. This allows you to easily identify:
- Internet Exposure: Assess the level of exposure of each endpoint to the Internet
- Actual Internet Ingress Communication: Discover if an API is continuously getting requests from the Internet, exposing it to external risk.
- Drift Detection: Easily identify whether an endpoint is documented in the docs/specs, ensuring transparency and compliance.
- Sensitive Data Classification: Obtain insights into the sensitivity of data handled by each endpoint.
2. Analyze API Traffic Patterns
Upwind gives you the ability to view sample successful requests and failed requests, in order to better understand API traffic patterns. Upwind does this by giving you a historical record of the last 100 sessions for each endpoint, enabling in-depth analysis into API behavior and performance.
You can also easily analyze and interpret API responses through Upwind’s detailed breakdown of response codes, giving you the ability to quickly identify and resolve potential issues.
Upwind’s use of layer 3, layer 4 and layer 7 analysis gives you the ability to easily identify which services are accessing which routes on a given service, providing you an end-to-end understanding of API usage and requests. This includes visibility into Internet traffic, services, and resources communication, all in one centralized location in the topology map.
3. HTTP/S, gRPC, GraphQL Requests Monitoring
Upwind’s API Security also gives you the ability to monitor API requests latency, view response statuses over time and investigate errors per route or resource. Upwind’s eBPF-based approach also allows for zero latency analysis, giving you the ability to analyze real-time API requests without impacting system performance. By avoiding common cumbersome methods such as monitoring APIs through external resources or mirroring requests, Upwind’s eBPF-based sensor gives you clear, real-time analysis while ensuring top system performance.
4. Automatically Discover the full Lifecycle of CI/CD Events
Upwind automatically gathers build-time and deploy-time insights without the need to connect with any of your CI/CD pipelines, including information on:
- Build: image build information from when the image was first seen by Upwind
- Delivery: information about image delivery and which images run on specific resources
- Versions: image versions and images over time
This allows your team to streamline the discovery process, and being on top of changes that might introduce risk or performance degragations.
5. Dynamically Correlate CI/CD Events with Risks and Threats
Upwind’s CI/CD awareness gives you end-to-end visibility of your infrastructure and applications, including the ability to dynamically correlate CI/CD events with vulnerability findings and threats.
This gives you a deeper understanding of the origin of risks and threats, as well as helping you to rapidly prioritize remediation.
6. Pinpoint Risks Origins
Upwind’s CI/CD awareness is a central point of all threat and vulnerability alerts – giving you complete root cause context down to the exact developer and commit that introduced a problem,
This built-in context provides out-of-the-box root cause analysis for threats and vulnerabilities, which Upwind customers have said helps them resolve issues 10x faster.
7. End-to-End Visibility with Build Time and Runtime
Upwind leverages both build time and runtime data to give you end-to-end visibility, making it easy to view any running service, all the way back to its CI/CD.
This Git awareness provides you with a built-in mechanism to rapidly find and fix problems, rather than spending hours or days researching each problem to find its origin. This streamlined discovery allows you to significantly reduce the mean time to remediation, as well as helping your team focus on fixing your most critical risks.
8. Manage Zero-Days with Ease using Upwind’s SBOM Explorer
Upwind gives you the ability to deep-dive into your SBOMs at runtime and discovers which packages are in use, package dependencies, drifts and vulnerabilities.
You can also quickly search for packages by framework, package manager, most used package and how many resources use each package. This gives your team the ability to easily understand your resource usage and gain deeper insights into your running packages within seconds, streamlining your posture management and giving you contextualized insights into how your resources are being used at runtime.
This feature can be your key weapon for the next zero-day attack, allowing you to quickly identify package use within your environment and all package dependencies, such as in the recent XZ Utilities zero day.
9. See Identities from IdPs to the Resource Level
Upwind’s Identity Security gives you the ability to view all of your human and machine identities in one place and quickly view any associated identity risks, as well as the number of cloud accounts they have access to.
Upwind also supports integration with Okta and other single sign-on identity providers, giving you the ability to easily track and manage users.
Upwind Identity Security provides a robust management and security for identities, including:
- Visibility: run executive reports for compliance and auditing
- Finding the Most Critical Risks: reduce your attack surface with proactive resolution for high-privileged identities.
- Threat Detection & Response: perform sophisticated identity-related threat detection and mitigation
10. View Identity and Resource Permissions
Upwind gives you the ability to drill-down into a specific identity and review all of its permissions across clouds and services. This makes it easy to streamline least-privilege, eliminate unneeded identities and monitor identity behavior.
You can also see the reverse logic by focusing on a specific resource and viewing how it can be accessed and by whom. By looking at an individual resource and working backward, you can quickly identify related roles, policies and services and get a complete view of resource risk.
Learn More
Upwind’s real-time analysis of network traffic and resource communication, deep root cause context and risk prioritization are powerful capabilities that enable DevOps teams to quickly and effectively deploy resources while enhancing performance and security. This in turn reduces friction between DevOps and Security teams, allowing the entire organization to work collaboratively and remain focused and agile.
For more information about how Upwind helps DevOps teams or to see a demo, reach out to [email protected].