How Upwind Cracked Cloud Security by Flipping the Script

$1.5 billion in four years. That's what Upwind Security is worth today, with clients like Siemens, Peloton, and Roku on its roster. But CEO Amiram Shachar admits the journey was far from certain: "Three years ago, we'd spend hours questioning if we were heading in the right direction—and 80% of the time, it felt like we weren't."

The doubt was understandable. Upwind was betting against the entire cloud security industry.

The Inside-Out Revolution

While everyone else was building "outside-in" security—scanning cloud environments from the external perimeter—Upwind went the opposite direction. Their "runtime security" approach monitors threats from inside the system, using real-time signals like network requests and API traffic as context.

"The security team would scan our environment and report issues, but they lacked critical context," Shachar explained, drawing from his experience at NetApp after selling his previous company Spot.io for around $450 million in 2020. "Coming from a DevOps background, we understood the infrastructure deeply, while security teams often didn't know how APIs were exposed or which packages were running."

The result? Traditional tools flagged countless false positives—issues that looked dangerous from the outside but posed no real risk.

Why the Market Resisted (At First)

Selling this contrarian approach proved challenging. Security teams, already overwhelmed by tool sprawl, were hesitant to deploy yet another agent internally. They defaulted to familiar, agentless solutions that were easy to implement but generated significant noise.

Sponsored

Advertise with Us

[email protected]

Sponsored

"Customers were hesitant," Shachar recalled. "People are used to installing certain agents on machines, but they don't like doing it."

The breakthrough came when customers realized external scanning simply couldn't keep up with modern infrastructure. With ephemeral containers, serverless workloads, AI agents communicating with each other, and data constantly flowing through APIs, mapping threats from the outside became impossible.

The Numbers Tell the Story

Once the market caught on, growth exploded. Since Upwind's $100 million Series A in 2024, the company has posted 900% year-over-year revenue growth while doubling its customer base. The startup has expanded from core markets in the U.S., U.K., and Israel to Australia, India, Singapore, and Japan.

The recent $250 million Series B, led by Bessemer Venture Partners with participation from Salesforce Ventures and Picture Capital, will fuel product development and AI security capabilities.

The Broader Security Shift

Upwind's success reflects a fundamental shift in how organizations think about cloud security. Traditional perimeter-based approaches made sense when infrastructure was static and predictable. But today's cloud environments are dynamic, distributed, and increasingly autonomous.

"Inside-out isn't an advanced option; it's the only way to solve the next generation of problems," Shachar argued. As AI workloads proliferate and infrastructure becomes more ephemeral, this perspective is gaining traction among large, data-intensive organizations.

The company's focus on building an integrated platform—rather than point solutions—also addresses security teams' tool fatigue. Instead of managing multiple products, customers get comprehensive visibility through a single deployment.