Prioritizing Cloud Security: Tomer Hadassi CTO @Upwind

Too much visibility, not enough action? Tomer Hadassi, CTO at Upwind, explains how to prioritize what really matters in cloud security. Discover how real-time, runtime context slashes thousands of vulnerabilities down to a few key threats, making life easier for DevOps and security teams. We also explore CNAP’s evolution, AI-driven profiling, and how to simplify compliance for enterprises and startups.

This transcript was generated automatically by AI. If you find any mistakes, please email us.

Tomer
0:00:00
What we really saw that was missing from a lot of security products is that they had a bit too much of a security mindset, in a sense, and not enough of an operations mindset. It caused this deluge of solutions that just provide a lot of visibility, a lot of dashboards, a lot of findings. We legitimately took like 3,000 vulnerabilities and told the customer, there's like seven you need to worry about.

Announcer
0:00:25
Hello, everyone. You're listening to Cloud Next,
your go-to source for cloud innovation and leaders insight brought to you by GlobalDots.

Miguel
0:00:38
The cloud is expanding and we can observe this across all industries across the board. When some years back, less than 10

Miguel
0:00:40
percent of the IT cost were invested in the cloud, we're now seeing a double digit increase in cloud computing each year, not only for cloud native startups, but also old school enterprise customers.

Miguel
0:00:59
But with this new era of IT, there come always new challenges. Today, I'm happy to announce that Tom Hadassi is joining us to discuss the insights of cloud security and compliance. My name is Miguel,

Miguel
0:01:11
I'm the director of Iberia and LATAM here at GlobalDots. I welcome you to the GlobalDots podcast with the founder of Upwind. Welcome, Tomek.

Tomer
0:01:20
Hey, Miguel. Pleasure to be here. Thank you so much for having me. Excited to discuss everything cloud security and our journey inside of it.

Miguel
0:01:28
Before we start for the business part, can you text me a little bit about yourself as a person? What could be interesting to our listeners to know about you?

Tomer
0:01:36
You know, I'm one of the Upwind's founding members, dealing with everything from technology, product, customers, and everything in between. My background comes, it's like pretty much any, almost any tech founder in Israel from the military. After that, worked in tech for a bit.

Tomer
0:01:51
I actually moved to the US, where I went to college. I worked in Wall Street as a banker for a bit. I thought that would be fun, it wasn't. I prefer finance in the newspaper than in an Excel sheet on my computer. So I spent some time there and I realized there was actually a really interesting angle of just connecting and understanding businesses a lot better, but connecting that to the technology

Tomer
0:02:11
background that I have. Just being able to speak both languages and work in both worlds has always been something personally very beneficial that I've seen.

Miguel
0:02:27
Gotcha, and how did you come into security, cloud computing, security, compliance? Why are these the topics that you choose to invest yourself in? Because this is your life's work, yeah?

Tomer
0:02:36
Yeah.

Tomer
0:02:37
So I think more than anything, it's cloud, first and foremost. Upwind is actually the second company we're building as a team. The first one was called, first Spotins, then Spot.io, and eventually Spot by NetApp.

Tomer
0:02:51
And as we've built Spot, you know, we had a chance to work with probably a couple thousand DevOps and SRE and infrastructure teams as they were going through their cloud journeys. They were like more advanced, they just migrated,

Tomer
0:03:05
they've been there from day one, we've seen it all, right? But one thing that was very consistent is that they were inundated with security all the time. Right, it's a concern for every business, no matter the shape, the size, or the work. And even as we saw more and more advancements

Tomer
0:03:23
in the world of security, we still saw a lot of gaps. And I think maybe one of the biggest ones was after Spot got acquired, we joined NetApp and the NetApp security team very quickly gave us a report saying, like, hey, you have to fix these 15,000 things.

Tomer
0:03:41
And we're like, okay, maybe we didn't have like the world's best security program as a startup before, but like, I don't think we have 15,000 things to fix, right? And over the next few weeks, instead of fixing them, we just went one by one to actually understand the risk and the context that it had within our environment,

Tomer
0:04:00
how it actually affected us, and realized that, you know, in most cases, we had a very good case to why this doesn't matter and why we're not going to fix about 95, 98% of these things, and they're just benign. And I think that that was kind of one of the things that really piqued our first interest in security

Tomer
0:04:20
and made us say, you know, as we went into our second journey and started up, we really dig deeper into that space and figure out what we can do to just make it better.

Miguel
0:04:31
And there were not so many solutions when you started off with upwind, yeah? Because it's a complete new market, security and compliance for a product that didn't exist a couple of years back. So tell me a little bit how you engage in the market and maybe you can also help us a little bit to position upwind. How do you connect with, you know, the known security products like observability, CM, SOC,

Miguel
0:04:51
how is everything connected here?

Tomer
0:04:53
Absolutely. So yeah, I think security is probably one of the most crowded markets out there, especially cloud security today. I think it's still figuring itself out. It's definitely going to consolidate and, you know,

Tomer
0:05:06
I'm expecting to see less solutions in a few years.

Miguel
0:05:10
We're seeing this right now. There's consolidation happening right now.

Tomer
0:05:12
There's companies being bought, big push, exciting things happening. The valuations in the market have kind of toned down a bit from the madness of 2021, 2022 and acquirers are finding it to be a good time to go out there and acquire, which is good. I think from our perspective, what we really saw that was missing from a lot of security products is that they had a bit too much of a security mindset, in a sense, and not enough

Tomer
0:05:43
of an operations mindset. And it caused this deluge of solutions that just provide a lot of visibility, a lot of dashboards, a lot of findings, right? Again, 15,000 problems at a fairly, you know, not like a massive company that we had. And what we've realized is that the solution to a lot of these things,

Tomer
0:06:04
and the next step after you understand those problems, right, is to prioritize them. You know, what do I fix first? What do I tackle first? And that's a bit harder. And even harder than that is operationalizing

Tomer
0:06:16
the solution of it, right? So how do I get to my hundreds or thousands of developers and get to the right person with the right problem? Like this vulnerability goes to this person, that misconfiguration to that person, that live threat like now needs to be handled by the SOC or the incident response team.

Tomer
0:06:33
And we really realized that we see runtime and real-time visibility as kind of the connecting tissue here that significantly helps you to prioritize, to understand the real risk in real time and to remediate it a lot faster.

Miguel
0:06:50
Gotcha.

Miguel
0:06:51
Yeah, so I've been working with Upwind as well. Yeah, as you know, GlobalDots has been a partner since the beginning. So I have been the pleasure to have some proof of concept with customers. And the most best feedback we always got is that it makes the job of the DevOps and the DevSecOps much, much easier. It's like having two people constantly working for you in the back end 24-7,

Miguel
0:07:13
sorting out and prioritizing, because the biggest challenge that we are seeing is the huge amount of false positives that are being generated by the cloud providers. And if you don't know if this is a real threat or just something irrelevant,

Miguel
0:07:27
you can spend just hours just sending through there. So yeah, I agree with you 100%. Let's go a little bit to terminal knowledge here. So also our viewers understand a little bit here. So if I'm correct to call you a CNAP, could you please explain what are this acronym stands for?

Miguel
0:07:45
What is included in there? Because besides security, it's always a compliance component. So maybe just give us a little bit rundown of what areas in cloud security Upwind is touching.

Tomer
0:07:55
CNAP is a term coined by Gartner a few years back. It's, you know, cloud native application protection platforms if I remember correctly. And it's also ever evolving, right? I think Gartner is evolving it based on kind of what the market is doing,

Tomer
0:08:09
and you see that the different CNAP providers are kind of like wedging like in different areas. But I think broadly, the main pillars of CNAP mean, first of all, the entire world of posture and compliance. Is everything configured correctly? Can I understand everything that I have, right?

Tomer
0:08:23
Like inventory is a big part of posture, understanding what I have, what do I have, what technologies do I use, how is it configured, and then how does that compare to best practices set forth by different organizations like CIS, Center for Internet Security, or a SOC framework, or if you're a financial institution, you're facing PCI compliance, if you're a healthcare, HIPAA compliance, you know, those hundreds of frameworks that are developed around the world in different countries and different industries.

Tomer
0:08:55
I think that's oftentimes really, you know, partial configurations and compliance come hand in hand together. I think you'll also notice the things like Amazon well architected, right, really strongly aligned to compliance frameworks. It really is, I think, becoming more and more the common knowledge of what's the best way or the safest and smartest way in a sense to architect and run a workload in the cloud.

Tomer
0:09:25
I think that's the basics of cloud security. That's where cloud security really started. It started from this promise of just the cloud itself as a data center is extremely secure, right? Like no one's hacking AWS right now.

Miguel
0:09:38
No one is hacking AWS, Google and Microsoft.

Tomer
0:09:40
Exactly.

Miguel
0:09:41
No one.

Tomer
0:09:42
Until someone leaves a key in some GitHub repo.

Tomer
0:09:44
But and then

Tomer
0:09:46
there's this shared responsibility model where it's like, oh, you know, you can have the most locked down cloud environment or you can do everything publicly open to the Internet. So you kind of created a situation where the first thing you want to do is make sure you're using those configurations correctly. And you're not mistakenly, you know, things of the first big breaches on AWS really happened

Tomer
0:10:11
because companies just left a public S3 bucket with all of their customers' information. The attacker wasn't very sophisticated, right? But the defender was a little silly. So I think that's the first pillar, inventory, posture and configurations. Then you get into the world of threat detection and workload protection, right? That can happen in two layers.

Tomer
0:10:33
One is on the cloud itself as a platform, right? Are my employees that are always logging in from the US, suddenly someone is trying to use this key in North Korea? Probably not one of my employees, right? Someone, you know, something was compromised. So I want to figure that out in the cloud layer first,

Tomer
0:10:55
and then obviously the threat detection of the workload layer. As more and more critical workloads move to the cloud, and it's not something only small startups are using, right, major enterprises, militaries, defense agencies, and et cetera,

Tomer
0:11:07
I think real-time protection is also becoming a lot more critical, and is becoming more and more a part of CNAP as well. So that's the second pillar is really the world of workload protection, but it's both CDR and workload protection. And then the third one is the world of application.

Tomer
0:11:28
Right? So vulnerabilities, APIs, right? What are your developers doing and everything around that. And then I would say kind of underneath all of that, you get like the platform layer, right? So you need some identities management

Tomer
0:11:42
and you need some maybe, you know, tools for your developers on code scanning and you need maybe data posture management, right? And those are, in a sense, pillars of CNAP, right? They've also been, I think, twisted here a bit, right? That DSPM or identity management

Tomer
0:12:00
goes way, like, well beyond your cloud. But I think customers have come to expect that at least the cloud portion should be covered by a CNAP tool as well.

Miguel
0:12:09
Yeah, especially because now there's always different companies connecting to the same cloud. Yeah, this could be your reseller, this could be your partner, your consultancy company, your your customer even. Yeah, many people are connected to the cloud. So it's really important to cover all of these aspects as well.

Tomer
0:12:25
Yeah, and I think beyond a lot of these people, you're now also facing a sprawl of machine identities that connect to your cloud, right? Like your Slack has Webhooks into your cloud, and your Salesforce has Webhooks into your cloud, and your Splunk.

Miguel
0:12:38
And they are connected to other tools in the back end, yeah?

Tomer
0:12:40
Exactly, and then you get these chains of identities and relationships between them, and blast radiuses, and privilege escalations, and lateral movements, and how do I have a container in the cloud that now has fairly broad access within the cluster but can also jump into the cloud itself.

Tomer
0:12:59
That's a scary entry point where someone is like, oh, it's not that this workload is compromised. My entire cloud environment gets compromised with this workload.

Miguel
0:13:06
It's compromised, yeah.

Tomer
0:13:08
Yeah, so Synapse covers, I think, all of these areas. I think different Synapse providers are stronger in kind of where they started in a sense. Right. Different ones chose a different entry point and then expanded from there. And but broadly all of them cover these PLLs. There's also an intelligent component to this.

Miguel
0:13:28
Yeah. So you guys learn from your customer environment. Can you explain a little bit how this is working? Are you applying machine learning or artificial intelligence here, and how does this adapt the product to the customer itself, to a specific customer?

Tomer
0:13:44
Yeah, so I think that really connects to the point I just mentioned, right, which is our gravitational pool, and where we started is, you know, a best-in-class solution at real-time protection and runtime security, right?

Tomer
0:14:00
And then we realized, right, like you always care about more than just that. And we've expanded. And a lot of it came from customers' feedback and what they needed. But one of the core capabilities that we have that allows our customers to protect themselves against much more advanced type of attacks is, like you mentioned, profiling and baselining applications and workloads and then being able to understand anomalies on top of them. I think this is like a very evolving like threat vector today.

Tomer
0:14:29
Right? If you have these aggregators of all the malicious signatures of files and malwares and all of these things, and they have billions of signatures under them, right? If not trillions, maybe. But the problem with that, and you know, everyone's been aggregating them and they've been collecting it from like 60 different vendors all over the world, and they've been collecting it for over a decade and they know every malware out there. But come LLMs, I can take any malware,

Tomer
0:14:56
throw it into like a, you know, a chat GPT like solution and ask it for a million new signatures of that same activity, right? So it will do the same malicious operation, but it's going to have a million new signatures that I just made up five minutes ago.

Tomer
0:15:11
No aggregator knows about them. But they'll still create an anomaly on any workload they try to run on. Right? And when you start profiling and baselining application, creating like a learning period,

Tomer
0:15:24
deciding like, okay, this is what normal looks like for this container or this virtual machine or this human identity or machine identity, right? Or API call or anything you need to profile. Then, and then you need, when you think about immutable workloads as well,

Tomer
0:15:39
right, so in a modern architecture, we are using what we call an immutable environment, right, where you don't change a running workload, you redeploy it with the change. So workloads shouldn't change their behavior after the baseline was established, right?

Tomer
0:15:50
They should get redeployed, they usually have a new image, you have a new workload name, you have a new version, something has to change for the behavior to modify itself. And basically what we do at AppWin is we profile and baseline every application, every workload, every identity that you have.

Tomer
0:16:08
And then we can run an anomaly engine on top of it. And when you're truly running in a mutable way, any anomaly is interesting. There shouldn't really be any beyond the learning period. Obviously, you need some heuristics and logic on how to filter them because the same process might execute it just slightly differently. You need to understand when it seems suspicious and when it's like a legitimate, like slight

Tomer
0:16:28
movement out of baseline. But if a new process spawns after like a container has been running for four days and suddenly a new process is running all of a sudden, or, you know, something that never touched like a password file locally on the machine is suddenly creating like a read or write command into that. It's probably something you want to know about and be notified.

Tomer
0:16:51
So it's really about understanding activity and behavior more than just aggregating signatures all day long.

Miguel
0:16:58
A hundred percent. Yeah. And what we're seeing when we do implementation of CNAP in customers, specific upwind, the SOC guys get really happy because they get filtered information, they get less false positives. Yeah.

Miguel
0:17:12
They get also an overview of all the certifications and it makes their life just much, much easier. So it helps the DevOps guys, the DevSecOps guys, but also the guys sitting in your SOC or NOC center. They're super happy if you implement something like this.

Tomer
0:17:25
Yeah, so a small anecdote on that is that, we've really taken this concept of, okay, let's look at what one could consider malicious behavior, and first of all, it's an event, right? But it needs to have the right context within the environment to actually become a threat

Tomer
0:17:42
and kind of a detection that goes out to the SOC team. And we've realized that with the right heuristics, you can actually filter over 95% of these things. And just as a basic example, something like a Netcat process. It's a fairly known process.

Tomer
0:18:00
It's used in many different systems like a Zookeeper or Kafka or Postgres databases to establish connections. It's also used by hackers to go out from your environment and exfiltrate data. And most like malware detection systems will just detect those net cuts, right? And they'll be like, oh, you have 200 net cuts running in your environment. Yeah, but they're all in Zookeeper. Like that makes sense. That's how the workers communicate. Looking at that process execution in real time and at runtime allows you to see that at that right context and filter out that noise. But to take all of it a step further and to also

Tomer
0:18:35
answer your question about the use of AI, what we're able to do is when we see a series of events that look a little suspicious, but each one of them doesn't tell enough, by working with some AI models, we're able to take like 15, 20, 30 events, and based on some logic our research team has done with those AIs, create what we call an issue story. And it really starts like telling like, okay, this is how this all started, and this is what went down right after. This is what the likely attack is trying to do to you right now, and this is what you

Tomer
0:19:11
need to do to remediate it. And obviously, our 24-7 support and SOC teams help as well. But customers have told us though, like you took an alert that last time I saw an alert like that, I spent like eight hours just trying to figure out like what's happening here and you just gave me the answer.

Miguel
0:19:26
Yeah. I mean, I come personally, I come from a CDN WAF background, so web application. Yeah. This has been always my area of expertise. And the first thing that we, to any client who has a relevant website online, we recommend to implement a WAF, a web application firewall.

Miguel
0:19:47
And I feel like the CNAP is the WAF of the cloud. It is the first step to really, if you want to build a security strategy, you start with the CNAP. It's the first building block from which everything else comes apart, which is the same story as with the WAF, because in the WAF then you connect your API protection and your bot mitigation and your DNS and all of this. So I see a really similar story here for the for the SYNAP.

Miguel
0:20:10
So my question, so customers and we've seen this, yeah, that already have a big cloud spend over 100k a month, 200k a month, sometimes they don't have a SYNAP in place, they don't have a SOC in place, so they just take use the local AWS or Azure tools. So maybe you can explain to me, for when does it make sense for a customer to stop using the localized features and move to a fully external Synapse?

Tomer
0:20:35
I think that as this market is evolving, people are realizing they can adopt Synapse solutions sooner and like earlier and earlier in their journey. I think one of the scary things security teams deal with is that the moment they know about something, they're liable to it, in a sense. So they're like, okay, I'm trying to move fast. I'm trying to move my company very quickly. There's some easy solutions.

Tomer
0:20:57
I can say I'm doing security, fall by like a best in class in-app, it might find more than one-handed right now.

Miguel
0:21:04
And if I can't deal, it doesn't exist. Yeah.

6
0:21:07
Yeah.

Tomer
0:21:08
I guess my program wasn't good enough. Like I'm not liable for it. I'm sorry. But if it's like, hey, you knew this problem existed, you didn't fix it. And now customer data got exfiltrated.

Announcer
0:21:18
Right.

Tomer
0:21:18
We're now even starting to see like see-saws in the US and like the likes of that, like go to prison over these type of things. Um, so I think, uh, sometimes maybe smaller customers are like, I don't need to invest in it. It's going to like spend a lot of time for me. Like it's going to, you know, just give me too many alerts.

Tomer
0:21:34
Um, I need something simple just so like I can cover the basics. But I think that as Synapse solutions are evolving, they're actually going to create less alerts than those point solutions. One of the big things we've seen is that the more layers of data and context you add,

Tomer
0:21:52
actually the less things you need to fix, right? So if I scan a repository of images for vulnerabilities, I'm going to find thousands, if not tens of thousands of them, right? But if I'm going to scan it only on my running or on my workloads,

Tomer
0:22:09
so on what goes through CI into deployment, then I'm probably gonna get like half of that, right? Cause there's a lot of stale images in my repository that I don't even need to think about, right? So I get less alerts. But then if I also scan it at runtime proactively,

Tomer
0:22:23
I can figure out which ones of those are exactly exposed to the internet, which ones of those actually load the vulnerable packages into memory and are meeting the criteria to be exploited the way they're running. And then add some more context on their privileges, their sensitive data flows, right, like how are they associated with that. And we've seen cases where, you know, we legitimately took like 3,000 vulnerabilities and told the

Tomer
0:22:44
customer, no, there's like seven you need to worry about. Right. I've seen this.

Miguel
0:22:52
I've seen this live in POCs and I've seen the reaction of customers.

Tomer
0:22:55
Yeah, OK. OK, it's not that bad. And and I think that the more customers realize that, that, you know, just going with like a slightly more advanced solution can actually mean less work in that case. And as technology advances to a way that it's also very easy to implement, very easy to deploy, and more data efficient as well. So potentially cheaper too than those, you know, point solutions in the cloud that, you know, only cost five cents a call,

Tomer
0:23:27
but you do a billion of them a day. So they really know how to add it up. And I think we're seeing customers start earlier and sooner and sooner in the journey. We see companies with like 20 servers approach us at this point. Right. And they're like, no, we just need some protection. We want something that can grow with us and can take us through the journey. But that right now will help us filter noise and be easy to use.

Tomer
0:23:50
Obviously, we see customers with tens of thousands of hosts and, you know, a hundred thousand plus, but they are very concerned about security and they have, you know, a 200 plus security team. But I think customers really think they need to mature a lot to adopt a solution like that.

Miguel
0:24:07
Gotcha. I see also two other use cases. So enterprise customers that are moving now to the cloud, they're starting a cloud journey. They should immediately start off with a CNAP to protect their data.

Miguel
0:24:18
The data is just so critical. And also the compliance level in the future is going to be so complicated that I recommend all of the customers that if you're moving to the cloud and you're a big company, you should definitely start from day zero with a CNAP activated. And then the second point that we see why customers, also the startup customers, are

Miguel
0:24:40
starting to look into CNAP is the compliance part. What we see here in EMEA, I don't know in other regions, but EMEA the most is ISO, the ISO certification. That's the number one that customers get asked for. And as startups grow and then suddenly they have to be certified, normally that leads a lot of panic.

Miguel
0:24:59
Yeah. And Synapse basically can bring down the calm. It can summarize everything. Most startups are cloud native. So with a good Synapse and with the report that for example Upwind is creating, they can get certified in ISO.

Miguel
0:25:11
That's what we're seeing a lot. SOC2 we're seeing a lot as well. And then every company that has payment gateway on their website always needs a PCI. And now these two and other certificates are becoming more and more on pair.

Miguel
0:25:25
So that's also a big reason to change to a single.

Tomer
0:25:29
Yeah, so I think we see a lot of that. And I think it was just a very simple way to think about it, right? It's much easier to get five servers into compliance than it is 500 or 5,000, right? And if your first five servers are meeting

Tomer
0:25:42
those compliance standards, and you know, you work in kind of like a DevOps native way, then it's not gonna be that hard when you grow to maintain it. But if you've already grown and you already have customers and a lot of systems in place and processes

Tomer
0:25:56
that are not compliant by design, it suddenly becomes like a three, four, five month project that requires everyone's attention in the company and feels like a very daunting task. But when you're very small, it's actually fairly easy. It's just how to mentally decide to invest in compliance that you don't need yet.

Tomer
0:26:15
But I think at least in your cloud design, in your systems design, just being able to monitor it and understand, okay, how far away am I? How hard it is? Okay, if in an hour of work today, I can fix it. This actually might save me 50 hours of work like a year from now.

Miguel
0:26:30
Maybe it's worth it. Yeah, and you get to build up everything on best practices, yeah, from the beginning or you see where you go away from best practices and what you need to change in the future, yeah. So it's a great tool for the team to build up. And again, it takes off human work hours, yeah, a lot of manual, a lot of work that otherwise

Miguel
0:26:50
would be done manually, yeah, and especially startups. They don't have so much access to security-focused DevOps, yeah, it's a market, a biased market. There's not enough personnel out there, so a tool like this can basically set the groundwork for everything else to come.

Tomer
0:27:07
Absolutely, and I think it's gonna be a very, an unpleasant finding for a startup company that only has its first big enterprise-like deal, and they're like, oh, by the way, you have to meet these compliance standards and you're not even started evaluating that.

Tomer
0:27:23
Right, you're not gonna be able to do it in time to be a part of the deal anymore. So at least in the process, you've at least given it some thought before, then you're like, okay, we can go into the deal, I'll commit to finishing that compliance within 90 days

Tomer
0:27:36
and you know it's feasible. You really don't want to lose deals over this thing, huh? When you're a small company trying to survive. So now we decided that companies should focus on implementing the CNAP if they have any reason to be in the cloud and they want to be secure. Let's talk a little bit about what makes Upbrint different from the rest of the CNAP market.

Tomer
0:27:57
We don't need to drop names, but there are some big enterprise customers that have a product on the market. There's some new companies that are fairly young, but have received millions of dollars of funding. So where do you position in this ecosystem? And maybe also, what is the next steps for Upwind?

Miguel
0:28:12
Where is it going?

Tomer
0:28:13
Yeah, I think the way we position ourselves and the way we think about our differentiators is that we are a runtime, real-time focused CN app. And the idea here is that it's not just about using runtime because you need like an EDR in the cloud. Yes, that's the basics.

Tomer
0:28:30
You're already putting something in your runtime environment, like a sensor type solution. You obviously want it to be your EDR. But it's also ways to just do that with it, where you can actually use that same context to make your posture smarter, to make your API security smarter, to make your vulnerabilities management smarter. And essentially, you know, we've developed this, you know, one sensor to rule them all in a sense that will pretty much provide you all of the context you need to secure your

Tomer
0:29:04
cloud in an effective way. And let's maybe just share like one quick example of what that can mean. So there's a classic CIS, you know, compliance benchmark that says, don't use Amazon Web Services Metadata Service v1, like the IMDS v1. Why? Because it's like a legacy solution in Amazon.

Tomer
0:29:26
It's a little easier to do privilege escalations on it, receive new tokens and things like

Announcer
0:29:30
that.

Tomer
0:29:32
And we've encountered customers that have, you know, north of 2000 developers, and they've been in the cloud for over a decade, which means all of those services and their designs allow everyone to do that. And they want to stop it, right? Like they now want everyone to move to v2. And in a classic, like, non-real-time context, a partial solution, you're really just going to find like, hey, you have these like X thousands of components that are allowed to use IMDS

Tomer
0:30:00
v1 and they're misconfigured, change the configuration. But you don't know which ones of them actually need it. Right, so you can't just go and shut it off for everyone. Maybe you'll take production down, right? You don't want to take production down to meet like a compliance benchmark, right?

Tomer
0:30:14
So you want to do it the right way. So like, what's the way to do it? Like it's practically impossible, but essentially go talk to every one of those 2,000 developers, explain to them what metadata services in Amazon are,

Tomer
0:30:26
right, what's V1, what's V2, and then give them some guideline on how to check if they're actually using V1 or not, right? And the moment Upwind ran in their environment for some time, we were able to tell them, hey, out of, you know, the 5,000 or so components

Tomer
0:30:41
that are failing that compliance benchmark in their configurations, only 20 in actual activity have been using that misconfiguration. So 4,980 of them, you can go and press the button right now. Take off that config, right?

Tomer
0:30:57
And you're already 99% compliance. Those other 20, these are the people you need to talk to. These are the developers committing code into this application. This is the people modifying it, like, right? That's the DevOps team that does the deployments.

Tomer
0:31:10
So you know exactly who owns it for the software development life cycle. And you know how the problem actually manifests itself in your environment. And it's just one of many examples of how we use real time and runtime context to drive efficiency

Tomer
0:31:24
in your security program. And, you know, free up in some cases, thousands of developer hours across large organizations.

Miguel
0:31:32
Yeah, so app security is also a little of a sister, yeah, to the CNAP. It's close by, some of the features come over, some don't. What we are seeing a lot, we're seeing the new generation of AppSec tools, they already have an integration with the CNAP, with AppWind and co. So you can connect and you can make sure that your coding from basically from the Git to the public API cloud is fully

Miguel
0:31:56
secured. So it's a good way also to start your AppSec journey is to start again a CNAP. Yeah. So that's why I'm coming back to this is like the wife of the cloud. It's the first security product you should add on. Um, I mean, then, uh, there's of course other, uh, focus areas like the data protection, the SAS protection, identity management, et cetera.

Miguel
0:32:19
Uh, but this is really the, the base for, for everything, uh, to come. Yeah. So let's talk a little bit about what is the next step for Upwind? Where are you guys going? What is your goal? You've been launched to a market which is right now fresh with this new acquisitions

Miguel
0:32:32
are being made. Crovatus, where do you want to guys go?

Tomer
0:32:35
So obviously, you know, Upwind is the second journey we've gone on as a founding team. And we really want to be something meaningful. We want to, you know, build a great business that customers love first and foremost, that delivers real value, that makes organizations more secure, more efficient, and happy about their security program, as funny as it may be. And obviously, that it's employees' love and partners' love working with. And I think that's kind of what really drives us, creating real impact on the industry,

Tomer
0:33:09
on technology, on the people around us. And, you know, that will manifest itself obviously in, you know, physical expansions of the company and technological advancement and new vectors that we can go into. As we've discussed, the Synapse is expanding. And as Miguel, you've mentioned quite a bit, right, is it's becoming the first thing you need to do in cloud security.

Tomer
0:33:31
And it's also sort of becoming almost like the operating system of your cloud security, right? And it's starting to work with many different areas, where different people will choose to create more depth. Like one company might be a lot more concerned about identities, another a lot more about data,

Tomer
0:33:45
another about APIs and et cetera. So I think playing nice in this ecosystem and just helping organizations do that in an efficient manner as we go into different realms as well.

Miguel
0:33:59
It's gonna be really interesting, yeah. It's a really agile market at the moment. Fortinet has moved big into the market. Google is having an eye out on the market. So yes, a lot of things happening in there. I said this in my introduction, I looked up the numbers recently. I think it was five years ago, less than 10% of the IT budget was spent in the next 10 to reach around 70%, which I say is 70 to 80% is kind of the maximum.

Miguel
0:34:32
But most of the cloud budget will be spent in the cloud. So what's happening here in the cloud is going to be multiplied by 10 just to catch up with the market and then another 10 with the normal growth of all the companies in the world. So it's going to be a completely different market in 5 to 10 years from now. And I'm really gonna be looking forward to see

Miguel
0:34:52
where Upwind is positioning

Tomer
0:34:53
and how they're managing this landscape. Yeah, I'm super excited for it. I think it's confusing a lot of people, by the way, right? Like the cloud market is already like, the three major providers already make over $150 billion a year.

Tomer
0:35:07
This is saturated and big, right? And then when you look at the IT metrics, they're like, nope, they're only about a fifth of the way there, barely. And the future is still big, the road is ahead of us. We still see a lot of companies growing this space

Tomer
0:35:22
and I still feel like there's a huge opportunity. And also a healthy market to be in, right? It's not gonna be a one cloud security solution the entire world is using. So I think that's always exciting and fun. Yeah, it's also important to have competition.

Miguel
0:35:35
Yeah, it's also important to have competition. All right, Tomei, it was my pleasure to host you today. I hope you enjoyed this interview, this podcast as well.

Tomer
0:35:44
Very much enjoyed this conversation, Miguel. Really appreciate your time and the Global Dots team time. So thank you everyone, and I hope you enjoyed listening to us.

3
0:35:53
This episode was produced and edited by Daniel Ohana and Tomer Morbinson, sound editing and mix by Bren Russell. I'm Ganesh The Awesome, and if you're ready to deep dive and start transforming the way you approach cloud practices and cybersecurity strategies,

3
0:36:08
then the team and myself at GlobalDots are at your disposal. We are cloud innovation hunters and we search the globe looking for the future tech solutions so we can bring them to you. We've been doing it for over 20 years.

3
0:36:20
It's what we do. And if I don't say so myself, we do pretty well. So have a word with the experts, don't be shy. And remember that conversations are always for free. And remember that conversations are always for free.

Announcer
0:36:29
So have a word with the experts, don't be shy, and remember that conversations are always for free.

Related Content

  • Mental & Cyber Security: Peter Coroneos @Cybermindz
    Cloud Security
    Mental & Cyber Security: Peter Coroneos @Cybermindz

    Cybersecurity professionals are working in a department where someone is constantly trying to ruin their day. A security breach causes untreated trauma, which at best leads to a career change. Peter Coroneos, former head of Australia’s Internet Industry Association, argues addressing well-being will benefit companies by reducing turnover and preserving corporate memory. He founded Cybermindz, which offers neuroscience-based solutions to build resilience and prevent burnout.

  • How Yuki Achieved SOC 2 Compliance 6x Faster
    Compliance Automation
    How Yuki Achieved SOC 2 Compliance 6x Faster

    Overview A fast-growing Snowflake optimization platform was missing out on customers because they didn’t have the right data security compliance. Through multiple consultations and extensive vendor-testing, the GlobalDots team selected a solution to provide both tech and human support, helping the company achieve SOC 2 compliance within just 3 months – and win new customers […]

  • Secure Sanity: Bronwyn Boyle, CISO @PPRO
    Cloud Security
    Secure Sanity: Bronwyn Boyle, CISO @PPRO

    Dive into cybersecurity and mental health with Bronwyn Boyle, CISO at PPRO. Discover the challenges of managing risk in evolving tech environments and the impact of AI on security. Bronwyn shares insights on fostering a no-blame culture, the importance of diversity in tech, and her journey through burnout. Learn practical strategies for building resilience and supporting mental health in cybersecurity. Tune in for a compelling conversation that bridges tech and well-being.

  • Adopting to Speed of Cloud: Stav Sitnikov, CTO @StreamSecurity
    Cloud Security
    Adopting to Speed of Cloud: Stav Sitnikov, CTO @StreamSecurity

    If you are facing real-time cloud security challenges and struggling with escalating costs this episode is for you. Discover the future of cloud security with insights into AI-driven threat detection and seamless integration of security tools. Learn how to balance performance and cost-efficiency, and why early unit testing is crucial for success. Join Ganesh on CloudNext as he sits down with Stav Sitnikov, Co-Founder & CTO of StreamSecurity, to explore actionable strategies and forward-thinking solutions reshaping cloud security.

  • The CISO of CISOs: Greg Notch @Expel
    Cloud Security
    The CISO of CISOs: Greg Notch @Expel

    Greg Notch, led the NHL’s cybersecurity initiatives and now he is in some ways the "CISO of CISOs". Greg dives deep into the issue of cybersecurity tool sprawl and its impact on the effectiveness of security operations. Exploring strategic tool consolidation, he shares insights on enhancing efficiency and aligning security efforts with business goals. Drawing from his notable career, Greg provides expert strategies for managing security in dynamic environments and fostering a proactive security culture.

  • Pragmatic Cybersecurity: Alex Jilitsky, Head of Cybersecurity @Plus500
    Cloud Security
    Pragmatic Cybersecurity: Alex Jilitsky, Head of Cybersecurity @Plus500

    In this CloudNext episode, Alex Jilitsky of Plus500 and Ganesh dive into cybersecurity automation's role in transforming digital defense. They tackle the shift from manual strategies to innovative automated solutions, underscoring the need for agility in tech's fast-paced realm. Alex shares insights on pragmatic decision-making and aligning security with business goals. Tune in for a discussion on navigating cybersecurity challenges in today's dynamic landscape.

  • Transforming AppSec: Neatsun Ziv, CEO @Ox Security
    Cloud Security
    Transforming AppSec: Neatsun Ziv, CEO @Ox Security

    In this episode of CloudNext, Neatsun Ziv, co-founder and CEO at Ox Security, joins Ganesh to tackle the evolving challenges in application security. They delve into the incessant alert noise and manual triage that often overwhelm tech professionals, and how traditional methods fall short in today's fast-paced digital landscape. Neatsun shares his vision for a future where innovative solutions and strategic playbooks transform incident response, making security management more efficient and effective. Tune in for invaluable insights on enhancing your security posture in an era of endless cyber challenges.

  • Adaptive Security: Janis Lasmanis, CISO @Evolution
    Cloud Security
    Adaptive Security: Janis Lasmanis, CISO @Evolution

    In this episode of CloudNext, Janis Lasmanis, CISO at Evolution, unveils his cybersecurity strategies, emphasizing the importance of adapting to unique threats rather than relying solely on market solutions. Delving into SIEM and SOC, Janis discusses the critical balance between securing operations and maintaining business flow, showcasing how tailored, dynamic defenses are crucial in the rapidly evolving tech landscape.

  • AWS Innovations Decoded: GlobalDots’ Top 20 Picks
    Cloud Computing
    AWS Innovations Decoded: GlobalDots’ Top 20 Picks

    Join AWS experts from GlobalDots as they decode the top 20 cloud innovations you need to know in a 2 part Webinar. Gain insider insights on leveraging these transformative technologies to boost performance, tighten security, and reduce costs. Discover real-world applications to apply these advancements to your business. Reserve your spot now! ? Stay Ahead: Learn […]

  • Innovative Cloud Strategy eBook
    Cloud Security
    Innovative Cloud Strategy eBook

    CIOs, Infrastructure Chiefs, IT, and Security Pioneers – This guide is more than just a document. It’s a strategic blueprint for your cloud journey, including concrete steps for migration, security strategies, and proven methods to optimize cost. We’re talking about real solutions for real challenges, such as: And yes, even – Discover not just security […]

  • Three Ways CISOs Can Combat Emerging Threats in 2025
    Web Security
    Three Ways CISOs Can Combat Emerging Threats in 2025

    73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

  • From IT Headaches to Automation with Alon Zlatkin, CEO @Dots
    Hosting, networking & hardware
    From IT Headaches to Automation with Alon Zlatkin, CEO @Dots

    From IT procurement and onboarding to IT asset disposition and offboarding, logistics is often sidelined as a hectic routine. But as Alon Zlatkin, CEO of Dots, discloses, these essentials are the backbone of smooth operations, impacting productivity and cost efficiency. Tune in as we explore the hidden logistical nightmare affecting the IT department and echoes through the whole organization. Discover how Dots transforms logistical headaches into automated solutions that fuel growth.

  • FinOps Strategies: Liat Shoil & Nastya Mor @SentinelOne
    FinOps
    FinOps Strategies: Liat Shoil & Nastya Mor @SentinelOne

    FinOps is a key driver of business growth, but what does it take to run an efficient FinOps practice? In this episode, Ganesh the Awesome sits down with Liat Shoil, Director of FinOps & Analytics, and Nastya Mor, Staff FinOps Engineer at SentinelOne. They share their journeys into FinOps, their biggest challenges, and how they built successful FinOps teams from scratch. Learn about automation tools, the importance of KPIs, and how cross-team collaboration can optimize cloud costs while aligning with business goals. Tune in to discover actionable strategies to level up your cloud cost management.

  • How Optimizing Kafka Can Save Costs of the Whole System
    Cloud Cost Optimization
    How Optimizing Kafka Can Save Costs of the Whole System

    Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Amplify Your Cloud Security

Technology, security threats, and competition all change rapidly and constantly. Your security stack must, therefore, be ahead of every emerging threat and, just as importantly, enable full-speed business processes by reducing friction in critical workflows.

Achieve this with GlobalDots’ curated solutions:

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services