I'm working as an interim CTO at a health tech company, focusing on optimizing our Kubernetes monitoring costs. We've implemented a new eBPF-based solution to save money. Now, I'm also looking to tackle our security tooling expenses, as we're currently heavily using AWS-native security tools but want to explore more cost-effective alternatives that could integrate better with our existing infrastructure.
I've started a proof of value with Upwind and I'm impressed by their runtime-powered cloud security stack, which claims to reduce noise by up to 95% and speed up root cause analysis based on client case studies. They also use eBPF for agentless sensors, aligning with our efficiency goals.
Before we dive deeper, I'd love to hear from the community:
1. For those who have experience with Upwind, how effective is its "runtime-powered" feature in practice? Does it really utilize runtime context to highlight genuine threats and lessen alert fatigue compared to traditional CNAPP tools or native cloud provider options? How well does it integrate CSPM, CWPP, Vulnerability Management, etc., under this runtime model?
2. Has anyone successfully used eBPF for both monitoring and security in the same K8s environment? Are there real synergies (like performance gains and reduced overhead), or is it better to keep these stacks separate? Does using an eBPF security stack with an existing monitoring solution lead to any conflicts?
Lastly, since I'm in the early phases of discovery, are there other runtime-focused security platforms utilizing eBPF that you've found effective in complex K8s setups, especially for cost optimization? Thank you for your insights!
4 Answers
Have you checked out RAD security? Their product looks pretty interesting and might be worth considering.
If you're exploring Upwind, I'd recommend testing it alongside Wiz and maybe even another tool for highly regulated industries. I think Upwind's runtime features and DSPM aspects could prove beneficial. Plus, I get why you'd be wary of Google having a stake in your security with Wiz.
I've been keeping an eye on Upwind especially after the Google-Wiz acquisition. Is your client currently a Wiz user? Are you just focusing on K8s, or are you also looking at their broader CNAPP features? I'm curious about how it handles CSPM and agentless security.
They're not a Wiz customer at the moment; they mainly rely on AWS tools like Security Hub and GuardDuty. The previous fCTO proposed Wiz, but I've been asked to re-evaluate everything. I'm looking into the complete CNAPP capabilities, not only K8s. Their CSPM needs more context for better prioritization, which is a huge part of the cost-cutting effort I've been involved with.
As a former Wiz customer and now using Upwind, I can say the runtime capabilities deliver on their promises. The integration of runtime context into CSPM, CWPP, and vulnerability management really helps in prioritizing threats. If runtime security is your focus, Upwind seems like the best independent choice right now!
I’ll definitely take a look at RAD security!