Upwind raises $250M at $1.5B valuation to continue building ‘uptime’ cloud security

From the outside, it looks like Upwind Security’s journey has been smooth so far. Just four years later, the cloud security startup is now valued at $1.5 billion, and boasts the likes of Siemens, Peloton, Roku, Wix, Nextdoor, and Nubank among its clients. But if you ask the company’s co-founder and CEO Amiram Shashar, the journey to get here was anything but certain.

“Three years ago, we would spend hours asking ourselves if we were going in the right direction, and 80% of the time, we felt like we weren’t,” the outspoken Shachar told TechCrunch in an interview after the startup secured a $250 million Series B.

“In the beginning, we constantly wondered whether the market needed our solution, whether it would be too difficult to integrate into larger systems, or whether customers would adopt it,” he recalls. “Developing a new approach was difficult; people are used to installing certain agents on devices, but they don’t like doing it.”

Upwind likes to call this approach “runtime” security: prioritizing alerts and remediation efforts about threats and vulnerabilities in active services in real time. As Shachar says, it’s an “inside-out” approach to cloud security, where internal signals like network requests and API traffic serve as context to help security teams separate urgent risks from those that can wait.

However, developing this approach was not easy, as Shashar and his founders did not have a traditional background in security: they initially built and sold a cloud computing brokerage called Spot.io, to NetApp About $450 million in 2020.

“After joining NetApp after the Spot acquisition, I felt first-hand how difficult cloud security really is,” Shachar said. “The security team was scanning our environment and reporting issues, but it lacked critical context. Coming from a DevOps background, we (Shachar and his team) understood the infrastructure deeply, while security teams often did not know how APIs were exposed or what packages were running. As a result, they flagged many issues that did not represent real risks.”

But Shashar and his team felt they had a better view of cloud environments because they were managing them. “The prevailing approach has been agentless, an ‘outside-in’ model where you scan environments externally,” he explained. “It’s easy to deploy, but it creates a lot of noise because you can only see what’s visible from the outside.”

The team realized that the context provided by internal signals would be more useful to security teams, as they would be able to see what is happening in the network, in real time. But selling their new cloud security idea proved difficult, as security teams often lacked permission to deploy software internally and defaulted to more traditional tools.

So downwind sales took time. “It was not clear at first, and there was a lot of uncertainty; customers were hesitant,” Shashar said.

“But we saw something that others didn’t see,” he explained. “Inside-out isn’t an advanced option; it’s the only way to solve the next generation of problems. With ephemeral infrastructure like containers, serverless workloads, AI agents talking to each other, and data constantly moving across APIs, you can’t simply map this from the outside. It has to be from the inside.”

However, the company had to deal with an overcrowded stock market. Security teams were already overwhelmed by the number of tools, and customers didn’t want to have multiple products just to manage cloud security. “From the beginning, it was clear that Upwind would need to build a broad, integrated platform,” Shashar said. “Otherwise customers will not engage or allow us to deploy our technology.”

The company’s logic ultimately spoke to its target customers: large, data-intensive enterprises with a large cloud footprint. since then $100 million Series A in 2024Upwind has grown rapidly, recording 900% year-over-year revenue growth and doubling its customer base. The company has also expanded from its core markets of the US, UK and Israel to emerging markets including Australia, India, Singapore and Japan.

The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. The new funds will be used for product development and go-to-market moves, and the startup plans to invest in its AI security capabilities within its cloud security platform and “expand its approach closer to developers to help prevent misconfigurations before they reach production.”