Upwind launches unified runtime security after Nyx integration

Upwind has completed the integration of the Nyx solution into its cloud runtime security stack, creating a unified cloud and application detection and response platform intended to extend real-time application protection and visibility across runtime environments.

The integration follows Upwind's acquisition of Nyx in early 2025 and enables the company to offer what it describes as a platform providing depth in threat detection and vulnerability prioritisation from infrastructure to the application layer. The updated platform combines Nyx's function-level runtime visibility with Upwind's existing capabilities.

Upwind states that the combined platform is now able to deliver what it calls Cloud Application Detection and Response (CADR), offering a runtime-native solution that encompasses process behaviour, network activity, API usage, and application function execution. This move positions Upwind as the only security solution provider in its category to deliver fully integrated application-layer runtime protection in one platform.

"We acquired Nyx because we believe that runtime is where the real battle for cloud security is happening. And now that it's fully integrated, we're delivering a single platform that's purpose-built to observe, understand, and stop attacks across cloud infrastructure and applications in production in real time," said Amiram Shachar, CEO and co-founder of Upwind. 

Traditional cloud security typically focuses on infrastructure and posture assessments, which may not account for threats that occur during live operation of cloud environments. Upwind has aimed to address this by architecting its platform around lightweight, high-fidelity runtime telemetry since its inception. The addition of Nyx expands these capabilities by incorporating an eBPF-based engine to observe function-level application behaviour and deliver function-aware vulnerability prioritisation and application-layer threat detection.

Through function-aware vulnerability prioritisation, the platform identifies whether vulnerable functions in third-party software packages are actually called during runtime. According to Upwind, this approach can suppress more than 60 percent of false-positive vulnerability alerts, allowing security teams to focus on relevant issues and reducing alert fatigue.

Application-layer threat detection has been enhanced by integrating Nyx's technology with Upwind's existing models for process, network, and API activity. This enables additional activity-based anomaly detection and runtime forensics for deeper insight into potential threats operating at the application level, Upwind states.

These features are designed to grant organisations a more accurate perspective on their security risk, expedite incident response processes, and allow greater alignment between application security, DevOps, and cloud security professionals.

With Nyx now fully embedded, Upwind claims to be the first solution provider classified as a cloud-native application protection platform (CNAPP) to offer integrated runtime protection across both cloud infrastructure and application layers. This approach is intended to address a gap in the market, where most CNAPPs focus primarily on shift-left code scanning and static vulnerability analysis rather than runtime-centric detection and response.

Shachar stated the speed of the integration was possible due to architectural similarities between Nyx and Upwind, with both originally engineered for scale, low latency, and zero performance impact on production environments. Shachar said the companies share a philosophy of "live, in-line security", noting that the integration did not compromise customer agility or speed of deployment.

"Security has to keep up with the speed of production. You can't wait hours or days to act. Upwind, now with Nyx, provides real-time signal, context, and action - from the infrastructure to the process level. Mergers and acquisitions in the software industry are never easy. A perfectly executed integration, across both culture and technology, is essential to deliver a seamless user experience and a resilient architecture. That's exactly what we've achieved with Nyx," said Shachar. 

The integration is also intended to address the growing prevalence of runtime-based attacks, as threat actors increasingly attempt to circumvent static security controls. Upwind asserts that prevention and response now require comprehensive real-time visibility into running applications, covering every process, connection, and user interaction to facilitate timely detection and action.

By focusing on runtime, the platform seeks to provide organisations with the capability to identify new types of threats missed by static scanners, respond to incidents with full context, and stop exploitation as it occurs.

With the completion of the Nyx integration, Upwind now presents a platform offering runtime telemetry and protection extending from cloud infrastructure through to application execution. The company indicates it plans to further expand its offering to include data security and AI security, leveraging additional strategic mergers and acquisitions as well as organic product development.