In November, we broke the news on how cybersecurity startup Upwind was getting a lot of inbound interest to raise money on a big valuation. Now, we can confirm that the deal is done: Upwind has closed a Series A of $100 million. The company confirmed that the round values it at $900 million post-money.
Craft Ventures, the investment company started by David Sacks, is leading the deal, with TCV, Alta Park Capital and all of Upwind’s previous backers participating. Past investors include Greylock, Cyberstarts, Leaders Fund, Omri Casspi’s Sheva Fund, and basketball star Stephen Curry’s investment fund Penny Jar — confirming our previous reporting. The company has now raised $180 million, and this latest valuation is triple that of its previous seed round.
New York-based Upwind plans to use the funding both the grow its team — it currently has around 150 employees and plans to double that across the Bay Area, Iceland, the U.K. and Israel — with a focus on its sales and marketing operation.
It will also be continuing to develop its platform, which today focuses on “runtime” security: prioritizing alerts and remediation efforts around threats and vulnerabilities in active services, in real time. With organizations typically snowed under by a blizzard of alerts across their networks, Upwind claims to be able to reduce these by 90% to focus only on alerts that are the most important. Its focus currently covers the areas of Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Cloud Detection and Response (CDR), API security, vulnerability management, identity security, and container security.
That Upwind is now valued at $900 million at Series A underscores the attention that cloud security is getting right now from investors — which in turn is due to the attention that cloud security is getting from enterprise developers and CISOs.
In a nutshell, cloud computing has become an indispensable tool for organizations that want to scale up and down quickly or adopt (or drop) services on the fly. But the growth of the cloud computing market has proven to be a minefield for security teams.
Attack “surfaces” — the periphery of an organisation’s systems, which can include devices, apps, network, infrastructure and connectivity with partners, among other things — grow and become more complex. And as more components are added and removed or updates are made, that creates inadvertent vulnerabilities.
Malicious hackers are ready to exploit all of this, and so it comes down to cloud security companies to figure out how to stay one step ahead of them to keep people and businesses secure.
Upwind is one of an army of cloud security startups and larger, more established companies that are building tools to achieve just that. Others in the same space include the likes of Wiz, Orca, Palo Alto Networks, Check Point, and more.
Upwind’s optimism in the market is also partly because of the wider business climate, with a number of the most successful are seeing a huge windfall in terms of investment and business. Wiz — which has laid claim to being one of the fastest- growing startups of all time (it’s not quite five years old and says it is is on course to reach $1 billion in ARR by next year) turned down $23 billion offer from Google because it believes it can be bigger on its own.
Amiram Shachar, Upwind’s founder and CEO, believes that the company’s focus on runtime alerts gives it a unique place among its competitors. Indeed, focusing on alerts alone is quickly becoming commoditized: just last week Wiz acquired Dazz to enhance its alert strike rate. But it will also be extending that into more predictive alerts, it sounds like. In an interview, he said some of the investment will be gong towards “catching up with some of the fundamentals of cloud security.”
“By the end of this year, and then next year, we’ll be moving towards AI security and advanced prevention, going into code and dependencies in code, to bring even higher fidelity [to the platform],” he said. “This is where we’re going to go.”
Given the rate and extent of cyber breaches, investors are also confident that there will be room for more companies and more innovation in the years ahead.
“Cloud security is still in the early innings. Over the next decade, we believe it will grow into the most consequential market in security”, said Morgan Gerlak, Partner at TCV, in a statement. “We also believe demand in cloud security will shift to runtime. Upwind has timed its product expertly, and Amiram and his team have a whole lot to play for.”
