In November, TechCrunch broke the news that cybersecurity startup Upwind was getting a lot of inbound interest to raise money on a big valuation. Now, we can confirm that the deal is done: Upwind has closed a Series A round of $100 million. The company confirmed that the round values it at $900 million post-money.
Craft Ventures, the investment company started by David Sacks, is leading the deal, with TCV, Alta Park Capital and all of Upwind’s previous backers participating. Past investors include Greylock, Cyberstarts, Leaders Fund, Omri Casspi’s Sheva Fund, and basketball star Stephen Curry’s investment fund Penny Jar. The company has now raised $180 million, and this latest valuation triples the price tag it earned with its seed round.
New York-based Upwind plans to use the funding to grow its team — it currently has around 150 employees and plans to double that across the Bay Area, Iceland, the U.K. and Israel, with a focus on sales and marketing.
The company will also continue developing its platform, which focuses on “runtime” security: Prioritizing alerts and remediation efforts around threats and vulnerabilities in active services in real time.
Organizations are typically snowed under by a blizzard of alerts across their networks, and Upwind claims it can reduce these alerts by 90% to focus only on the most important ones. It currently covers cloud security posture management (CSPM), cloud workload protection platform (CWPP), cloud detection and response (CDR), API security, vulnerability management, identity security, and container security.
The fact that Upwind is now valued at $900 million at a Series A round underscores the attention cloud security is getting right now from investors — which in turn is due to the attention that cloud security is getting from enterprise developers and CISOs.
In a nutshell, cloud computing has become an indispensable tool for organizations that want to scale up and down quickly, or adopt (or drop) services on the fly. But the growth of the cloud computing market has proven to be a minefield for security teams.
Attack “surfaces” — the periphery of an organisation’s systems, which can include devices, apps, network, infrastructure and connectivity with partners — grow and become more complex. And as more components are added, removed or updated, you get more inadvertent vulnerabilities.
Malicious hackers are ready to exploit all of this, and so it’s down to cloud security companies to figure out how to stay one step ahead and keep people and businesses secure.
Upwind is one of an army of startups and larger, more established companies building tools to achieve just that. Others in the same space include Wiz, Orca, Palo Alto Networks, Check Point, and more.
The optimism around Upwind is also partly because of the broader business climate, with a number of the most successful startups seeing huge windfalls in terms of investment and business. Wiz, which has laid claim to being one of the fastest-growing startups of all time (it’s not quite five years old and says it is is on course to reach $1 billion in ARR by next year), turned down a $23 billion offer from Google because it believes it can be bigger on its own.
Amiram Shachar, Upwind’s founder and CEO, believes the company’s focus on runtime alerts gives it a unique place among its competitors. Indeed, focusing on alerts alone is quickly becoming commoditized: Just last week, Wiz acquired Dazz to enhance its alert strike rate.
But it appears Upwind will also be extending its focus into more predictive alerts. In an interview, Shachar said some of the investment will be put towards “catching up with some of the fundamentals of cloud security.”
“By the end of this year, and then next year, we’ll be moving towards AI security and advanced prevention, going into code and dependencies in code, to bring even higher fidelity [to the platform],” he said. “This is where we’re going to go.”
Given the rate and extent of data breaches, investors are also confident that there will be room for more companies and innovation in the years ahead.
“Cloud security is still in the early innings. Over the next decade, we believe it will grow into the most consequential market in security”, said Morgan Gerlak, a partner at TCV, in a statement. “We also believe demand in cloud security will shift to runtime. Upwind has timed its product expertly, and Amiram and his team have a whole lot to play for.”