SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Upwind expands runtime protection to Windows Server VMs
Hybrid Cloud Public Cloud Cloud Security

Upwind expands runtime protection to Windows Server VMs

Thu, 7th May 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Upwind has expanded its runtime protection and visibility tools to Windows Server virtual machines, extending runtime coverage for Windows workloads across Amazon Web Services, Google Cloud and Microsoft Azure.

Windows Server VMs now feed into Upwind's existing runtime monitoring and detection workflows. Coverage applies to Windows Server 2016 or later on Amazon EC2, Google Cloud Compute and Azure virtual machines.

Windows workloads remain widely used in cloud environments for business applications, identity services, databases and internal systems. As a result, security teams need more detailed insight into what is happening inside those systems at runtime, rather than relying only on configuration snapshots.

Upwind's Windows Sensor is designed to give security teams visibility into host activity on Windows servers, including process execution, network connections and DNS requests. It also adds continuous assessment for vulnerabilities and configuration issues.

Windows coverage

The expansion brings Windows Server machines into the same toolset customers already use for Linux and other cloud assets. Windows virtual machines can now appear in the Runtime Map, which visualises assets and their connections across cloud environments.

The mapping feature is intended to show where Windows workloads are running, how they connect to other cloud resources and how they fit into the broader runtime environment. For security teams managing mixed cloud estates, that provides a consolidated view of systems that have often been handled with separate tools.

Detection focus

Alongside asset discovery, the Windows Sensor feeds telemetry into real-time detection workflows. That is intended to help teams identify behaviour that may indicate compromise, misuse, lateral movement or other security risks.

The telemetry includes process activity, network connections and DNS activity. Security teams can use that data to monitor how Windows hosts behave while running and compare that activity with normal patterns across their cloud environments.

The feature also supports continuous scanning for vulnerabilities and configuration issues. Upwind positions that assessment as a way to prioritise remediation based on active cloud assets and runtime context, rather than on static findings alone.

Single workflow

Windows Server VM runtime visibility is supported across Upwind's Runtime Map, Detections and Sensor components. The goal is to bring Windows systems into the same monitoring, detection and risk-prioritisation workflows used across the rest of a customer's cloud estate.

Once deployed, Windows VM sensors appear in the Components view for monitoring, patching and tracking. Teams can manage the sensors from one place instead of using separate tools.

The expansion reflects a broader push in cloud security to focus on runtime behaviour as organisations spread workloads across multiple providers. That has increased demand for tools that show not only what assets exist in a cloud account, but also how those assets behave once they are live.

For Windows systems, the issue is especially important because many businesses still rely on Windows Server for core infrastructure and line-of-business applications even as they move more workloads into public cloud environments. Those systems can include identity and authentication services, internal applications and databases that remain central to day-to-day operations.

Security teams often know those machines are present from inventory records or cloud configuration data, but that information does not always show what they are doing at a given moment. Runtime monitoring aims to fill that gap by providing insight into active processes, communications and other host behaviour while a system is in use.

By extending that model to Windows Server VMs, Upwind is targeting a part of cloud infrastructure that can become a blind spot when monitoring is stronger for containerised or Linux-based workloads than for traditional virtual machines. The latest release is intended to close that gap by bringing Windows servers into the same operational view as other cloud assets.

Supported environments include Amazon EC2, Google Cloud Compute and Microsoft Azure VMs running Windows Server 2016 or later.

Related stories
Why AI-powered security needs network telemetry across the hybrid cloud
Entrust launches cloud cryptographic security platform
Google report warns identity is weak link in cloud
Radware's Alteon Protect brings cloud-scale ADC security
AI adoption drives security spend but breaches persist
Top stories
eYou opens public app as users distrust social media
AI inference becomes core operational workload in firms
Proofpoint launches AI tool for compliance investigations
Bitdefender names Frank Koelmel Chief Revenue Officer
Tanium & ServiceNow launch autonomous IT product