The shift up approach to cybersecurity
Structured telemetry
Cloud
power
Standards and APIs
Unified data model
Service
mesh
Companies already
shifting up
One UI and data model, multiple solutions
Attack Surfaces
Cloud Providers
.png)
Cloud Providers
The most important way to improve cloud security posture is to ensure resources are configured correctly. It’s a task that can be difficult without visibility across cloud accounts. With Uptycs, IT and security teams can inventory cloud assets and resources, identify non-compliant resources, and access evidence needed for remediation — and more.
Cloud Workload
Container Runtime
Cloud Workload
Container Runtime
As organizations adopt new processes and technologies for building and running applications, they require new types of security observability. Uptycs equips modern defenders with the functionality to protect container-based applications, whether run on-premises, or in the cloud—on a VM or in a serverless deployment.
Kubernetes
Kubernetes
When Kubernetes and container deployments scale up, it becomes difficult to inventory and monitor your fleet. To solve your problems around Kubernetes and container workflows, Uptycs offers Kubernetes security posture management (KSPM) to cover a broad range of security use-cases including hardening, compliance, and threat detection.
Endpoints Host OS
Endpoints Host OS
Developer laptops and other on-premises assets are key targets, containing cloud provider and GitHub credentials. All security tools generate alerts — but only Uptycs eXtended Detection and Response (XDR) streamlines telemetry across modern attack surfaces and gives you comprehensive detection and response capabilities, from the laptop to the cloud.
Uptycs Detection Cloud
A powerful analytics engine and data pipeline
Uptycs Solutions
Data summarizations and visualizations that solve for multiple solutions
- Cloud-Native Application Protection Platform (CNAPP)
- Extended Detection and Response
- Governance, Compliance
and Audit Evidence - Cyber Asset Inventory and Insights
- Ask Uptycs
The power of
structured telemetry
Uptycs unified CNAPP and XDR immediately begins ingesting and analyzing telemetry and gives you connected insights across all of your asset classes in the same place. This can be visualized as a data engineering pipeline with three stages; collect, aggregate, and analyze.
Sensors and Connectors
- Tubular and
Structured Telemetry
Aggregation
- XDN: X Detection Network for Cohort Analytics
Aggregate Analytics
- Lambda Analytics
- Historical Flight Recorder
- Threat Intel Correlation
- SQL-powered Data Lake
- Collection
Stage - Aggregation
Stage - Analysis
Stage
Telemetry is captured via agent deployment to the host (Osquery) or via native API integrations (Kubequery, Cloudquery) and transferred to Uptycs’ backend using an HTTP TLS connection. The telemetry can be bucketed into two broad areas based on the attack surface:
- First Grouping: based on osquery’s ability to interface with operating system interfaces such as kaudit, eBPF on Linux, ETW on Windows, and OpenBSM or the security API framework on macOS. Osquery uses these interfaces to collect system call behavior and translate it into a tabular JSON format.
- Second Grouping: cloudquery and kubequery use native API integrations to ingest data and translate it into a structured table format.
The tabular telemetry can be acted upon while it’s streaming—for real-time correlation and alerting—and once it's been aggregated and stored for reporting and ad hoc historical querying.
This is where Uptycs’ speed and scale truly shines. Our eXtended Detection Network (XDN) applies scaling techniques, such as consistent hashing for horizontal scaling based on HTTP and TLS load balancing techniques to reliably spread the load and ingestion of the data. Uptycs backend can concurrently ingest a wide variety of structured telemetry from multiple interfaces. The XDN also facilitates cohort analysis.
Example: telemetry is in flight from a cohort of 1,000 database servers, and anomalous behavior is identified on one of the machines. The anomalous behavior on the single machine is converted into a real-time query that then evaluates the other 999 machines.
In the analysis stage, Lambda analytics are used to analyze data while it’s in-flight for near real-time correlation. While in-flight, Uptycs correlates data with a variety of open source threat intel databases and independent research findings from the Uptycs Threat Research Team. Data is partitioned as a function of time and compressed so that the telemetry can be analyzed at scale.
This streaming analytics model allows Uptycs to take each row of structured data and correlate it using event and alert rules to generate signals. Billions of pieces of telemetry are narrowed to thousands of signals.
These signals are correlated into tens of detections, making it possible for humans and automation to see insights and make data-driven decisions as a part of a compliance requirement.
See Uptycs in action
Find and remove critical risks in your modern attack surface - cloud, containers, and endpoints - all from a single UI and data model. Let our team of experts show you how.
