Cybersecurity continues to command a lot of attention from enterprises looking for better protection from malicious hackers, and VCs want in on the action. In the latest example, TechCrunch has learned and confirmed that Upwind — a specialist in assessing and securing cloud infrastructure — is closing in on a $100 million round at a valuation of between $850-$900 million, post-money.
The round includes a mix of new and existing investors such as Craft Ventures, Greylock, CyberStarts, Leaders Fund, Omri Casspi’s Sheva Fund, and basketball star Steph Curry’s investment fund Penny Jar. The round is in its final stages of getting closed — this could come in a matter of days — and could include further investors.
The round, a Series B, comes on the heels of the company picking up “dozens” of Fortune 500 companies and growing its staff to about 160 people, a source said.
It’s a significant leap for Upwind, which had previously raised just over $77 million, including a $50 million round in September 2023. Upwind’s last valuation, from that most recent round, was $300 million. It will be using some of the funding for R&D, and some for hiring, with plans to add around 100 people across Israel, San Francisco… and Iceland.
Upwind was founded by Amiram Shachar, who sold his previous company, the cloud spend management startup Spot.io, to NetApp for $450 million. It is part of the guard of cybersecurity startups founded in Israel by teams that cut their teeth originally working in areas like military intelligence.
In its case, it is also one of the many companies in the space focusing on vulnerabilities in the cloud through a platform approach. Specifically, Upwind aims to tackle the blizzard of alerts that are typically raised by threat detection tools. It claims to reduce these alerts by 90% to focus security operations teams more closely on understanding and responding faster to actual threats.
The company’s tech covers cloud services (covering areas like vulnerability management and identity security), workloads (which includes container security and detection and response) and apps (including areas like API vulnerability management). To some extent, these are all interrelated, one reason a platform approach makes sense.
We’ll update this post as we learn more.