What is Upstream currently doing in the VSOC operation space?

Upstream’s VSOC analyzes and contextualizes real-time automotive data to develop an automotive-specific security operations center for today’s most advanced private, business, and fleet vehicles. The Vehicle Security Operations Center (VSOC) relies on this high-quality data to predict, detect, and respond to today’s most sophisticated cybersecurity threats. Protect vehicles, comply with UNECE WP.29 regulations and ISO/SAE 21434 standards, and ensure vehicles are secure at all times.

 

Script:

Upstream provides security coverage for millions of connected vehicles.

This is not just about monitoring. We’re providing both managed detection and response capabilities for our clients, from alert triage and investigation of incidents to building playbooks and conducting mitigation activities.

We work closely with our clients, where we provide the “brainpower” – our unique mix of automotive, cybersecurity, and anti-fraud expertise, and, of course, the know-how of how to best leverage the Upstream Platform.

We focus mostly on the OT element of monitoring, which in many ways is more complex than monitoring IT assets. In IT, the SOC mostly monitors assets owned by the organization and specifically by its IT business unit, like PCs, servers, network equipment, and the like. In VSOC – the assets that we monitor – the vehicles – are owned by the consumers. And not only that – from the OEM’s perspective, the vehicle is a product owned by dozens of business units, again, very much unlike IT.

To address this complexity, we focus our operational work around three critical actions that ensure a properly functioning VSOC as we handle threats. They predict, detect, and respond.

Proper prediction starts at the beginning of the VSOC development process when relevant teams and stakeholders are consulted to gain a 360-degree view of the threats and risks connected vehicles face, allowing us to understand possible future vulnerabilities and attack vectors.

Detection actions surround effective triage and investigation analysis. We classify each incident and analyze its severity and understand the potential impact on the vehicle, on the fleet, or on the server.

Next, we review the suspected vehicle’s digital twin to conduct a deeper analysis and cross-reference this with the vehicle’s software, hardware, etc, and so on.

If needed, we’ll consult with one of the OEM’s Subject Matter Experts (SME) before providing an initial conclusion and implementing a relevant response.

Based on experiences with our clients, a response might be

– Stopping an OTA update from deploying – when identifying potentially vulnerable, faulty, or malicious updates

– Blocking a user – after seeing abuse on a connected vehicle companion app

– or Notifying other operational teams or escalating an incident as needed

In summary, our unique industry position allows us to help you, the OEMs, set up and even take on the full responsibility of running a fully operational VSOC.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Switched on: leveraging cyber resilience to safeguard the future of EVs

More Details

Infographic: The Automotive Cybersecurity Inflection Point 2024 Report

More Details

Watch: Scaling Software-Defined Vehicle Security, without Increasing Costs

In this webinar, Upstream and BlackBerry IVY's experts discuss the role of synthetic sensors in automotive cybersecurity and how to reduce cloud computing and data…

More Details

Secure Connected IoT Devices in the Mobility & Transportation Ecosystem

More Details

Scaling Software-Defined Vehicle Security, without Increasing Costs

Connected and software-defined vehicles generate vast amounts of data – upwards of 25 GB an hour per car. To help make sense of this data…

More Details

Watch: The automotive cybersecurity inflection point in 2024: from experimental to massive-scale attacks

In this webinar, Upstream experts share significant findings from Upstream’s 2024 Global Automotive Cyber Trends Report, providing insights and predictions for 2024.

More Details