Building an Effective VSOC With A Partner Approach


Our VSOC is a key component in any Cybersecurity Management System (CSMS). Whether managing your VSOC in-house or looking to build one together, our Build, Operate, Transfer (BOT) model, offers the flexibility you need to meet regulatory concerns and prepare your team based on automotive-specific cyber threat intelligence needed for today’s connected vehicles. Want to see how it can work for you?



How to build and operate a VSOC is a top-of-mind question for many in the automotive industry, either for handling existing and emerging cybersecurity threats or complying with the UNECE WP.29’s R155 regulation. The VSOC, as we see it, is a key operational component of the OEM’s CSMS – or Cyber Security Management System, as stipulated in this regulation. 

As a first step to building a VSOC, some of our clients choose to use our VSOC framework to lay out the different components and capabilities that should be in place. Our clients are working with us to structure, develop, and operate their VSOC with the intention for us to pass it off to an in-house capacity at a later date.

This Build Operate Transfer, or BOT model is intended to be transferable between us and our clients and/or partners. The most common two reasons are 1) either the OEM does not have enough manpower and/or the right skills to fully take on the responsibility at the time of development, or 2) their internal team would like to work together in tandem, ensuring they have all the necessary capabilities in place, before bringing all tasks in-house.

As we see when we build and operate VSOCs, a great deal of the use cases we monitor are new to the OEMs, and therefore it is quite often we see that effective response processes and procedures are not in place, and require creating them from scratch. We build with our clients end-to-end processes that rest firmly on our experience and expertise. We document these processes in playbooks that lay out all the necessary steps to take, from containment through eradication and recovery, to ensuring that lessons are learned from and future threats and vulnerabilities can be mitigated.

To summarize, the key to working effectively using a BOT model with Upstream, is having a clear framework and action plan, robust processes backed with clear documentation, and well-defined protocols.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

By clicking Subscribe, I agree to the use of my personal data in accordance with Privacy Policy. Upstream will not sell, trade, lease, or rent your personal data to third parties.

Protecting Electric Vehicles: Modern Cybersecurity Solutions and the Road to Revenue

There is much to enjoy in the performance of electric vehicles and advanced features of electric vehicles, yet each connected capability such as GPS, mobile…

More Details

Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats

Read about how a multi-layered cloud-based approach can protect today’s commercial vehicles while streamlining data processes.

More Details

Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre

OEMs are relying on their connected vehicles to drive them from “Car Co’s” to “Tech Co’s”.

More Details

Upstream Detects a Critical Vulnerability in Linux-Based Head Units

Read about how Upstream’s AutoThreat® Intelligence team works to hunt threats that are hiding in the surface, deep, and dark web- allowing you to meet…

More Details

What is Upstream’s AutoThreat® Intelligence?

Upstream’s AutoThreat® Intelligence is the automotive industry’s leading cyber threat intelligence and risk assessment solution. It is purpose-built to collect, analyze, and leverage automotive t

More Details

How AutoThreat® Supports Automotive Cybersecurity

AutoThreat’s® automotive-focused analysts scour the surface, deep, and dark web for incidents that matter most to the automotive ecosystem. Together, our researchers combine both manual…

More Details