How to Leverage Upstream Platform in a SOC

DAN SAHAR

VP of Products

[Transcript]

One of the key groups that use The Upstream platform within the customer environment, is a security team within the Vehicle Security Operations Center, or VSOC. What we have here in this diagram is a connected car platform powering multiple services at the same time. So what we have here are connected vehicles that ultimately connect to an automotive cloud via a mobile network. And within this automotive cloud, we have various hosted applications, such as telematics, such as mobile apps, such as LIDAR, and then they’re all powering various services that are offered by either this OEM or fleet. What we have here is a SOC, or a Security Operations Center, that’s powered by security analysts leveraging multiple tools, such as workflow solutions or SIEM solutions. So now let’s look at how the SOC team would leverage Upstream’s platform in order to create a single source of truth for their automotive cyber security.

The Upstream C4 platform is data-driven. So the first thing that we do is, we collect data from multiple sources, both from in-vehicle sources such as in-vehicle security, from the applications, and from the actual end services that are using this connected vehicle or platform. The C4 platform then uses our multiple cyber security engines to detect violations. The C4 platform then converts the violations into incidents and sends these incidents into the SIEM or workflow solutions that are being used within the SOC.

The SOC team would typically have a playbook of what they want to do in case of a certain incident type. For example, the SOC may want to dispatch the right personnel or security analysts to be able to perform triage and analyze the specific incident. An easy way to do that is to leverage the incident identifier that was received from the Upstream platform, and then the analyst can actually click on the link and go back to the Upstream platform and get a drill-down right away into the specific parameters of that incident. The analyst can then go right to work to the Upstream platform that’s already running within the SOC, and then they can perform triage using our contextually rich data within our dashboard. Upstream provides multiple tools for slicing and dicing the data in order to get to the root cause and actually understand what took place and whether this was a cyber security incident or something that may have been just a fault or a misconfiguration on the connected car service.

Many of our customers use a typical workflow as outlined here, and at the end of the day, Upstream’s C4 platform becomes the single source of truth for automotive cyber security in their connected car environment.

Newsletter Icon

Subscribe
to our newsletter

Sign up to receive updates delivered to your inbox

The high-impact automotive cyber security trends and incidents of H1-2022

This webinar will discuss three emerging cyber threats and their potential impact on end users, OEMs, and the entire smart mobility ecosystem.

More Details

H1’2022 Automotive Cyber Trend Report

This report offers extensive coverage and analysis of automotive-specific cyber incidents across all attack vectors and their impact on the wide ecosystem.

More Details

EV 充電所 拡大に向けて: EV充電所インフラ安全確保への課題

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

The Leading Managed Vehicle SOC: Actively Protecting Millions of Vehicles for OEMs Worldwide

Protect automotive cybersecurity with an automotive-specific Vehicle Security Operations Center (VSOCs) to address the complexity of cyberattacks targeting OT networks, such as connected vehicles and&

More Details

Beyond Cyber: Upstream Puts Data in Motion

Automotive data in the cloud breaks silos, allowing teams to analyze information in the pursuit of identifying exciting new revenue opportunities.

More Details

2022 グローバルモビリティ サイバーセキュリティ報告書

2022 グローバルモビリティ サイバーセキュリティ報告書2022年版のサイバーセキュリティ報告書では過去10年に実際に 起こったサイバー攻撃の脅威を

More Details