How to Leverage Upstream Platform in a SOC




One of the key groups that uses Upstream’s C4 platform within the customer environment is a security team within the Security Operations Center, or SOC. What we have here in this diagram is a connected car platform powering multiple services at the same time. So what we have here are connected vehicles that ultimately connect to an automotive cloud via a mobile network. And within this automotive cloud, we have various hosted applications, such as telematics, such as mobile apps, such as LIDAR, and then they’re all powering various services that are offered by either this OEM or fleet. What we have here is a SOC, or a Security Operations Center, that’s powered by security analysts leveraging multiple tools, such as workflow solutions or SIEM solutions. So now let’s look at how the SOC team would leverage Upstream’s platform in order to create a single source of truth for their automotive cyber security.


The Upstream C4 platform is data-driven. So the first thing that we do is, we collect data from multiple sources, both from in-vehicle sources such as in-vehicle security, from the applications, and from the actual end services that are using this connected vehicle or platform. The C4 platform then uses our multiple cyber security engines to detect violations. The C4 platform then converts the violations into incidents and sends these incidents into the SIEM or workflow solutions that are being used within the SOC.


The SOC team would typically have a playbook of what they want to do in case of a certain incident type. For example, the SOC may want to dispatch the right personnel or security analysts to be able to perform triage and analyze the specific incident. An easy way to do that is to leverage the incident identifier that was received from the Upstream platform, and then the analyst can actually click on the link and go back to the Upstream platform and get a drill-down right away into the specific parameters of that incident. The analyst can then go right to work to the Upstream platform that’s already running within the SOC, and then they can perform triage using our contextually rich data within our dashboard. Upstream provides multiple tools for slicing and dicing the data in order to get to the root cause and actually understand what took place and whether this was a cyber security incident or something that may have been just a fault or a misconfiguration on the connected car service.


Many of our customers use a typical workflow as outlined here, and at the end of the day, Upstream’s C4 platform becomes the single source of truth for automotive cyber security in their connected car environment.