How to Leverage Upstream Platform in a SOC


VP of Products


One of the key groups that use The Upstream platform within the customer environment, is a security team within the Vehicle Security Operations Center, or VSOC. What we have here in this diagram is a connected car platform powering multiple services at the same time. So what we have here are connected vehicles that ultimately connect to an automotive cloud via a mobile network. And within this automotive cloud, we have various hosted applications, such as telematics, such as mobile apps, such as LIDAR, and then they’re all powering various services that are offered by either this OEM or fleet. What we have here is a SOC, or a Security Operations Center, that’s powered by security analysts leveraging multiple tools, such as workflow solutions or SIEM solutions. So now let’s look at how the SOC team would leverage Upstream’s platform in order to create a single source of truth for their automotive cyber security.

The Upstream C4 platform is data-driven. So the first thing that we do is, we collect data from multiple sources, both from in-vehicle sources such as in-vehicle security, from the applications, and from the actual end services that are using this connected vehicle or platform. The C4 platform then uses our multiple cyber security engines to detect violations. The C4 platform then converts the violations into incidents and sends these incidents into the SIEM or workflow solutions that are being used within the SOC.

The SOC team would typically have a playbook of what they want to do in case of a certain incident type. For example, the SOC may want to dispatch the right personnel or security analysts to be able to perform triage and analyze the specific incident. An easy way to do that is to leverage the incident identifier that was received from the Upstream platform, and then the analyst can actually click on the link and go back to the Upstream platform and get a drill-down right away into the specific parameters of that incident. The analyst can then go right to work to the Upstream platform that’s already running within the SOC, and then they can perform triage using our contextually rich data within our dashboard. Upstream provides multiple tools for slicing and dicing the data in order to get to the root cause and actually understand what took place and whether this was a cyber security incident or something that may have been just a fault or a misconfiguration on the connected car service.

Many of our customers use a typical workflow as outlined here, and at the end of the day, Upstream’s C4 platform becomes the single source of truth for automotive cyber security in their connected car environment.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

By clicking Subscribe, I agree to the use of my personal data in accordance with Privacy Policy. Upstream will not sell, trade, lease, or rent your personal data to third parties.

Protecting Electric Vehicles: Modern Cybersecurity Solutions and the Road to Revenue

There is much to enjoy in the performance of electric vehicles and advanced features of electric vehicles, yet each connected capability such as GPS, mobile…

More Details

Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats

Read about how a multi-layered cloud-based approach can protect today’s commercial vehicles while streamlining data processes.

More Details

Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre

OEMs are relying on their connected vehicles to drive them from “Car Co’s” to “Tech Co’s”.

More Details

Upstream Detects a Critical Vulnerability in Linux-Based Head Units

Read about how Upstream’s AutoThreat® Intelligence team works to hunt threats that are hiding in the surface, deep, and dark web- allowing you to meet…

More Details

What is Upstream’s AutoThreat® Intelligence?

Upstream’s AutoThreat® Intelligence is the automotive industry’s leading cyber threat intelligence and risk assessment solution. It is purpose-built to collect, analyze, and leverage automotive t

More Details

How AutoThreat® Supports Automotive Cybersecurity

AutoThreat’s® automotive-focused analysts scour the surface, deep, and dark web for incidents that matter most to the automotive ecosystem. Together, our researchers combine both manual…

More Details