May Mobility, a leader in autonomous vehicle (AV) technology, chose Upstream Security to secure its innovative self-driving on-demand mobility technology and services worldwide.

The proliferation of connected vehicles and the journey towards software-defined vehicles has created massive demand for autonomous vehicle capabilities. Autonomous driving systems and kits introduce cutting-edge services and unprecedented efficiencies for safe, accessible, and available transportation. 

However, they also introduce new remote and large-scale cyber risks. Upstream’s cybersecurity detection and response platform (XDR) is uniquely designed to monitor AV systems and effectively detect known and unknown risks. These risks can jeopardize safety and availability, and expose the sensitive data generated by autonomous systems and drivers.

  • IndustryAutonomous
    Vehicle
    Technology
  • Company size300
    employees
  • About May Mobility May Mobility is an autonomous vehicle (AV) technology company redefining the future of autonomy-as-a-service (AaaS). The company’s patented Multi-Policy Decision Making (MPDM) system lets its vehicles learn and adapt on the fly, just like a human driver, making May the leader in scalable, adaptable AV technology. With more than 400,000 rides to date, MPDM’s proven track record has delivered safe, reliable and accessible autonomous transportation solutions in cities across the U.S. and Japan.

THE CHALLENGE:

May Mobility sought to ensure the safety, cybersecurity resilience, and regulatory compliance of its autonomous vehicle systems and related mobility applications. This holistic approach required monitoring not only the physical devices and related protocols but also backend systems, telematics, and application programming interfaces (APIs).

  1. Securing Remote Control Capabilities
    Autonomous vehicle technologies utilize command & control capabilities to manage devices and other features. These advanced capabilities also introduce new attack surfaces that require cybersecurity measures.
  2. Data Security
    Protecting vehicle and consumer data was paramount. This required an extensive API security framework that would cover internal and external APIs, as well as contextualized detection correlating APIs and device telematics.
  3. Scalability
    May Mobility required a solution that could handle the data generated by their autonomous driving kits and scale to support a growing fleet worldwide.
  4. Future-Proof Regulatory Compliance
    As strategic suppliers to OEMs, the scope of ISO/SAE 21434 and UNECE WP.29 R155 also expands to autonomous driving technology providers. New regulations and standards continuously arise, especially as AV adoption grows.

THE SOLUTION:

May Mobility selected Upstream’s multi-layered XDR, API Security, and managed SOC to provide comprehensive cybersecurity protection for its connected devices.

Upstream’s XDR Platform ingests, parses, and normalizes vast amounts of data streams, including sensors, signals, mobility applications, and telematics, and APIs to create a robust digital twin of the device. Based on a holistic multi-layered approach, the Platform monitors autonomous driving devices, backend telematics systems, and API transactions.

The solution offers near-real-time detection against known and unknown threats, enabling comprehensive cybersecurity monitoring and effective mitigation of attacks. ML-based models identify anomalies in the data that signify unknown cybersecurity risks, while pre-configured detectors, built with mobility domain expertise, address known threats. In addition, no-code tools enabled May Mobility to easily configure and build its own custom detectors leveraging the unique understanding of its business and concerns.

Upstream’s API security layer ensures that all traffic, including transactions with external third-party ride-hailing applications, is monitored and secured. This layer provides coverage against OWASP API Top 10 and beyond detecting cases of unauthorized access, command-and-control manipulation, and user data privacy leaks. It ensures that all data exchanged between the autonomous vehicle kits, cloud services, and applications is secure.

The Platform leverages Ocean AI, Upstream’s generative AI layer, to enhance the detection and response capabilities. Ocean AI extracts insights based on the vast amounts of data generated by connected devices, with an easy-to-use natural-language interface. 

Upstream’s purpose-built SOC service provides a “follow the sun” model that enables continuous monitoring worldwide. An experienced team of mobility cyber analysts monitors all cyber aspects to ensure effective response and mitigation of emerging threats. The SOC service integrates seamlessly with May Mobility’s existing processes and workflows, enhancing cross-organizational visibility and security posture while promptly mitigating threats with field-proven playbooks.

THE RESULT:

  • Regulatory Self-Certification: May Mobility is now able to fully comply with evolving regulations as they expand operations, with the option to self-certify using the Upstream Platform as a CSMS.
  • Enhanced Scalability: May Mobility is able to continue to expand its services while maintaining cybersecurity posture. Upstream’s solution provides the scalability needed to manage an expanding AV fleet, supporting additional kits deployed in the field with no impact on service availability and quick time-to-security for new vehicles.
  • Strengthened Security Collaboration: Through strong collaboration with Upstream’s SOC, May Mobility’s security team gains valuable insights and knowledge of the evolving cybersecurity landscape. The collaboration leverages the SOC’s cyber expertise to enhance May Mobility’s risk mitigation with field-tested playbooks and insights.
  • Secured API Communication: May Mobility secures its APIs through traffic monitoring between autonomous driving kits, backend servers, and third-party systems, enabling near-real-time detection of unauthorized commands and ensuring data integrity.
Newsletter Icon

The After-Sales Quality Report, Zooming in on the Power of AI

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

THE RESULT:

  • Regulatory Self-Certification: May Mobility is now able to fully comply with evolving regulations as they expand operations, with the option to self-certify using the Upstream Platform as a CSMS.
  • Enhanced Scalability: May Mobility is able to continue to expand its services while maintaining cybersecurity posture. Upstream’s solution provides the scalability needed to manage an expanding AV fleet, supporting additional kits deployed in the field with no impact on service availability and quick time-to-security for new vehicles.
  • Strengthened Security Collaboration: Through strong collaboration with Upstream’s SOC, May Mobility’s security team gains valuable insights and knowledge of the evolving cybersecurity landscape. The collaboration leverages the SOC’s cyber expertise to enhance May Mobility’s risk mitigation with field-tested playbooks and insights.
  • Secured API Communication: May Mobility secures its APIs through traffic monitoring between autonomous driving kits, backend servers, and third-party systems, enabling near-real-time detection of unauthorized commands and ensuring data integrity.