Shachar Azriel, VP Data, explains Upstream’s unique approach to building and formulating detectors on the Upstream Platform. Drilling down to what detectors are exactly, who can build them, and why it’s so important to empower customers to build their own detectors on the platform for tailored cybersecurity detection and response.
Script
What’s a detector?
A detector is a piece of logic. In practice, this means it’s pseudo code, a basic or advanced one that answers a defined use case.
Anything in the world has a data signature – When we build these detectors, we need the ability to refine what these signatures are, and where to find them. Our expertise is translating a cyber attack scenario to a simple logic and understanding where we can find it in the data we receive from the OEMs.
Upstream aims to democratize detector creation – Based on our experience, some of the best detectors are built by our customers. The customer has the most valuable insights into their fleet features and the specific use they want to deal with. The customer is sometimes part of the design process or has access to threat models that provide them with an understanding that we don’t have.
Upstream helps our customers to translate this unique knowledge into signatures, then analyzes and validates them based on their data.
How do we know what to look for?
Based on the fact that we monitor more than 12 million vehicles around the world and collect automotive threat intelligence with AutoThreat we can determine the most common and severe attack vectors and threats in our ecosystem.
Based on that knowledge, we use our expertise to translate these threats to data signatures and extract them from the OEM’s data.
For example, when a hacker tries to take over a vehicle via an API, there are several stages you need to be able to classify and detect, and if you don’t have the expertise, this kind of attack will stay at an abstract level that can’t be detected or lead to a detector that will generate a high false positives alerts.
Who can build detectors? Does it require any know-how or training?
Upstream’s platform is built and designed to enable customers to build their own use cases, therefore it’s user-friendly and intuitive. With the basic training we provide our customers and partners, almost anyone can build their own detectors!
The user needs to understand which threat he wants to mitigate and which data is collected from their vehicles and servers. From that point he can use our platform to build any kind of pseudo code he desires and validate it.
