Meet the Expert: Upstream Detectors Explained

Shachar Azriel, VP Data, explains Upstream’s unique approach to building and formulating detectors on the Upstream Platform. Drilling down to what detectors are exactly, who can build them, and why it’s so important to empower customers to build their own detectors on the platform for tailored cybersecurity detection and response.




What’s a detector? 

A detector is a piece of logic. In practice, this means it’s pseudo code, a basic or advanced one that answers a defined use case. 

Anything in the world has a data signature – When we build these detectors, we need the ability to refine what these signatures are, and where to find them. Our expertise is translating a cyber attack scenario to a simple logic and understanding where we can find it in the data we receive from the OEMs.

Upstream aims to democratize detector creation – Based on our experience, some of the best detectors are built by our customers. The customer has the most valuable insights into their fleet features and the specific use they want to deal with.  The customer is sometimes part of the design process or has access to threat models that provide them with an understanding that we don’t have. 

Upstream helps our customers to translate this unique knowledge into signatures, then analyzes and validates them based on their data. 

How do we know what to look for? 

Based on the fact that we monitor more than 12 million vehicles around the world and collect automotive threat intelligence with AutoThreat we can determine the most common and severe attack vectors and threats in our ecosystem.

Based on that knowledge, we use our expertise to translate these threats to data signatures and extract them from the OEM’s data. 

For example, when a hacker tries to take over a vehicle via an API, there are several stages you need to be able to classify and detect, and if you don’t have the expertise, this kind of attack will stay at an abstract level that can’t be detected or lead to a detector that will generate a high false positives alerts.

Who can build detectors? Does it require any know-how or training?

Upstream’s platform is built and designed to enable customers to build their own use cases, therefore it’s user-friendly and intuitive. With the basic training we provide our customers and partners, almost anyone can build their own detectors!

The user needs to understand which threat he wants to mitigate and which data is collected from their vehicles and servers. From that point he can use our platform to build any kind of pseudo code he desires and validate it.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Upstream 2023 グローバルモビリティ サイバーセキュリティ報告書


More Details

Meet the Expert: Enhancing Investigations with AutoThreat®

Daniel Blum, Product Manager at Upstream Security, shows the integration between AutoThreat® and the Upstream Platform and how this connection empowers investigation teams by providing…

More Details

Automotive cybersecurity: A pre-requisite for connected and software-defined vehicles

The automotive industry is increasingly adopting mobility and cloud technologies, which enable seamless on-the-go experiences such as improved navigation, connectivity, and safety. There is also&helli

More Details

ASRG @ Upstream’s vSOC: IT SOC vs. Vehicle SOC

ASRG’s John Heldreth challenges Upstream’s Giuseppe Serio to explain the difference between the IT SOCs and emerging Vehicle SOCs.

More Details

ASRG @ Upstream’s vSOC: Upstream’s Cloud Approach to Protecting the Connected Vehicle Ecosystem

This is the second video in this exciting series shot in Upstream’s vSOC. In this video, ASRG’s John Heldreth deep dives into Upstream’s cloud-based and…

More Details

ASRG @ Upstream’s vSOC: The Role & Impact of vSOCs

This is the first video in this exciting series shot in Upstream’s vSOC. In this video, Upstream’s Yaniv Maimon and ASRG’s John Heldreth get together…

More Details