Meet the Expert: Upstream Detectors Explained

Shachar Azriel, VP Data, explains Upstream’s unique approach to building and formulating detectors on the Upstream Platform. Drilling down to what detectors are exactly, who can build them, and why it’s so important to empower customers to build their own detectors on the platform for tailored cybersecurity detection and response.




What’s a detector? 

A detector is a piece of logic. In practice, this means it’s pseudo code, a basic or advanced one that answers a defined use case. 

Anything in the world has a data signature – When we build these detectors, we need the ability to refine what these signatures are, and where to find them. Our expertise is translating a cyber attack scenario to a simple logic and understanding where we can find it in the data we receive from the OEMs.

Upstream aims to democratize detector creation – Based on our experience, some of the best detectors are built by our customers. The customer has the most valuable insights into their fleet features and the specific use they want to deal with.  The customer is sometimes part of the design process or has access to threat models that provide them with an understanding that we don’t have. 

Upstream helps our customers to translate this unique knowledge into signatures, then analyzes and validates them based on their data. 

How do we know what to look for? 

Based on the fact that we monitor more than 12 million vehicles around the world and collect automotive threat intelligence with AutoThreat we can determine the most common and severe attack vectors and threats in our ecosystem.

Based on that knowledge, we use our expertise to translate these threats to data signatures and extract them from the OEM’s data. 

For example, when a hacker tries to take over a vehicle via an API, there are several stages you need to be able to classify and detect, and if you don’t have the expertise, this kind of attack will stay at an abstract level that can’t be detected or lead to a detector that will generate a high false positives alerts.

Who can build detectors? Does it require any know-how or training?

Upstream’s platform is built and designed to enable customers to build their own use cases, therefore it’s user-friendly and intuitive. With the basic training we provide our customers and partners, almost anyone can build their own detectors!

The user needs to understand which threat he wants to mitigate and which data is collected from their vehicles and servers. From that point he can use our platform to build any kind of pseudo code he desires and validate it.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Ford Trucks Collaborates with Upstream Security to Protect Its Connected Vehicles Against Cybersecurity Risks

More Details

Automotive Fraud Management Product Sheet

Monitor and detect fraudulent activities targeted to bypass subscription fees, gain access to premium features, and manipulate vehicles for warranty-related gains

More Details

Watch: Contextual API security – Protecting vehicle fleet infrastructure and critical data

APIs are powerful innovation enablersand also prime targets for cybersecurity attacks. In this webinar, experts from AWS and Upstream explain why API discovery, monitoring, and…

More Details

Contextual API security – Protecting vehicle fleet infrastructure and critical data

APIs are powerful innovation enablers…and also prime targets for cybersecurity attacks. In this webinar, experts from AWS and Upstream explain why API discovery, monitoring, and detection must

More Details

API Security for Fleet Management Platforms

Upstream’s API Security Is Purpose-Built to Protect Business Operations, Applications and Services

More Details

API Security Product Sheet

Upstream’s API Security solution is uniquely designed to correlate between API traffic and the contextual impact they have on operational systems and assets.

More Details