Vehicle SOC: Incident Detection and Response with Upstream C4

TEAM UPSTREAM

[Transcript]

In this presentation we will demonstrate the architecture and operation of a Vehicle SOC or VSOC, encompassing IT and OT security operations while leveraging incident detection and response with The Upstream Platform.

The right side shows a typical IT SOC  – Assets on the IT network are monitored such as mobile phones, Servers, Network devices and endpoints. The left side shows a typical OT  automotive environment – with a range of monitored assets such as Telematics servers (sending and receiving messages to/from the vehicles), the vehicles themselves, the different mobility services as well as the vehicle APIs and sensors.

In the IT environment – assets are protected by IT cybersecurity detection products – such as Firewalls, Endpoint security, etc designed to detect both insider and outsider threats. In the OT environment assets are protected by an Automotive Cloud cybersecurity solution – Upstream’s C4 platform.

Events and incidents detected by the IT and OT solutions are then sent to the SIEM solution for aggregation, investigation and triage within the SOC by the trained analysts. In addition, the solution typically includes a Workflow product to take the necessary actions to mitigate the potential threats.

Now let’s take a look at an example of an automotive cyber-attack and the detection-triage-mitigation lifecycle within the vSOC.

  • A hacker remotely exploits a vulnerability to take over the Telematics server. Once control is gained, the hacker can steal sensitive data, track vehicle locations and maliciously attack multiple vehicles (for example by sending remote commands such as unlock door or stop engine). The result can potentially impact the entire service
  • Upstream’s cloud-based platform detects the malicious attack and indicates an incident on its main dashboard – as you can see here with a high risk indicator for this scenario.
  • Using the seamless integration of the automotive SIEM module of Upstream’s C4 to the IT SIEM, the incident is aggregated and appears in the IT SIEM dashboard.
  • SOC analysts can now perform a deep investigation and analysis to decide on the mitigation plan or using a workflow to trigger pre defined playbooks that will remediate the attack and mitigate the impact on the vehicles and entire service.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

H1’2024 Report: Redefining Automotive & Smart Mobility IoT Cyber Risks

SIM-enabled IoT devices, primarily in the automotive and smart mobility ecosystem, have evolved into critical infrastructure, redefining cyber risks and requiring stakeholders to ensure safety,&hellip

More Details

Redefining automotive and smart mobility IoT cyber risks

SIM-enabled IoT devices, primarily in the automotive and smart mobility ecosystem, have evolved into critical infrastructure, redefining cyber risks and requiring stakeholders to ensure safety,&hellip

More Details

Upstream、日本での事業拡大のため元富士通幹部を迎える

佐藤俊也は、日本におけるUpstreamの成長加速の陣頭指揮をとります。 Upstreamは、2024年グローバルモビリティサイバーセキュリティ報告書の日本語版�

More Details

Exploring Upstream’s Cybersecurity Report with Giuseppe Serio

The episode explores the latest developments in automotive cybersecurity, focusing on the Upstream Cybersecurity Threat Report for 2023. It highlights the importance of responsible disclosure…

More Details

IoT Cybersecurity in an Evolving Regulatory Landscape

The rising use of IoT devices has transformed operations in the mobility and automotive ecosystem. However, this expansion has also escalated the risks associated with…

More Details

Enhance Cybersecurity Investigations with Ocean AI by Upstream

In the fast-evolving world of automotive and mobility cybersecurity, Ocean AI by Upstream adds another tool to the toolkit used by analysts to identify and…

More Details