Vehicle SOC: Incident Detection and Response with Upstream C4

TEAM UPSTREAM

[Transcript]

In this presentation we will demonstrate the architecture and operation of a Vehicle SOC or VSOC, encompassing IT and OT security operations while leveraging incident detection and response with The Upstream Platform.

The right side shows a typical IT SOC  – Assets on the IT network are monitored such as mobile phones, Servers, Network devices and endpoints. The left side shows a typical OT  automotive environment – with a range of monitored assets such as Telematics servers (sending and receiving messages to/from the vehicles), the vehicles themselves, the different mobility services as well as the vehicle APIs and sensors.

In the IT environment – assets are protected by IT cybersecurity detection products – such as Firewalls, Endpoint security, etc designed to detect both insider and outsider threats. In the OT environment assets are protected by an Automotive Cloud cybersecurity solution – Upstream’s C4 platform.

Events and incidents detected by the IT and OT solutions are then sent to the SIEM solution for aggregation, investigation and triage within the SOC by the trained analysts. In addition, the solution typically includes a Workflow product to take the necessary actions to mitigate the potential threats.

Now let’s take a look at an example of an automotive cyber-attack and the detection-triage-mitigation lifecycle within the vSOC.

  • A hacker remotely exploits a vulnerability to take over the Telematics server. Once control is gained, the hacker can steal sensitive data, track vehicle locations and maliciously attack multiple vehicles (for example by sending remote commands such as unlock door or stop engine). The result can potentially impact the entire service
  • Upstream’s cloud-based platform detects the malicious attack and indicates an incident on its main dashboard – as you can see here with a high risk indicator for this scenario.
  • Using the seamless integration of the automotive SIEM module of Upstream’s C4 to the IT SIEM, the incident is aggregated and appears in the IT SIEM dashboard.
  • SOC analysts can now perform a deep investigation and analysis to decide on the mitigation plan or using a workflow to trigger pre defined playbooks that will remediate the attack and mitigate the impact on the vehicles and entire service.

Newsletter Icon

Subscribe
to our newsletter

Sign up to receive updates delivered to your inbox

スマート・モビリティにおけるAPIの保護

UpstreamのAPIセキュリティおよび監視ソリューションは、自動車とサイバーの専門知識とコネクテッドカーの運転状態を階層化して、脆弱性、攻撃、構

More Details

パートナーアプローチにより効果的なVSOCの構築ができます

当社のVSOCは、サイバーセキュリティ管理システム(CSMS)の重要なコンポーネントです。VSOCをお客様自身で社内で管理する場合でも、弊社や導入パート

More Details

アップストリームプラットフォームとは

アップストリームプラットフォームは、コネクテッドカー向けのサイバーセキュリティおよびデータ管理プラットフォームです。これは、モビリテ

More Details

アップストリーム・プラットフォームはWP.29 & ISO/SAE 21434 準拠にどのように役立ちますか?

当社の高度なエージェントレス・サイバーセキュリティ・ソリューションは、既存のテレマティクス・データストリームに基づいてクラウド上に構

More Details

ビデオ(視聴時間40分):自動車とスマートモビリティのAPIを保護する

OEM やスマートモビリティ・ベンダーが高度な API セキュリティ保護を実装しているにもかかわらず、自動車エコシステム全体では API を利用した攻撃

More Details

Monitoring and Protecting Smart Mobility Services & Applications

Monitoring and Protecting Smart Mobility Services & Applications

More Details