What is Upstream currently doing in the VSOC operation space?

Upstream’s VSOC analyzes and contextualizes real-time automotive data to develop an automotive-specific security operations center for today’s most advanced private, business, and fleet vehicles. The Vehicle Security Operations Center (VSOC) relies on this high-quality data to predict, detect, and respond to today’s most sophisticated cybersecurity threats. Protect vehicles, comply with UNECE WP.29 regulations and ISO/SAE 21434 standards, and ensure vehicles are secure at all times.



Upstream provides security coverage for 5 million connected vehicles.

This is not just about monitoring. We’re providing both managed detection and response capabilities for our clients, from alert triage and investigation of incidents to building playbooks and conducting mitigation activities.

We work closely with our clients, where we provide the “brainpower” – our unique mix of automotive, cybersecurity, and anti-fraud expertise, and, of course, the know-how of how to best leverage the Upstream Platform.

We focus mostly on the OT element of monitoring, which in many ways is more complex than monitoring IT assets. In IT, the SOC mostly monitors assets owned by the organization and specifically by its IT business unit, like PCs, servers, network equipment, and the like. In VSOC – the assets that we monitor – the vehicles – are owned by the consumers. And not only that – from the OEM’s perspective, the vehicle is a product owned by dozens of business units, again, very much unlike IT.

To address this complexity, we focus our operational work around three critical actions that ensure a properly functioning VSOC as we handle threats. They predict, detect, and respond.

Proper prediction starts at the beginning of the VSOC development process when relevant teams and stakeholders are consulted to gain a 360-degree view of the threats and risks connected vehicles face, allowing us to understand possible future vulnerabilities and attack vectors.

Detection actions surround effective triage and investigation analysis. We classify each incident and analyze its severity and understand the potential impact on the vehicle, on the fleet, or on the server.

Next, we review the suspected vehicle’s digital twin to conduct a deeper analysis and cross-reference this with the vehicle’s software, hardware, etc, and so on.

If needed, we’ll consult with one of the OEM’s Subject Matter Experts (SME) before providing an initial conclusion and implementing a relevant response.

Based on experiences with our clients, a response might be

– Stopping an OTA update from deploying – when identifying potentially vulnerable, faulty, or malicious updates

– Blocking a user – after seeing abuse on a connected vehicle companion app

– or Notifying other operational teams or escalating an incident as needed

In summary, our unique industry position allows us to help you, the OEMs, set up and even take on the full responsibility of running a fully operational VSOC.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

By clicking Subscribe, I agree to the use of my personal data in accordance with Privacy Policy. Upstream will not sell, trade, lease, or rent your personal data to third parties.

Protecting Electric Vehicles: Modern Cybersecurity Solutions and the Road to Revenue

There is much to enjoy in the performance of electric vehicles and advanced features of electric vehicles, yet each connected capability such as GPS, mobile…

More Details

Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats

Read about how a multi-layered cloud-based approach can protect today’s commercial vehicles while streamlining data processes.

More Details

Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre

OEMs are relying on their connected vehicles to drive them from “Car Co’s” to “Tech Co’s”.

More Details

Upstream Detects a Critical Vulnerability in Linux-Based Head Units

Read about how Upstream’s AutoThreat® Intelligence team works to hunt threats that are hiding in the surface, deep, and dark web- allowing you to meet…

More Details

What is Upstream’s AutoThreat® Intelligence?

Upstream’s AutoThreat® Intelligence is the automotive industry’s leading cyber threat intelligence and risk assessment solution. It is purpose-built to collect, analyze, and leverage automotive t

More Details

How AutoThreat® Supports Automotive Cybersecurity

AutoThreat’s® automotive-focused analysts scour the surface, deep, and dark web for incidents that matter most to the automotive ecosystem. Together, our researchers combine both manual…

More Details