What is Upstream currently doing in the VSOC operation space?

Upstream’s VSOC analyzes and contextualizes real-time automotive data to develop an automotive-specific security operations center for today’s most advanced private, business, and fleet vehicles. The Vehicle Security Operations Center (VSOC) relies on this high-quality data to predict, detect, and respond to today’s most sophisticated cybersecurity threats. Protect vehicles, comply with UNECE WP.29 regulations and ISO/SAE 21434 standards, and ensure vehicles are secure at all times.



Upstream provides security coverage for millions of connected vehicles.

This is not just about monitoring. We’re providing both managed detection and response capabilities for our clients, from alert triage and investigation of incidents to building playbooks and conducting mitigation activities.

We work closely with our clients, where we provide the “brainpower” – our unique mix of automotive, cybersecurity, and anti-fraud expertise, and, of course, the know-how of how to best leverage the Upstream Platform.

We focus mostly on the OT element of monitoring, which in many ways is more complex than monitoring IT assets. In IT, the SOC mostly monitors assets owned by the organization and specifically by its IT business unit, like PCs, servers, network equipment, and the like. In VSOC – the assets that we monitor – the vehicles – are owned by the consumers. And not only that – from the OEM’s perspective, the vehicle is a product owned by dozens of business units, again, very much unlike IT.

To address this complexity, we focus our operational work around three critical actions that ensure a properly functioning VSOC as we handle threats. They predict, detect, and respond.

Proper prediction starts at the beginning of the VSOC development process when relevant teams and stakeholders are consulted to gain a 360-degree view of the threats and risks connected vehicles face, allowing us to understand possible future vulnerabilities and attack vectors.

Detection actions surround effective triage and investigation analysis. We classify each incident and analyze its severity and understand the potential impact on the vehicle, on the fleet, or on the server.

Next, we review the suspected vehicle’s digital twin to conduct a deeper analysis and cross-reference this with the vehicle’s software, hardware, etc, and so on.

If needed, we’ll consult with one of the OEM’s Subject Matter Experts (SME) before providing an initial conclusion and implementing a relevant response.

Based on experiences with our clients, a response might be

– Stopping an OTA update from deploying – when identifying potentially vulnerable, faulty, or malicious updates

– Blocking a user – after seeing abuse on a connected vehicle companion app

– or Notifying other operational teams or escalating an incident as needed

In summary, our unique industry position allows us to help you, the OEMs, set up and even take on the full responsibility of running a fully operational VSOC.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

The high-impact automotive cyber security trends and incidents of H1-2022

This webinar will discuss three emerging cyber threats and their potential impact on end users, OEMs, and the entire smart mobility ecosystem.

More Details

H1’2022 Automotive Cyber Trend Report

This report offers extensive coverage and analysis of automotive-specific cyber incidents across all attack vectors and their impact on the wide ecosystem.

More Details

EV 充電所 拡大に向けて: EV充電所インフラ安全確保への課題

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

The Leading Managed Vehicle SOC: Actively Protecting Millions of Vehicles for OEMs Worldwide

Protect automotive cybersecurity with an automotive-specific Vehicle Security Operations Center (VSOCs) to address the complexity of cyberattacks targeting OT networks, such as connected vehicles and&

More Details

Beyond Cyber: Upstream Puts Data in Motion

Automotive data in the cloud breaks silos, allowing teams to analyze information in the pursuit of identifying exciting new revenue opportunities.

More Details

2022 グローバルモビリティ サイバーセキュリティ報告書

2022 グローバルモビリティ サイバーセキュリティ報告書2022年版のサイバーセキュリティ報告書では過去10年に実際に 起こったサイバー攻撃の脅威を

More Details