Cloud-native monitoring has secured connected fleets and now meets automotive cyber regulations
What is our primary use case?
The core problem that OEMs face, especially automotive companies who have to take care of cybersecurity for their connected car fleets and vehicles and mobility ecosystem, is securing connected vehicles and mobility ecosystems for cybersecurity threats and misuse. Upstream Security detects threats using existing vehicle telemetry, APIs, telematics, dealers, and mobility data. It helped us monitor fleets at scale, almost in a real-time basis and supported our cybersecurity compliance requirements. There is a UN regulation R155 and ISO 21434 that we needed to meet.
The number one feature of Upstream Security, based on their technical architecture, is how to inject and analyze data. Data comes in from all different sources, and we needed near real-time detection and anomaly detection within the platform, plus rule-based intelligence. The integration of telematics, over the air updates, APIs, diagnostics, and dealer data is the most important aspect that we used Upstream Security to ingest that data from various different fields and eventually analyze data for us.
Upstream Security is very important for organizations, especially OEMs. If there is a vehicle security operation center which has to be set up for 24 into 7 monitoring of the fleets, if we want to connect it to mobility, all of this involves integration of telematics, API, diagnostic, dealer data, and managing compliance at the end of the day is extremely important. This has really helped us as an OEM to secure connected fleet and meet regulatory requirements, which is eventually very important for us to be able to sell any data to the end customer.
What is most valuable?
Scalability was very important and Upstream Security was able to meet our requirement. They have a very good machine learning-based detection intelligence. The overheads are potentially operationally very minimal because they have an agentless working model. The cloud-based and agentless architecture works out extremely well for our organization, as we were looking for something on those lines. It has AI and machine learning powered detection and provides GenAI assisted investigations.
In addition to regulatory compliance support, the biggest strengths in summary are that it is cloud-native, agentless, an automotive extended detection and response platform, AI-driven anomaly detection, and digital twin-based visibility. It has the ability to secure our connected vehicle ecosystem at scale and supports our compliance requirements.
From the perspective of what we are referring to, the first thing that we had in our mind is that because of the connected car ecosystem, there are a lot of threats. The company has really benefited from the implementation of Upstream Security by reducing the business risk. From the perspective of regulatory readiness, we needed more than just documentation—we needed operational support and continuous monitoring that is aligned to UN regulation 155 and the ISO standard of 21434. Faster deployment occurred over time, as the start was slow but eventually there is less operational friction and the deployment is faster as time progresses. It has provided visibility through a 24 to 7 vehicle SOC, and we do not have siloed vehicle monitoring anymore. We are using Upstream Security for 24 to 7 fleet visibility. It provides fleet-wide visibility for connected vehicles, takes care of business risks, has helped us with compliance readiness, reduced time for investigating anomalies, and improved our detection capability of any kind of fraud or misuse. Customer impacting incidents have extremely come down.
What needs improvement?
Before and after analysis shows that mean time to detect anomalies in vehicles came down significantly. It is not only mean time to detect but mean time to respond as well to incidents and containing the incident that came down as well. Fleet visibility coverage went on to become significantly higher percentage connected vehicles being monitored. Cost avoidance occurred because of proactive detection, defects were caught early, and warranty claim reduction came down. There are operational ROIs, warranty ROIs, compliance ROIs, deployment and operational ROIs, and business risk ROIs. We could measure cost avoidance, efficiency gains, revenue protection, and various things on which we could measure the ROI.
Areas of improvement or enhancement that could be considered are probably a few. Upstream Security can provide deeper native visibility in ECU level behavior. Reduction in false positives is possible because even though the AI and ML detections are very powerful, sometimes security teams want more explainability, and alert fatigue can occur, which is the case with most platforms, nothing very specific to Upstream Security. There could be strong root cause correlation across IT, vehicle, cloud, more improved attack path mapping across telemetrics, and more predictive security. If there is one thing that we would possibly want Upstream Security to look at further enhancing, it is moving beyond detection towards analysis and analytics going forward. This is what most of the OEMs would be looking for.
Upstream Security is a great platform and nothing is apparently or fundamentally missing. We expect more visibility, more reduction of false positives, better explainability, simpler dashboards, stronger root cause analysis, strong ecosystem integration, and so forth. This is the case with every platform, and there is no platform that would rate as 10 on 10 because there is always scope for improvement. Our rating of nine marks all the boxes, but the continuous improvement aspect has taken away one out of that number 10.
For how long have I used the solution?
I have been using Upstream Security at Nissan Motor for over two years.
What do I think about the stability of the solution?
Upstream Security has proven to be very stable. The first year was not as business impact focused and ROI driven as what is possibly the third year. The company itself is quite stable. We have been using Upstream Security for all practical use cases for our organization. The strategic investors in Upstream Security are also related to protecting millions of vehicles. Not only is the long-term resilience of the company Upstream Security itself good, but they have been equally good for us.
What do I think about the scalability of the solution?
Scalability was able to meet our requirement in all aspects. Upstream Security has very good machine learning-based detection intelligence. The overheads are potentially operationally very minimal because they have an agentless working model.
How are customer service and support?
Upstream Security's customer support does not require too much effort in order to make sure that we get the support when we require it. Because this is an enterprise software, the support that we have taken from Upstream Security includes a technical account manager who is named and associated with us. We have priority support where we have SLAs with respect to commitment on response times and resolution times. They have a defined escalation model and coverage across the globe in India, Europe, and the US. The SLAs are defined, the responsiveness is good, and the support quality has not been lacking. Our rating for this aspect is nine again.
Which solution did I use previously and why did I switch?
We did not make a switch, and we did not have a solution before. We were looking at getting a solution and chose Upstream Security as our choice of solution. This was not a replacement, but we could look at choosing Upstream Security for all practical purposes. We also evaluated Harman Shield and Argus Cyber security. Argus and Harman Shield were the other two comparatives that we were comparing Upstream Security against, and we chose Upstream Security.
How was the initial setup?
The setup was not straightforward. It takes time to be able to understand how the agentless model works and how the cloud-native deployment possibly works. There is a lot of handholding that is required before we start to implement and use Upstream Security for all practical purposes. There was a steep learning curve that was involved, but the help from Upstream came in extremely handy. There are limitations as well that needed to be understood before we could implement telemetry data into Upstream Security platform. Understanding how the platform works, how the agentless systems work, and how the cloud-based detection happens with the existing mobility data that we have did not make this entire experience at the start extremely smooth. It took a lot of sitting down with the experts and making a real good understanding of how the system works and how the integration works so that we became independent to a large extent, but we still have the support and maintenance from Upstream Security working for us.
In terms of pricing and licensing, we were able to get not a one-year deal but a five-year deal with Upstream Security. We have a long-term engagement and this gives us a better discounting mechanism as well for Upstream Security. As far as pricing is concerned, the pricing is quite comparative and is on the highest side. The basic model is that platform licensing is annual subscription over a period of five years. It manages all our fleets and vehicles and has data volumes. Setup and onboarding cost was one time for professional services for integration and telemetry normalization. We also have a managed SOC that is managed internally, so we are not taking the support of Upstream Security. We have in-house analysts who do the monitoring 24 to 7. Slowly and slowly, we also looked at getting more API security related modules and detection related modules from Upstream Security. Our licensing is therefore very aligned to fleet coverage, telemetry, integration, and use cases. It is not dependent on endpoint agents. Upstream Security was made known as to how many vehicles we would be talking of or the telemetric volume possibly is. As far as the setup cost is concerned, the setup cost includes data onboarding, ingestion mapping, money for and effort for detection tuning, baselining, integration with the various other platforms like SIEM, SOAR, ticketing, compliance workflows, training, and runbooks.
What about the implementation team?
We purchased this through one of our vendor partners or a consulting partner, and they were the ones who recommended it.
What was our ROI?
Mean time to detect came down significantly. Time to detect the anomalies in vehicles came down significantly, and mean time to respond as well to incidents and containing the incident that came down as well. Fleet visibility coverage went on to become significantly higher percentage connected vehicles being monitored. Cost avoidance also occurred because of proactive detection, defects were caught early, and warranty claim reduction came down. There are operational ROIs, warranty ROIs, compliance ROIs, deployment and operational ROIs, and business risk ROIs. We could measure cost avoidance, efficiency gains, revenue protection, and this actually sums up various things on which we could measure the ROI.
What's my experience with pricing, setup cost, and licensing?
The setup cost has been reduced considerably because we are using a cloud. Setup and onboarding cost was one time for professional services for integration and telemetry normalization. The setup cost includes data onboarding, ingestion mapping, money for and effort for detection tuning, baselining, integration with the various other platforms like SIEM, SOAR, ticketing, compliance workflows, training, and runbooks.
Which other solutions did I evaluate?
We did not make a switch, and we did not have a solution before. We were looking at getting a solution and chose Upstream Security as our choice of solution. This was not a replacement. We evaluated Harman Shield and Argus Cyber security as the other two comparatives that we were comparing Upstream Security against, and we chose Upstream Security.
What other advice do I have?
Upstream Security is both cloud-based and agentless in architecture, which works out extremely well for our organization, as we were looking for something on those lines. It has AI and machine learning powered detection and provides GenAI assisted investigations. In addition to regulatory compliance support, the biggest strengths are that it is cloud-native, agentless, an automotive extended detection and response platform, AI-driven anomaly detection, and digital twin-based visibility. It has the ability to secure our connected vehicle ecosystem at scale and supports our compliance requirements.
Mean time to detect anomalies in vehicles came down significantly. It is not only mean time to detect but mean time to respond as well to incidents and containing the incident that came down as well. Fleet visibility coverage went on to become significantly higher percentage connected vehicles being monitored. Cost avoidance occurred because of proactive detection, defects were caught early, and warranty claim reduction came down. There are operational ROIs, warranty ROIs, compliance ROIs, deployment and operational ROIs, and business risk ROIs. We could measure cost avoidance, efficiency gains, and revenue protection, and this actually sums up various things on which we could measure the ROI. Our overall rating for Upstream Security is nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Securing connected truck devices has reduced cyber attacks and still needs file transfer support
What is our primary use case?
My main use case for
Upstream Security is securing the connected devices in our fleet of transportation trucks throughout the US.
We have devices placed in these trucks connected through Bluetooth, but we were concerned about potential attacks on the terminals. Upstream Security has enabled us to secure the channel through various protocols and utilize communication via HTTPS, allowing us to secure our operations using different layers of the Upstream Security application.
This use case has proven to be successful and aligns well with the features we are satisfied with.
What is most valuable?
Upstream Security's best features include having all the upgraded versions to protect us from the cyber attacks occurring in our environment, which provides a prominent defense against these threats.
Upstream Security has positively impacted my organization as manual intervention has been reduced by 60% of the time, saving us considerable resources. The guardrails provided by Upstream Security are essential and have protected us from external cyber attacks, resulting in an overall 30% reduction in cyber attacks that occurred in our network systems and connected devices from previous years to the current implementation.
What needs improvement?
I believe Upstream Security should expand its current implementation to cover not only the connected devices but also consider scenarios where GPS is active, providing protection against external security threats that may arise.
The current user interface is excellent and the support is commendable. However, whenever a new feature enters alpha testing, it should be opened before prototyping and go through beta testing. When features are rolled out to full-fledged users, training materials, user manuals, or guides should be provided so that end users have a clear understanding.
I rate Upstream Security a seven out of ten because I suggest an improvement regarding the connected devices. When dealing with Bluetooth, GPS services, and overall security layers, the solution should also assist in transferring files. Currently, all communication happens over HTTPS, but I recommend that the FTP protocol should also be considered to facilitate easier sharing of media files within the connected devices.
For how long have I used the solution?
I have been using Upstream Security for more than three years.
What do I think about the stability of the solution?
With the current beta version, Upstream Security is stable enough.
What do I think about the scalability of the solution?
In terms of scalability, different cloud service providers have partnerships with Upstream Security. While it should expand beyond that, Upstream Security demonstrates good scalability, whether horizontal or vertical, happening effectively within a very short time.
How are customer service and support?
Customer support has been responsive, and I have received good responses in a timely manner whenever we require services.
How was the initial setup?
Upstream Security is deployed in our organization using a private cloud hosted over
AWS.
The cloud provider we use for our private cloud is Amazon AWS.
We have the services hosted for the overall applications along with Upstream Security through the AWS Marketplace.
What was our ROI?
I have seen a return on investment with an overall reduction in resources, including a 60% time savings and a 30% reduction in cyber attacks compared to previous periods.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been excellent. The pricing is fair, the overall licensing is very comfortable, and there are no issues. I believe the overall experience has been positive.
Which other solutions did I evaluate?
Before choosing Upstream Security, we had a reference from one of our colleagues who worked in similar systems, which led us to choose it without evaluating other options available in the market.
What other advice do I have?
For others looking into using Upstream Security, my advice is that when considering security for connected devices, whether Upstream Security or any other solution, they should discuss the latest cyber attacks and any malware incidents, ensuring these are included in the solutioning approach before deciding on a product to purchase. I rate Upstream Security a seven out of ten overall.
