DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Upstream Deepens Investment in Michigan, US with a New Vehicle Security Operation Center

Upstream | September 08, 2022 | Read time : 02:50 min

Upstream
Upstream, the creator of industry-leading cloud-based cybersecurity and data management platform for connected vehicles and smart mobility, is opening its first U.S.-based vehicle security operation center (vSOC) in Ann Arbor, Michigan, to closely surveil and mitigate emerging cyber threats and risks for its U.S.-based automotive clients.

Data and connectivity are the foundation of the automotive industry's transformation, unlocking new revenue streams and business opportunities for automotive stakeholders and users. But, connectivity and mobility applications bring a wide range of cyber risks.

"Upstream enables OEMs to build trust into the connected vehicles ecosystem. "Our platform monitors over 12 million vehicles worldwide. We see new attack surfaces and threats on a regular basis, fueled by a wide variety of vulnerabilities, including EV charging networks, expanded use of smartphone apps that control basic car functions and infotainment systems. This is the right timing to open our U.S.-based vSOC, and Michigan is a natural choice."

Yoav Levy, CEO and co-founder of Upstream

"Companies continue to invest in Michigan because of our world-class talent, quality of life, low cost of doing business and culture of innovation," said Trevor Pawl, Michigan's Chief Mobility Officer. "Michigan remains committed to being the global epicenter of the next revolution of the automotive industry and we applaud Upstream's continued success and investment in Michigan's autonomous and electrified future."

"Vehicles are benefiting from a wave of technology innovation, producing transportation that is safer and smarter thanks to connectivity," said Faye Francy, executive director of Auto-ISAC, a global information sharing community established by automakers to address cybersecurity risks. "The very technology that provides us with these new efficiencies also introduces potential cyber risk to the vehicle, and vSOC operations is an application for the automotive industry to proactively address the risk."

In fact, Upstream found more than 50 percent of all reported automotive-related cybersecurity incidents took place during the past two years alone.

"Customer experience applications, by OEMs and smart mobility providers, are one of the fastest growing attack surfaces and account for 6 percent of total attacks in 2022 so far compared to 2 percent in 2021, explains Yaniv Maimon, Upstream's director of vSOC. "Charging stations and infrastructure have also become a significant concern, especially given range anxiety concerns and the constant pressure to accelerate EV adoption."

At the Michigan vSOC, Upstream is hiring and training experienced local cyber and automotive experts to operate the vSOC, offer cross-functional response and mitigate attacks in real time.

"Southeast Michigan's emergence as a high-tech mobility hub and its proximity to our automotive customers, their Tier-1 suppliers and cybersecurity talent makes it a perfect setting for our new vSOC," Levy said, adding that traditional security operation centers focus on compliance and IT assets and lack the holistic and contextual view required to mitigate cybersecurity threats against vehicles, services and entire fleets.

The Michigan-based vSOC is expected to be fully operational by the end of the year. It adds to Upstream's growing network of automotive-specific security centers already active in Israel, and coming soon in Japan. Additional vSOC investments are expected in Europe in the near future.

About Upstream:
Upstream provides a cloud-based data management platform purpose-built for connected vehicles, delivering unparalleled automotive cybersecurity detection and response (V-XDR) and data-driven applications.

The Upstream Platform unlocks the value of vehicle data, empowering customers to build connected vehicle applications by transforming highly distributed vehicle data into centralized, structured, contextualized data lakes. Coupled with AutoThreat® Intelligence, the first automotive cybersecurity threat intelligence solution, Upstream provides industry-leading cyber threat protection and actionable insights, seamlessly integrated into the customer's environment and Vehicle Security Operation Centers (vSOC).

Spotlight

Obbe Knoop, vice president - worldwide sales, Nozomi Networks Disruption to operational technology can cause business downtime as well as serious public safety issues, so a nuanced approach to cybersecurity is essential, says Obbe Knoop of Nozomi Networks. In this video interview at the recent RSA APJ 2018 conference in Singapore, Knoop discusses: OT-IT integration and the security risks it has brought about; The OT threat landscape; The challenges involved in securing OT systems.

Spotlight

Obbe Knoop, vice president - worldwide sales, Nozomi Networks Disruption to operational technology can cause business downtime as well as serious public safety issues, so a nuanced approach to cybersecurity is essential, says Obbe Knoop of Nozomi Networks. In this video interview at the recent RSA APJ 2018 conference in Singapore, Knoop discusses: OT-IT integration and the security risks it has brought about; The OT threat landscape; The challenges involved in securing OT systems.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Synack Joins the Microsoft Intelligent Security Association, Bringing the Power of Continuous and on Demand Security to Microsoft Azure

Synack | September 13, 2022

Synack, a premier platform for on-demand security expertise, announced that it has joined the Microsoft Intelligent Security Association (MISA) and is available through integration with Microsoft Sentinel, giving enterprises globally seamless access to a worldwide network of top security researchers working around the clock to protect their cloud assets. Becoming part of MISA, an ecosystem of independent software vendors and managed security service providers, builds on a growing collaboration between Synack and Microsoft and is a testament to both organizations' commitment to providing easier, more flexible and scalable cybersecurity solutions. Microsoft Sentinel is a cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution designed to reduce unnecessary friction in the vulnerability remediation process. It also provides early threat detection and rapid response to sophisticated attacks to facilitate shorter resolution times and lower the number of security incidents. "Our integration with Microsoft Sentinel couldn't be more timely and important today as organizations everywhere are scrambling to find enough skilled practitioners to protect them against punishing cyberattacks. We help solve that talent gap with our platform that combines a powerful network of ethical hackers with the most advanced technology. "We look forward to building on this important relationship with Microsoft." Jay Kaplan, Synack's CEO Cyberattacks on cloud environments are expected to increase, putting enterprises and critical infrastructure providers at greater risk of supply chain, ransomware and nation-state attacks. As a result of these threats, the Biden administration has called on organizations to deploy third-party testing "to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors." The Synack integration with Microsoft Sentinel enables customers to respond to this challenge. "Members of MISA integrate their security solutions with Microsoft's security technology to gain more signal, increase visibility and better protect against threats. By extending Microsoft's security capabilities across the ecosystem, we help our shared customers to succeed," said Maria Thomson, Microsoft Intelligent Security Association Lead. "This vibrant security ecosystem is valuable to our shared customer base because it reduces the cost and complexity of integrating disparate security tools." Synack will deliver insights through its Microsoft Sentinel integration, enabling security teams to correlate these findings with Microsoft Sentinel data to gain end-to-end visibility, comprehensively investigate and take action on threats. In addition to the Microsoft Sentinel integration and MISA membership, Synack also recently announced another integration with Microsoft's Security and Compliance for Cloud Infrastructure solution that will further enhance Microsoft Azure protections. ABOUT SYNACK: Synack's premier on-demand security testing platform harnesses a talented, vetted community of security researchers and smart technology to deliver continuous penetration testing and vulnerability management, with actionable results. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most-trusted security researchers in the world. Headquartered in Silicon Valley with regional teams around the world, Synack protects global banks, federal agencies, DoD classified assets and more than $6 trillion in Fortune 500 and Global 2000 revenue.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Veza Announces Open Authorization API to Extend Identity-First Security Across the Enterprise Data Landscape

Veza | December 02, 2022

Veza today announced that its Open Authorization API (OAA) is now public on GitHub for community collaboration, extending the reach of identity-first security across the enterprise. Developers can now create and share connectors to extend the Veza Authorization Graph to all sensitive data, wherever it lives, including cloud providers, SaaS apps, and custom-built internal apps, accelerating their company’s path to zero trust security. Security professionals espouse the principle of ‘Least Privilege’ to secure enterprise data, but the rush to a multi-cloud, multi-app environment has exploded the complexity and layers of interconnection for which access must be understood, monitored, and constantly remediated to achieve and maintain least privilege. Recent attacks on Okta and Twilio demonstrate that companies are allowing overly-broad access to data via constructs of groups, roles, policies, and system specific permissions. Veza connects the dots of effective permissions across cloud providers, SaaS apps and identity platforms, making it easy to visualize who can view or delete sensitive data. OAA allows organizations and the broader community to create their own integrations with Veza, extending visibility to any resource, including SaaS apps like GitLab and Jira as well as custom-built internal apps. “The vast majority of cybersecurity failures are rooted in issues with the gap that exists between identity, access to data, and permissions,” said Tarun Thakur, co-founder and CEO, Veza. “Since our founding, we have been committed to protecting our customers from threats like ransomware, privilege abuse, and data breaches. With Veza Open Authorization API, we are extending our identity-first security approach broadly in the market and arming organizations with the tools they need to remediate undesirable and unnecessary data access at a granular level, and meet the requirements of access governance for enterprise systems, both on-premises and in the cloud." With Veza's Open Authorization API, customers can translate and visualize authorization metadata from any SaaS app, custom and in-house applications. Users can explore identity-to-data relationships through the Authorization Graph, monitor for least privilege misconfigurations and violations, and conduct comprehensive entitlement reviews for all of their sensitive data. “We specifically chose Veza because their Open Authorization API allowed us to connect to our custom internal applications. We follow the principle of least privilege, but with so many systems to review, we valued Veza’s unique ability to give us a comprehensive view quickly. They made it faster and easier for our team to review all permissions with confidence.” -Riaz Lakhani, CISO of Barracuda Networks. As an open-source project on GitHub, Veza’s Open Authorization API allows customers and partners to learn from, and build upon, each other’s work to create a control plane that reaches all data. By bringing OAA SDK and connectors available on GitHub Community, Veza empowers customers to ingest authorization metadata previously isolated in internal systems and SaaS applications. The OAA community has already created integrations for critical SaaS apps including GitHub, GitLab, Bitbucket, Jira, Zendesk, Slack, Coupa Software, Pagerduty, and Looker. These integrations are available now to all Veza customers. “Veza solves the problem of aligning identities to data,” said Craig Rosen, Chief Security & Trust Officer at ASAPP. “Veza’s Open Authorization Platform helped us extend that visibility to all the apps and data that matter most to us, like GitHub and Jira. Now it is easy for our security professionals to understand (and remediate) who has access to our important intellectual property.” About Veza Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to visualize, remediate, and control who can and should take what action on what data. We empower customers to take an identity-first approach to secure data by addressing critical business needs of streamlining identity and access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Our Authorization Graph connects identities to data across enterprise systems, enabling analysis, monitoring, and certification of end-to-end access. Global enterprises like Blackstone, ASAPP, Barracuda Networks, Choice Hotels, and a number of Fortune 500 and emerging organizations trust Veza to secure their enterprise data. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Elektrobit and Argus Cyber Security announce industry-first automotive switch firmware pre-integrated with cyber security functionality

Elektrobit | September 15, 2022

Elektrobit, a visionary global vendor of software products for the automotive industry, and Argus Cyber Security, a world leader in cyber security products and services for mobility platforms, today announced the launch of EB zoneo SwitchCore Shield, an industry-first pre-integrated solution of embedded intrusion detection and prevention (IDPS) functionality within advanced network management systems for next-generation vehicles. The joint solution is an automotive-grade switch firmware for E/E architectures that pre-integrates Argus Ethernet IDPS, a cyber security protection layer for automotive Ethernet networks, as an embedded module. This production-ready solution reduces carmakers' integration costs and risks while accelerating new vehicles' time to market. Building upon decades of automotive expertise from Elektrobit and Argus, this breakthrough solution allows carmakers to evaluate data detected and quickly determine actions required to confront an attempted cyber-attack. Adding a layer of intelligence and cyber protection to automotive Ethernet switches, facilitates the management of the growing number of network functions required to enhance the scalability, safety, and security of vehicles. By offloading network and cyber-related tasks to the switch firmware, it optimizes the microcontroller unit's computational resource consumption. EB zoneo SwitchCore Shield also enables carmakers to comply with emerging cyber security regulations, such as UN R155 and Chinese GB/T, and also takes security a step further, providing an additional layer of threat prevention via Argus Ethernet IDPS for increased interoperability with Classic AUTOSAR systems. "We developed EB zoneo SwitchCore Shield to fill the gap between the cyber security domain and the advanced networking needed for next-gen, software-defined vehicles. "We're helping carmakers to save time and money by providing a pre-integrated solution built to meet the highest levels of safety and security regulations." Mike Robertson, head of product and strategy management, Elektrobit About Elektrobit Elektrobit is an award-winning and visionary global vendor of software products and services for the automotive industry. A leader in automotive software with over 35 years serving the industry, Elektrobit's software powers over five billion devices in more than 600 million vehicles and offers flexible, innovative solutions for car infrastructure software, connectivity & security, automated driving and related tools, and user experience. Elektrobit is a wholly-owned, independently-operated subsidiary of Continental. About Argus Cyber Security Argus is a global leader in cyber security for connected mobility, providing products and services for embedded automotive systems and backend, fleet-level security functions. Founded in 2014, Argus is headquartered in Tel Aviv, Israel, with offices in Michigan, Stuttgart, Paris, Tokyo, and Seoul. Argus is an independent subsidiary of Elektrobit, a leading provider of automotive software products and services.

Read More