Upstream Security, a provider of cybersecurity extended detection and response (XDR) for connected vehicles and IoT, today announced that Cisco Investments has become a strategic investor. The new funding is said to amplify the need for purpose-built IoT cybersecurity solutions that can safeguard the mobility and IoT ecosystem across the entire development and production lifecycle.

“This investment provides a unique opportunity to deepen our impact on the IoT sector, and more specifically mobility, automotive, and transportation,” said Yoav Levy, Upstream Security Co-founder and CEO.

The company already protects millions of connected vehicles and IoT devices worldwide, offering a cloud-based multi-layered approach to extended detection and response.

“Together with our partners, Cisco is enabling automobile manufacturers across the globe to provide mission-critical, secure connectivity as cars transform into data centers on wheels,” said Aleem Rizvon, Cisco Investments Vice President. “With an expected 95% of new vehicles having embedded connectivity by the year 2030, we can also expect a rise in automotive cybersecurity threats. Investing in solutions, to ensure the right safeguards for secure connectivity and operation are in place, is critical to instill the trust needed for wide adoption of the technology, not just in the automotive segment, but more broadly for other IoT applications.”

The proliferation of complex IoT devices in the mobility, automotive, and transportation sectors introduces operational efficiencies, data-driven services and solutions, and improved customer experience. However, advanced connectivity and software-defined components also open the door for large-scale cyber risks, threatening business availability and data integrity.

Upstream’s cloud-based IoT XDR platform analyzes, in real-time, the contextual state of physical IoT (Internet of Things) assets and their connected ecosystem to identify and mitigate cyber risks. The platform is agentless, requiring no software or hardware installation, enabling rapid deployment and comprehensive coverage of devices already in production. It ingests, parses, and normalizes vast amounts of connected vehicle data, IoT protocols, telematics, API (application programming interface) transactions, and other data streams from tens of millions of devices, endpoints, and application consumers.

These data enable the creation of unique digital twins—near real-time representations of devices and endpoints, facilitating holistic and effective detection. By monitoring devices, services, and overall asset behavior, the platform detects both known and unknown anomalies based on proprietary machine-learning-powered models.

Coupled with a vehicle security operation center (vSOC) dedicated for monitoring and investigating connected vehicles and IoT cyber threats, Upstream provides a suite of cybersecurity solutions and services to enable customers to proactively identify and remediate cyber threats. Using the company’s Ocean AI, Generative AI-powered capabilities, accelerates the investigation remediation process.

Upstream recently published its 2024 Automotive Cybersecurity Report, providing a detailed analysis of the cyber landscape across the automotive and mobility ecosystem, emerging risks, and the evolving regulatory landscape. The company says that connectivity is continuing to transform the automotive and smart mobility ecosystem, increasing cybersecurity risks as more functionality is exposed.

In 2023, automotive and mobility cybersecurity witnessed a dramatic shift toward large-scale incidents. The proportion of incidents with a “high” or “massive” impact dramatically doubled from 2022 to 2023, accounting for nearly 50% of all incidents, while 95% of attacks were remote and 64% of attacks were executed by black hat actors.

The motivations of threat actors have also shifted towards scale and massive impact. The company says that 65% of deep and dark web cyber activities had the potential to impact thousands to millions of mobility assets, while 37% of deep and dark web cyber activities had the potential to impact multiple stakeholders on a global scale.

OEMs have taken a multifaceted approach to protecting connected and software-defined vehicles as well as IoT/OT assets. With frequent OTA (over-the-air) updates, the SBOM (software bill of materials) is no longer static—constantly evolving long after a vehicle leaves the factory—and risk profiles continuously change. The growing reliance on backend systems highlights the urgent need for OEMs to safeguard both the software components and sensitive data. Generating AI (artificial intelligence) has the potential to transform automotive cybersecurity solutions and operations, enabling agile investigations, automating vSOC workflows, and even generating complex insights based on deep and dark web data and in-depth TARA (Threat Assessment & Remediation Analysis).

The report provided a few predictions for 2024.

The competitive advantage in the automotive industry will continue to be driven by digital transformation, requiring stakeholders to secure APIs and expand vSOC coverage to monitor API-related threats.

Generative AI will have a profound impact on automotive cybersecurity stakeholders, introducing new large-scale attack methods, but also equipping stakeholders with advanced detection, investigation, and mitigation capabilities.

Initial signs of regulatory fatigue will set in, amid the maturity of UNECE WP.29 R155 and the abundance of new regulations emerging worldwide, mainly in China.

OEMs and CPOs (charging point operators) will continue to deepen cybersecurity risk assessments and deploy cybersecurity solutions to protect strategic EV charging infrastructure.