Israel-based Upstream Security, a cybersecurity company targeting solutions for connected vehicles, closed a $30-million Series B funding round led by Renault Venture Capital and including Volvo Group Venture Capital, Hyundai, Hyundai AutoEver, Nationwide Ventures and others. Original Upstream investors Charles River Ventures, Glilot Capital and Maniv Mobility all participated in the round.

The funding from the Series B brings the total investment in the company to $41 million.

Upstream’s solution

Our mission is to protect every connected vehicle and smart mobility service on the planet—the completion of our funding is perfectly timed to meet the growing demand for our data driven cloud-based platform, providing our customers with the capabilities they need to accomplish this vitally important task.

—Yoav Levy, Upstream Security Co-founder and CEO

Market research shows that there will be substantial growth in the market for cybersecurity solutions for connected vehicles in the coming years.

The inherent risks in connected cars were in the headlines multiple times over the past 18 months culminating with consumer groups identifying connected vehicles as a potential national security threat. Earlier this year a report published by Upstream Security outlining the automotive threat landscape spanning the past decade demonstrated that multiple stakeholders ranging from OEM vehicle manufacturers to commercial and public sector fleets have been targeted.

In many cases attacks were executed indirectly via connected services and applications and from long distance.

Establishing a security framework for connected cars entails a multi-layer approach that secures both the vehicles as well as the infrastructure connecting them. With prolonged time-to-market and limited coverage of in-vehicle security solutions, the Upstream C4 (Centralized Connected Car Cybersecurity Security) platform solves this fundamental problem by enabling OEM car manufacturers and fleets to detect, to monitor and to respond to attacks targeting any part of the connected vehicle framework—even for vehicles already on the road.

Upstream C4 is deployed in the Automotive Cloud; in the demarcation point between the operational network and the IT network, ensuring protection of the communication data between the vehicles and command and control servers. Upstream leverages deep protocol understanding of the communications between data centers and fleets in order to detect, interpret and alert in real-time of any threats to the fleet.

In the C4 system, four types of security engines fuse and analyze the data from multiple sources to detect threats:

• Protocol Security Engine. Detects threats within vehicle-server and server-vehicle communications. Operating at the protocol level, this engine identifies threats that target the protocol and application layer. Using deep application layer protocol inspection, the inspection includes syntactical examination and comparison of message types and values to the application profile.

• Transactional Security Engine. Identifies communication patterns and detects sequence anomalies between vehicle-server, server-vehicle and mobile app communications. The transaction-level engine monitors the correctness and completeness of functional transactions (such as a remote unlock door transaction) and technical transactions (such as OTA updates). Transaction anomalies might indicate server or vehicle hacking attempts or attempts to breach fleet policies.

• Contextual Security Engine. Detects anomalies within the current vehicle status within its context. The contextual-level engine identifies complex threats in a given context. These threats might look valid in the protocol or transaction levels, but taking into account the state of the vehicle and its current context, a threat can be identified (such as a remote shut down engine command being sent to a vehicle while it is traveling)

• Behavioral Security Engine. Detects anomalies in driver, vehicle, communication and fleet behavior. The behavioral-level engine uses Machine Learning and big-data Artificial Intelligence analytics technologies to automatically learn the normal behavior of driver and vehicle patterns across the fleet. It detects the types of anomalies that might indicate a fleet-wide attack, fraud or misuse. The engine also identifies anomalies in the amount of traffic within the communication channels to identify types of threats that have an impact on the network.

Securing our customers’ connected vehicles is always top of mind for Volvo. We have chosen to invest in Upstream because they have a great vision for addressing this unique sector, an impressive management team and serious depth in both automotive domain expertise and cybersecurity.

—David Hanngren, Investment Director at Volvo Group

Upstream Security is the first cybersecurity solution designed specifically for protecting connected vehicles from cyber-threats or misuse at rest and in motion. Protecting connected cars is a complex problem involving multiple layers (driver, telematics, mobile application, vehicles, fleets), mountains of data flowing at high speed and a specialized and discrete understanding of smart mobility business and usage type.