Yoav is leading Upstream’s strategic direction, culture and business execution, bringing 17+ years of experience with multi-national high-tech companies and start-ups. He brings rich leadership experience in management, marketing and business development of IT and security products spanning over a dozen years of experience in leading vendors such as Check Point, Juniper Networks and Broadcom. Yoav is an avid kite and wave surfer.
In this interview, Yoav Levy, Co-Founder and CEO of automotive cyber security company Upstream Security, shares insights into vehicle security innovation, the automotive threat landscape, how large volumes of data are protected, where the automotive cyber security industry is headed and so much more.
Upstream Security currently monitors and secures over 12 million vehicles from some of the top OEMs globally, and its customers include leading OEMs, automotive suppliers, and mobility service providers. Earlier this year, the company secured $62M in Series C funding in order to expand and scale successfully.
How is Upstream changing the future of automotive cyber security?
Upstream ensures trust in the connected vehicle ecosystem and helps automotive stakeholders to offer safe and secure smart mobility services, mitigate cyber threats, and comply with cyber security regulations.
Upstream introduced a fundamental, innovative shift in the approach to connected vehicle cyber security with the first cloud-based data management platform purpose-built for connected vehicles. The Upstream platform is agentless; no need to install hardware or software in vehicles, and delivers unparalleled automotive cyber security detection that enables OEMs to effectively respond and mitigate a wide range of cyber security threats and attacks.
Our experience and success with cloud-based automotive cyber security have led us to recognize that connected vehicle data has potential far beyond cyber. As such, we aspire to help the automotive and smart mobility stakeholders utilize the latent value detected in their data to not only secure vehicles but also to optimize, enhance, and further monetize their connected cars, trucks, fleets, and services.
How do you secure without deploying hardware or software (cloud technology)?
Upstream’s cloud-based platform ingests connected vehicle data from OEMs or other telematics providers, normalizes and cleanses it, and builds vehicle digital twins. We leverage ML-powered detection to identify relevant anomalies that may indicate known and unknown threats. These capabilities enable our customers to utilize purpose-built and customizable cyber security detection and response and advanced analytics applications for multiple use cases. These include unparalleled cyber threat detection, layered investigations, flexible querying, reporting, automated workflows, predictive maintenance, insurance, business intelligence, data quality validation, and more.
How many vehicles do you protect and who are your business partners?
Upstream already monitors and secures over 12 million vehicles from some of the top OEMs globally, and its customers include leading OEMs, automotive suppliers, and mobility service providers.
What are the top emerging cyber security threats as they relate to connected cars?
The more we connect things, the more vulnerabilities in one thing affect others. It is definitely the case when it comes to software-defined and connected vehicles. Connectivity is not only a means to attack. It also enables attacks at scale. The internet is a massive tool for making processes more efficient, including cyber attacks. The advanced features of vehicles eliminate the need for physical proximity and enable hackers to access vehicles’ data and to control them without ever coming close to the vehicle.
- EV charging infrastructure adds new potential attack surfaces and poses a risk to EV adoption and fleet electrification.
- Connected vehicles and the smart mobility ecosystem are increasingly vulnerable to cyber attacks through APIs, which are how applications gain access to vehicle data and controls.
What solutions are under development or currently available to assist with such challenges?
The Upstream Platform enables customers to build connected vehicle applications by transforming highly distributed vehicle data into centralized, structured, contextualized data lakes. Coupled with AutoThreat® PRO, the first automotive cyber security threat intelligence solution, Upstream provides industry-leading cyber threat protection and actionable insights seamlessly integrated into the customer’s environment and vehicle security operations centers (VSOC).
Upstream is developing additional applications to meet the rising demands of the automotive industry. We offer applications like data quality, API security and monitoring, FOTA monitoring, production, and quality monitoring, as well as cyber security for EV charging stations.
Upstream’s experience and success with cloud-based automotive cyber security have allowed the company to recognize that connected vehicle data has potential far beyond cyber. As such, Upstream helps automotive industry stakeholders utilize the latent value detected in their data to not only secure vehicles but also optimize, enhance, and further monetize their connected cars, trucks, fleets, and services.
Hackers are after data. Explain vehicle data revenue streams and how data is protected.
Based on McKinsey’s analysis, OEM revenue growth is significantly driven by recurring services. These innovative revenue streams are expected to increase OEM revenue by 30 percent over the next decade. These services are data-enabled and shared mobility services, all of which rely on data to be operated, optimized, and ultimately provided to users who pay a subscription fee.
To protect the massive amount of data generated by connected vehicles, you need to monitor, detect and respond to cyber attacks. But in automotive, this also requires a holistic, contextualized view of smart mobility assets on the individual and fleet-wide level to identify vulnerabilities since what makes sense on the individual vehicle level may indicate an attack on the fleet level.
In what direction is the automotive cyber security industry headed?
Automotive cyber security is shifting from anti-virus or firewalls, focusing on defending internal assets, to an XDR approach, with detection and response to threats and attacks and constant monitoring of assets. A cloud-native platform built on big data infrastructure provides security teams with the flexibility, scalability, and opportunities for automation to mitigate and respond to threats effectively.
You once worked for Check Point, which sponsors CyberTalk.org. How did this influence your professional trajectory, if at all?
I worked together with my partner Yonatan in Check Point more than 20 years ago in the firewall team. The experience in Check Point helped me to understand the roots of network and application security, which is an important baseline to what we do today at Upstream. I worked with the smartest people in the industry and learned a lot during that time.
Is there anything else that you would like to share with CyberTalk’s executive-level audience? When you’re choosing your next vehicle, you should also pay attention to the level of security the vehicle has as eventually it can impact your own safety.