ESCRYPT Intrusion detection and prevention solution

Increasing connectivity and automation of vehicles in combination with new regulations and standards like UN Regulation 155 and ISO/SAE 21434 will require OEMs to monitor incidents and risks of their vehicle fleets over the entire life cycle. ETAS develops and operates the ESCRYPT Intrusion Detection and Prevention Solution (IDPS) for connected fleets that enables manufacturers and fleet operators to establish a life cycle of continuous security improvements. This holistic solution ensures permanent monitoring of vehicle fleets to identify rising security threats, establish dedicated incident response, and keep the security level stable over the entire life cycle.

The threat landscape is constantly changing as increasing vehicle’s connectivity opens up new attack vectors. Attackers are also continuously perfecting their methods to undermine existing protection mechanisms and find loopholes. That’s why it’s not enough to guarantee state-of-the-art security at the point at which the vehicle rolls off the production line. Instead, security has to extend to protect against attacks during the vehicle’s entire operating life. Therefore, a solution is required to reliably detect and analyze security threats so that suitable countermeasures can be taken immediately and effectively – for the vehicle in question and, if necessary, for the entire fleet.

Holistic end-to-end solution

ETAS delivers the ESCRYPT IDPS as a managed security service tailored to the needs of the vehicle fleet. It consists of the following components:

Immune system for vehicles: ESCRYPT Intrusion Detection Systems

The ESCRYPT Intrusion Detection and Prevention Solution follows an open architecture approach and integrates all sensors in the vehicle that provide information relevant for cybersecurity monitoring. For a continuous in-vehicle cybersecurity monitoring it is recommended:

A network-based intrusion detection for the CAN bus with ESCRYPT CycurIDS is essential. This embedded software product detects anomalies and typical intrusion signatures. The calibration of ESCRYPT CycurIDS is based on manufacturer-specific configuration data (DBC/ARXML) for vehicle CAN networks. This configuration is optimized and validated by running a simulation based on the recorded network traffic and through automated analysis of detection and error rates. The result is a high detection rate coupled with a low number of false alarms. In addition components such as host-based intrusion detection for Linux, QNX, and Android ECUs and th support for the complex distributed IDS architectures of modern E/E architectures with additional products such as ESCRYPT CycurIDS-R and ESCRYPT CycurIDS-M is covered with this solution.

Automotive Firewall: ESCRYPT CycurGATE

ESCRYPT CycurGATE automotive firewall offers protection against denial-of-service attacks and supports permitted Ethernet communication throughout the domain structure. ESCRYPT CycurGATE is integrated directly into the Ethernet switch, where the entire packet flow is monitored and managed centrally – with no resulting interference with the host controller or individual ECUs. The firewall can be used on the switch either as a library or as a stand-alone solution.

Identify the attack early on: ESCRYPT Threat detection and threat intelligence

The threat landscape for connected vehicles is constantly being adapted as attackers keep innovating. This concerns all building blocks of a connected vehicle fleet: the vehicles themselves as well as the corresponding vehicle backend services. ESCRYPT Threat detection makes sure to identify the attack early on and to take appropriate measures in order to restore the security level. ESCRYPT Threat intelligence constantly acquires and compiles knowledge according to new practicable attack.

An essential gatekeeper: ESCRYPT CycurGUARD

With the monitoring backend product ESCRYPT CycurGUARD based on big data analysis technologies, ETAS offers an integrated product embedded in the Intrusion Detection and Prevention Solution for collecting and analyzing anomaly reports of vehicles in operation. ESCRYPT CycurGUARD reliably identifies acute threats, referring to an extensive and continually growing database of known attack patterns. Using ad hoc or pre-built reports helps to evaluate the safety and security of the connected fleet, identify changes, focus resources on problem areas, and get ahead of attackers.

Vehicle Security Operations Center

ETAS pools the skills and expertise for SOC-as-a-Service from leading IT security service providers on the commissioning, infrastructure, and services of a security operations center (SOC) with its own specialist automotive know-how and portfolio. Through these collaborations existing SOC infrastructures are expanded by trained ETAS automotive security analysts and specialized forensics experts to turn it into a highly professional, market-ready, and holistic solution.

Our customers receive an ESCRYPT Vehicle Security Operations Center as a managed security service that is perfectly adapted to the specific requirements of their connected fleet.

Your benefits

  • Delivery as an end-to-end one-stop-solution tailored to the needs of the vehicle fleet
  • Combination of years of expertise and distinctive operational excellence from IT security by the SOC provider and ETAS‘ automotive cybersecurity expertise
  • Rollout of countermeasures via updates for the entire fleet
  • Holistic offering that covers in-vehicle intrusion detection (IDS) as well as vehicle backend, threat detection and dedicated SOC services
  • Ten established Security Operations Center ensure worldwide coverage and are available 24/7
  • Integration of and openness to all types of in-vehicle Intrusion Detection Systems (IDS)