ESCRYPT Vehicle Security Operations Center

Integrated security solutions are the only way to reliably protect connected vehicles against cyberattacks. These have to take into account every possible risk scenario that might conceivably occur during the entire life cycle of the vehicle in order to develop and effectively implement reliable, risk-appropriate security mechanisms.

New regulations and standards like UN Regulation 155 and ISO/SAE 21434 will require manfacturers and fleet operators to monitor incidents and risks of their vehicle fleets over the entire life cycle. One essential component is the ESCRYPT Vehicle Security Operations Center (V-SOC) as part of the holistic Intrusion Detection and Prevention Solution.

ETAS delivers the ESCRYPT Vehicle Security Operations Center as a managed security service tailored to the needs of the vehicle fleet, including the integration of event sources from vehicle fleets and vehicle backend systems. The V-SOC from ETAS follows an open architecture approach and integrates all sensors in the vehicle that provide information relevant for cybersecurity monitoring.

This includes network-based intrusion detection for the CAN bus with ESCRYPT CycurIDS, automotive ethernet firewalls with ESCYRPT CycurGATE, host-based intrusion detection for Linux, QNX, and Android ECUs and support for the complex distributed IDS architectures of modern E/E architectures.

ESCRYPT CycurGUARD as essential gatekeeper

ESCRYPT CycurGUARD enables analysis of data from the entire connected fleet to identify emerging threats. With the monitoring backend product based on big data analysis technologies, this component collects and analyzes anomaly reports of vehicles in operation. ESCRYPT CycurGUARD reliably identifies acute threats, referring to an extensive and continually growing database of known attack patterns. Using ad hoc or pre-built reports helps to evaluate the safety and security of the connected fleet, identify changes, focus resources on problem areas, and get ahead of attackers.

Threat detection and threat intelligence

The threat landscape for connected vehicles is constantly being adapted as attackers keep innovating. This concerns all building blocks of a connected vehicle fleet: the vehicles themselves as well as the corresponding vehicle backend services. Threat detection makes sure to identify the attack early on and to take appropriate measures in order to restore the security level. Threat intelligence constantly acquires and compiles knowledge according to new practicable attack patterns implemented by dedicated tooling and ETAS' Automotive Security Analysts. Specialized ETAS Automotive Security Forensic Experts take over the Incident Response process and Security Analytics. In addition, ETAS provides a dedicated threat intelligence service in cooperation with well-known IT security service providers.

A holistic solution for intrusion detection and protection

ETAS cooperates with leading IT security service providers on the commissioning, infrastructure, and services of a security operations center (SOC). In this way, it pools the skills and expertise for SOC-as-a-Service with its own specialist automotive know-how and portfolio. We have taken the existing SOC infrastructure and expanded it with trained ETAS automotive security analysts and specialized forensics experts, turning it into a highly professional, market-ready, and holistic solution.

Our customers receive a vehicle security operations center as a managed security service that is perfectly adapted to the specific requirements of their connected fleet.

Your benefits

  • Advanced security analytics by ETAS' automotive forensic experts
  • Many years operational experience from the SOC provider’s IT security experts joined with ETAS’ extensive expertise in vehicle cybersecurity
  • Availability of as-a-Service solution including operation, monitoring, and response
  • Continuous monitoring of attacks in the field through market-ready and mature components from ETAS that have been combined in collaboration with the SOC provider to form a complete and integrated solution
  • Established Security Operations Center ensure worldwide coverage and are available 24/7
  • Integration of and openness to all types of in-vehicle Intrusion Detection Systems (IDS)