Guarding the Lanes: Eviden and Argus Join Forces to Fortify Automotive Cybersecurity
Connected cars and software-defined vehicles are revolutionizing the way we drive. While new technologies enhance our driving experience and improve safety, increased vehicle connectivity also exposes cars to greater cyber security risks.
By exploiting software vulnerabilities, bad actors can compromise safety-critical systems (e.g., braking), access personal data, or even start a car from a remote location. This was demonstrated in the infamous Tesla hack, where a 19-year-old IT specialist exploited a vulnerability in a third-party app to gain remote control of multiple vehicle functions. The latest trend in car theft – a hacking technique known as “CAN Injection” – allows thieves to unlock, start, and steal a car in under two minutes without access to a key.
How Data Privacy Regulations Affect OEMs
Data privacy is a key aspect of vehicle connectivity. Car data can help OEMs understand their customers better, but also poses ethical and legal challenges. OEMs need to comply with data protection laws, such as GDPR and CCPA, that require consent, security, and transparency when handling personal data from vehicles.
By following data privacy regulations, OEMs can avoid risks and build trust with their customers. They can also use data privacy as a way to innovate and differentiate their products and services. By applying privacy-by-design principles and reliable security solutions, OEMs can create more user-centric and secure solutions that meet customer expectations.
Why OEMs Need a Vehicle Security Operations Center (VSOC)
Cyber-attacks on vehicles bear a significant financial impact on OEMs – from costly recalls and regulatory issues to liability and reputation damage. Cyber-enabled car theft also means more claims against insurance companies, which in turn are raising their premiums for consumers and fleet operators.
Reflecting these real threats, new automotive cyber security regulations, such as UNR 155, require OEMs to implement systems to detect, monitor, investigate, and respond to cyber-attacks. In July 2024, all new or existing vehicle types will be subject to UNR 155 type approval for cyber security.
As a result, OEMs are ramping up their cyber security capabilities and implementing systems to help them comply with emerging automotive cyber security regulations and standards.
Over the past few years, OEMs have come to realize that their existing IT SOCs are not yet optimized to handle the scale, complexities, and challenges of automotive cyber security. These include the need to protect millions of endpoints, 12–15-year vehicle lifespans, a highly complex supply chain, stringent compliance requirements, and a costly mitigation process.
Most importantly, unlike IT cyber-attacks that target networks and data, the implications of an automotive cyber-attack can be potentially life-threatening. Just imagine a scenario where a malicious hacker compromises a vehicle’s braking system.
With lives at stake and millions of connected vehicles already on the road, OEMs require Managed Detection and Response (MDR) solutions to monitor fleets in real-time and detect potential threats before they impact the vehicle. Accordingly, OEMs are building dedicated Vehicle SOCs (VSOCs) to monitor, investigate, and respond to cyber-attacks in real time.
The Solution: Streamlined MDR Service Tailored for Automotive Cybersecurity
Combining Expertise for Unmatched Protection: Eviden and Argus have joined forces to deliver a best-in-class, end-to-end MDR service specifically designed for automotive cyber security. This comprehensive solution seamlessly integrates Argus’s deep understanding of automotive vulnerabilities and technology with Eviden’s proven Managed Detection and Response (MDR) expertise.
Enhanced Visibility and Threat Detection: The service leverages Argus’s Vehicle SIEM, alongside a wealth of automotive-specific use cases, playbooks, and 100+ AI models with Eviden’s MDR platform AIsaac Cyber Mesh to maximize threat detection and visibility across entire vehicle fleets. The vSIEM from Argus is integrated with AIsaac where it ingests vast amounts of data from millions of sensors and components, utilizing advanced ML and big data algorithms to analyze for potential cyber incidents. This in-depth analysis provides crucial context, pinpointing the attack source, breach location, potential impact, and more.
Proactive Threat Hunting and Rapid Response: Eviden’s MDR service goes beyond passive detection with continuous threat hunting across multiple vectors, including users, networks, cloud, and data centers. Its arsenal of over 100 AI models, coupled with Amazon Bedrock’s generative AI engine, accelerates investigation and response orchestration. Additionally, the joint solution with Argus enables swift containment of threats to minimize potential damage.
Expert Collaboration for Unbeatable Defense: The MDR service draws upon Eviden’s team of elite security professionals, including threat hunters, forensic investigators, ethical hackers, and incident responders, who collaborate seamlessly with Argus’s automotive cyber security researchers. This expertise ensures comprehensive threat detection and response for OEMs of all sizes.
Global Support and Scalability: Eviden’s robust operational infrastructure, featuring 16 next-generation SOCs strategically located worldwide, ensures unwavering support for any OEM, regardless of scale or location.
In essence, Eviden and Argus offer an unparalleled MDR solution tailored to the unique demands of automotive cyber security. This collaboration delivers enhanced visibility, proactive threat hunting, rapid response, and expert guidance, empowering OEMs to confidently navigate the ever-evolving landscape of cyber threats.
The Secret Sauce: Automotive Know-how
Best-in-class technology, processes, and skilled resources are important, but the secret ingredient for a truly effective VSOC service is automotive know-how.
A deep understanding of vehicle architectures, protocols, and networks together with experience in cyber technologies and research is essential for knowing what data to assess to deduce actionable insights related to cyber risk.
Our joint automotive MDR offering reflects deep automotive know-how gained through over 600+ person-years in automotive cyber security technologies and research. This domain knowledge and Eviden’s deep industry expertise in its SOCs results in a high rate of detection with minimal false positives.
Eviden and Argus: Better Together
Eviden and Argus offer OEMs a comprehensive VSOC/MDR service including threat hunting, incident management, and SOC operations. Combining Eviden’s cyber security and SOC expertise with Argus’ in-depth automotive cyber security knowledge, this partnership creates a best-of-breed solution that meets the evolving cyber security needs of the automotive industry.
This joint solution enables vehicle manufacturers to proactively detect and respond to ever-increasing cyber threats, reducing risks and helping them comply with new automotive cyber security regulations.
