Omdia, a technology research organization within the Informa Tech group, published a report in May 2023, mentioning VicOne’s solution portfolio as a proactive approach for automotive manufacturers (OEMs) to tackle cyberthreats through VicOne’s detection and response platform, which uses the MITRE ATT&CK® framework to boost the capabilities of vehicle security operations centers (VSOCs).
In the report, titled “Extending Security Posture to the Connected Vehicle” and authored by the analyst Hollie Hennessy, Omdia describes VicOne’s platform as an approach that “can integrate data from on-board ECU intrusion detection systems and vulnerability management systems.” Omdia adds that this “results in comprehensive threat and vulnerability detection and can accelerate the root-cause analysis process, thus improving the VSOC’s threat detection, investigation, and response effectiveness as well as its remediation options.”
The report depicts the current connected cars landscape as experiencing rapid growth, referencing Omdia’s forecast that estimated the number of connected cars worldwide to increase from 230 million in 2021 to 571 million by 2025. In addition, the report notes the steep and steady rise in the number of malicious programs aimed at the vehicle ecosystem, according to the AV-TEST Institute: from 65 million in 2011, it went up to 1.1 billion in 2020.
Present circumstances therefore bring to the fore the need for OEMs to comply with new cybersecurity standards and regulations while stakeholders grapple with emerging cyberthreats as the number of connected cars and the attack surface continue to grow.
Given the end-to-end involvement of OEMs and suppliers in the design and production of vehicles, the report highlights their collective responsibility in securing connected cars throughout the vehicles’ life cycles. It states that OEMs and suppliers “have the opportunity to implement security measures in the design and production phases and to establish the operational infrastructure necessary to keep vehicles secure once they are sold.”
Omdia’s report sums up the key challenges that OEMs are facing as follows:
- As aggregators of software content in components, OEMs need solutions that can safeguard the security of software in their supply chains.
- Throughout a vehicle’s life cycle and amid an evolving threat landscape, OEMs must ensure the integrity, confidentiality, and availability of the plethora of data associated with the vehicle.
- OEMs need to comply with new rules and regulations that may evolve and differ across separate geographical regions.
The report also asserts that “gaining visibility across new software-based end-to-end architectures, IP-addressable ECUs, and new forms of connectivity (5G, etc.) is a daunting challenge” and that these elements, “though they create new vulnerabilities, can also be used as the foundation of an end-to-end security solution.”
VicOne’s capability to leverage the tactics, techniques, and procedures (TTPs) in the MITRE ATT&CK framework on its platform provides centralized visibility with actionable intelligence over complex vehicle ecosystems. This enables OEMs to accurately detect threats by analyzing cross-layer data and respond to evolving threats. VicOne’s solution portfolio helps OEMs create security strategies that not only conform to regulatory requirements but also provide protection from future cyberattacks.
VicOne’s MITRE ATT&CK–inspired Automotive Attack Mapping ensures the accuracy of detection engines and generates detection rules and machine models. As a result, false positives are minimized as this optimizes security analysts’ workload by helping them:
- Identify the root cause of issues across the connected car ecosystem.
- Better understand the attack context and attack path across different electronic control units (ECUs).
- Detect potential threats before the attack chain is fully executed.
This can expedite investigations, enabling analysts to identify system risks and vulnerabilities preemptively.
VicOne’s cloud-based extended detection and response (XDR) platform, xNexus, can analyze cross-data for VSOCs to help build awareness mechanisms and early warning for incoming attacks. By combining data from VicOne’s xCarbon (on-board intrusion detection and prevention system) and xZETA (cloud-based vulnerability management tool), xNexus can achieve advanced threat correlation — including high-fidelity telemetry from multiple vehicle endpoints, system events, ADAS-related events, and firmware vulnerability information, all consolidated on one platform, providing more context and information for rapid threat investigation.
Backed by 30 years of cybersecurity experience from Trend Micro, VicOne’s automotive cybersecurity solutions use the latest technologies like behavior monitoring and detection and response to help automotive stakeholders secure connected cars and comply with regulatory requirements.
“Extending Security Posture to the Connected Vehicle”
Author: Hollie Hennessey, Omdia Senior Analyst, IoT Security
Publication date: May 2023