By leveraging the power of the network and vehicle data Cisco and Upstream are driving a new era of AI-powered capabilities in the mobility ecosystem, transforming the way automakers and mobility providers secure, monitor, and optimize their connected assets. We are integrated with Secure Access DNS security (Umbrella), Splunk and Cisco IoT Control Center. Together we provide overall visibility and observability for IoT, connected vehicle and network data. Providing the “what” and the “why” an incident occurred all with context in a digital twin on one timeline. Finally we can trigger a proactive response for mitigation via network controls or automated playbooks.
Overview
Product Integrations
● Cisco Secure Access / Umbrella
Combining DNS Security, Network anomalies and IoT/vehicle behavior e.g. data exfiltration through excessive network usage to a new domain following component replacement (ECU, TCU). The integration fuses the application traffic monitored by Umbrella together with asset level security data to provide a multi-layered XDR approach to improve observability. The integration is two way meaning that a playbook can be triggered from Upstream to Umbrella to disable DNS tunneling to a compromised domain.
There are two options for integrating the alerts from the Umbrella to Upstream, "push" and "pull".
"Push" - Configure Umbrella to automatically and continuously export its logs to an Amazon S3, Azure blob storage or Google cloud storage and then the Upstream platform ingests the logs from that bucket.
"Pull" - Configure API key in Umbrella management and use it to query alerts from the tenant. This is a simpler method to get the alerts actively.