IoT
12/13/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Upstream Security Secures $9 Million Series A Funding Round

Focuses on ramping up its cloud-based cybersecurity for connected and autonomous car fleets.

HERZLIYA, Israel – Upstream Security, pioneer of the cloud-based cybersecurity platform for connected cars and autonomous vehicles, today announced the closing of $9 million in Series A funding, led by CRV (Charles River Ventures). The round included expanded investments from Israeli-based Glilot Capital Partners and Maniv Mobility. Following a $2 million seed funding round in June, the company will use the latest investment to expand its R&D program and continue building out its world-class engineering and security research teams, and open marketing and sales offices in the United States and Europe. The company is well-resourced to secure the 60 million connected cars on the road today that include commercial trucks, vans, buses and private vehicles, as well as take advantage of the imminent explosion in connected vehicles—Gartner expects there will be 250 million connected vehicles by 2020.

 "Connected and semi-autonomous cars are already a reality, so it’s a matter of ‘when’ not ‘if’ these self-driving technologies will be deployed at scale. Upstream’s engineers were the first to solve how to protect connected cars and autonomous vehicles using the cloud, crucial for near-term and future deployment of automotive cybersecurity at the fleet level," said Izhar Armony, general partner at CRV. "We believe in Upstream’s groundbreaking approach to secure connected and autonomous vehicles and in the abilities of cybersecurity veterans, Yoav Levy and Yonatan Appel, to build a rapidly growing business in this hot, emerging space."

As connected and autonomous driving technologies become mainstream, security attacks on vehicle fleets––groups of motor vehicles owned or leased by a business, government agency or other entity––are likely to increase drastically. Upstream’s cloud-based approach to automotive cybersecurity leverages artificial intelligence and machine learning that is applied to the tremendous data sets continuously produced by vehicles. This provides customers with data protection, anomaly detection and real-time analytics of cyber attacks and vehicle fleet health. By centralizing cybersecurity in the cloud instead of in-vehicle, threats are detected and prevented before they even reach a vehicle's network.

More cars are connected to the Internet today than ever before, driving hackers to develop new and more efficient ways to infiltrate and disrupt automotive software. Today’s automotive cybersecurity solutions are in-vehicle and suffer from slow production cycles, which impede their agility as well as their ability to protect against the most recent cybersecurity threats. Upstream’s unique solution offers non-intrusive protection, effectively securing cars that are already on the road today and upgradable to stand against new cybersecurity threats and vulnerabilities in the future.

“The automotive industry is going through a massive disruption. Consequently, security solutions for the car are undergoing rapid advances at an unprecedented rate. We’re using emerging technologies like AI and machine learning to carry out an evolutionary leap in cybersecurity for passenger and commercial vehicles,” said Upstream CEO and cofounder, Yoav Levy. “Riding the wave of momentum from our recent company launch and early customer wins, this new investment round further validates our technology and approach, and will fuel our commitment to be the leading force of innovation in security for connected and autonomous transportation.”

Upstream is planning to open offices in Silicon Valley in the coming months.

In addition to this news, Levy recently spoke at KPMG’s 8th annual automotive executive forum, the 2017 Los Angeles Auto Show, which announced new research in vehicle fleet security.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.