Turning connected vehicle data into actionable security intelligence

Connected vehicles generate enormous amounts of security-related telemetry.
But data alone does not create cybersecurity value.

DXC Technology and asvin combine in-vehicle cybersecurity detection with AI-driven Cyber Threat Intelligence (CTI) to transform raw vehicle telemetry into contextualized, risk-qualified security insights.

By connecting vehicle-level detection with intelligent threat analysis, the partnership enables a continuous cybersecurity chain — from detection inside the vehicle to informed response in automotive Security Operations Centers (SOCs).

The Challenge

Connected vehicles create data. Security teams need intelligence.

Modern vehicles generate massive amounts of security telemetry across increasingly complex software and electronic architectures.

However, traditional backend-centric security approaches often lack the vehicle-specific context required to distinguish relevant threats from normal activity. The result is increased noise, false positives, and slower incident response.

At the same time, AI-enabled attack methods are increasing the speed and sophistication of cyber threats. Combined with growing regulatory requirements such as UNECE R155/R156 and ISO/SAE 21434, automotive organizations need a continuous cybersecurity approach that connects in-vehicle security engineering with Cyber Threat Intelligence.

The challenge is clear: turning large volumes of vehicle data into meaningful security decisions.

The Solution

Bringing cybersecurity intelligence closer to the vehicle

DXC Technology and asvin bridge the gap between vehicle-level detection and backend threat intelligence.

DXC Luxoft applies TARA-based risk analysis and tailored Intrusion Detection and Prevention System (IDPS) logic directly within the vehicle to generate curated, context-rich security events.

Instead of forwarding raw telemetry, vehicles can provide security intelligence linked to relevant threats, attack paths, and monitored assets.

asvin complements this approach with an AI-driven Cyber Threat Intelligence platform that correlates vehicle-generated security events with external threat intelligence sources. This enables faster identification, prioritization, and analysis of relevant cybersecurity risks.

By combining automotive cybersecurity expertise with contextualized threat intelligence, the partnership creates a continuous detection-to-response workflow — helping security teams make better-informed decisions and proactively protect connected vehicle fleets.

Six steps from detection to automated containment

1.

DETECT

Monitor security events, perform Intrusion Detection & Prevention, and build Context Data to boost CTI efficiency — then qualify the data.

2.

REPORT

Data from ECUs and vehicles is reported to the backend.

3.

ANALYZE

Mass data is analyzed across multiple sources — vehicle, commercial, dark web and more — not just a single vehicle.

4.

CTI ANALYTICS

asvin CTI operates across all vehicles and every data source, with boosted efficiency to raise security alerts.

5.

DXC BACKEND SECURITY INTELLIGENCE

Runs in two directions: analyze alerts to trigger OEM Incident Response, and use security intelligence to trigger containment on affected vehicles.

6.

CONTAINMENT ACTION

The containment action is received and executed by affected vehicles — giving immediate containment of potential threats.

Vehicle-to-Backend CTI Architecture

Analysis process — monitor ECU-specific vehicle security events; flag Confirmed (negative security impact) and Suspicious (security-sensitive) activity.

MONITORED EVENTS (EXAMPLES)

  • Diagnostic Security Access Attempt Failed
  • Secure Boot Failed
  • Authorized Debug Interface Unlocking Detected
  • Android User Data Partition Corrupted
  • Android Corrupted Maps Downloaded

PLAYBOOK DECISIONS (EXAMPLES)

  • Temp Block of Debug Interfaces
  • Temp Block of Selected Communication
  • Feature Degradation
  • Update Security Credentials
  • Special Procedures Execution

The Outcome

From security data to actionable insights

The DXC Technology and asvin project demonstrates how combining in-vehicle detection with AI-driven Cyber Threat Intelligence can transform raw telemetry into risk-qualified security intelligence.

Integrated into existing OEM data flows, the solution helps reduce security signal noise, accelerate threat analysis processes, and improve the efficiency of backend security operations.

The result is a scalable approach designed to support fleet-wide cybersecurity, regulatory requirements, and modern automotive SOC operations.

Key Benefits:

  • Reduce security noise
  • Transform raw vehicle telemetry into contextualized security insights.
  • Improve threat prioritization
  • Identify relevant risks by combining vehicle intelligence with external Cyber Threat Intelligence.
  • Accelerate analysis and response
  • Provide security teams with meaningful information instead of overwhelming volumes of raw data.
  • Enable continuous automotive cybersecurity
  • Connect vehicle-level detection with backend security operations in a continuous cybersecurity chain.

A stronger cybersecurity foundation for connected vehicles

As vehicles become increasingly connected and software-defined, cybersecurity requires more than collecting data.

The future of automotive security depends on transforming data into intelligence — and intelligence into action.

DXC Technology and asvin enable this transition by connecting vehicle-level security detection with AI-driven Cyber Threat Intelligence.