Automotive security is moving beyond gateways. It is moving towards in-vehicle cybersecurity and embedded safety detection. While traditional automotive security measures such as central locking systems or secure key management still stand crucial for safety, vehicle platform architects and VSOC managers are moving towards security by design. This blog delves deeper into why and how modern vehicles and ECU firmware teams are turning toward in-vehicle cybersecurity through intrusion detection and prevention systems.

The Real-time In-Vehicle Cybersecurity Solution

As vehicles evolve into rolling data centers, with over millions of lines in code, multi-domain ECUs, and continuous connectivity, their attack surface grows with every new feature. Automotive OEMs and Tier-1s shifting towards secure-by-design SDVs and are not limited to software defined vehicles. Rajiv Mody, CMD and CEO, Sasken Technologies, recently shared his insight into this shift. He mentioned, “Modern vehicles are significantly more exposed to cyber threats than they were a decade ago. With over 100 million lines of code, multiple wireless interfaces, cloud connectivity, and over-the-air updates, today’s cars are essentially computers with wheels. The systems, which were once isolated, like infotainment, telematics, advanced driver assistance systems (ADAS), and powertrain, have become a part of a broader system.” This shift is encouraging OEMs to expand their In-vehicle cybersecurity capabilities and not solely rely on perimeter defenses or passive compliance documentation. To truly secure a vehicle, cybersecurity must move inside the ECU, onto the vehicle network, and into the runtime memory. Our experts realize the gravity of this shift. After months of collaborating with industry leaders and experts, brainstorming with our global engineering team, we built an automotive cybersecurity solution that detects intrusion in real-time. The solution is designed specifically for modern E/E architectures and engineered to operate in production environments without disrupting critical functions. CTA: Curious to know more about Sasken’s IDPS Solution? Reach out to our experts today!

What is Sasken’s In-Vehicle IDPS?

This is this In-Vehicle IDPS system like a smart home security system but for your car’s brain. Just like a smart home security system monitors doors, and detects motion in the house, our in-vehicle IDPS monitors every touchpoint in your vehicle’s electronic control system (ECS). This lightweight, embedded security system resides in the ECS environment in real-time at the application and memory level. It is capable of:

• Deep packet inspection and behavioral anomaly detection over CAN, Ethernet, and diagnostics interfaces.
• Runtime memory protection, including detection of unauthorized memory access and code injection attempts.
• System call monitoring to detect privilege escalation or sandbox escapes.
• Forensic-level telemetry logging for root cause analysis and incident correlation.
• Support for OTA updates and policy fine-tuning for adaptive threat response.

This system is built keeping in mind global compliance standards and is compliant with ISO/SAE 21434, UNECE R155, and AUTOSAR Classic & Adaptive security architecture principles. The solution is already in production deployment with global OEMs and Tier 1 suppliers, demonstrating its maturity, scalability, and effectiveness in real-world automotive environments. As vehicle platform architects, cybersecurity leaders, and VSOC managers, we understand your priority for robust and field-tested architecture. Keeping this in mind, our experts enable customers with a top-tier managed Vehicle Security Operations Center (vSOC) service that complements the IDPS, enabling continuous threat detection, monitoring, and response.

Why is Embedded IDPS is Critical?

“Cybersecurity is not merely closing gaps in the code running inside the vehicle, rather it is a practice that needs to be adopted right from the conceptualization phase of the product. However, early mitigation is essential, where “security by design” must be implemented from the initial phases. This includes having security controls starting from the concept and design stages.” Continued Rajiv. Traditional automotive security approaches rely heavily on perimeter-level defenses, primarily at the gateway. Once past the gateway, lateral movement into unmonitored ECUs becomes possible. Sasken’s In-Vehicle IDPS assures:

• Real-time threat visibility inside ECUs and across internal vehicle communications
• Micro segmentation and isolation for mission-critical functions
• Low-latency response capabilities co-located with the protected assets

Why Trust Sasken?

Our value is not just in detection algorithms, it lies in our ability to make IDPS deployable, efficient, and certifiable within complex vehicle platforms.

• Embed our IDPS into IVI, TCU, gateway, ADAS, and powertrain ECUs.
• Adapt and validate integration with AUTOSAR Classic/Adaptive, QNX, Linux, and Android Automotive.

• Optimize memory, CPU usage, and I/O latency for constrained processors.
• Profile runtime impact and ensure compatibility with existing ECU services and diagnostics.

• Define hybrid detection models: agent-only vs agent+gateway.
• Map zonal vs domain controller topologies for distributed deployment.

• Develop OEM-specific detection logic based on TARA methodology.
• Fine-tune detection thresholds to reduce false positives and missed alerts.

• Integrate into HIL, SIL, and virtual test rigs.
• Generate coverage reports, test evidence, and traceable security metrics for certification.

• Correlate ECU-level events with fleet behavior through customer SOC/SIEM.
• Enable data export pipelines to cloud-native analytics or in-house VSOC systems.

Let’s look at a few real-life use cases from across domains to understand the importance of IDPS better.

Use Cases

• Infotainment & IVI: Detect app spoofing, USB exploits, and unauthorized firmware modifications.
• Telematics Units:Monitor for unauthorized diagnostic sessions, cellular injection attempts.
• ADAS Systems:Flag abnormal sensor data patterns or protocol abuse.
• OTA Pipelines:Detect rollback exploits, integrity violations during firmware updates.
• Zonal Controllers:Provide edge-local threat detection with fleet-wide policy sync.

Compliance-Driven, Deployment-Ready

Sasken’s IDPS offer includes structured support for:

• CSMS/SUMS documentation under UNECE R155/R156
• TARA-based threat analysis and traceability mapping
• Security testing and evidence generation aligned with ISO/SAE 21434 Part 7

We act as both your engineering integrator and compliance co-pilot.

It's a Security Mindset

Sasken’s IDPS approach doesn’t just stop at deploying an agent. We ensure that it's optimized, tested, validated, and integrated into the vehicle lifecycle, from development and diagnostics to updates and decommissioning. With growing regulation and rising attack sophistication, having in-vehicle visibility, real-time protection, and compliance-ready infrastructure is essential for any player in the automotive value chain.