Frequently Asked Questions


What does Fleet Defender consider a platform?

Fleet Defender’s technology is focused on total platform intelligence. For us, this means any system that is sending traffic to multiple electronic control units or connected devices. This includes cars, trucks, trains, maritime vessels, planes, cranes, industrial control systems, aircraft, and spacecraft. We are able to work with protocols including J1939, Classical CAN (CAN 2.0), MIL CAN, NMEA2000, CAN FD, DeviceNET, ARINC 825m and SpaceWire.

Do cyber attacks against vehicles happen over the air or via physical wire?

There are many possible beachheads and vulnerabilities both physically and over the air. The Bluetooth and WIFI stack are both attack vectors. Once someone enters into a vehicle remotely, they can pivot through the network until they gain code execution at a kernel root level. Once this occurs, they have the keys to the castle. Physical attacks against a vehicle can include plugging in directly to an OBD2 port or implanting covert hardware. After gaining physical access to the CAN bus attackers are able to place an implant that they can then use to pivot through the system to the control module they are after. There has been recent news of thieves accessing the CAN bus via the headlight to override a vehicles internal security systems.



Does your system that works on CAN also work on LIN Bus?

Our core system works on CAN, LIN, Ethernet, MIL, and Space Wire. We can utilize our core to build additional plugins to adapt to the different networks. We are platform agnostic and can adapt our ML to any communication protocol.

How are you able to identify attack or probing traffic?

We don’t use signature-based modeling. Instead, we look at behavior. We Don’t collect data on attacks because we build our models to look at a specific vehicle or platform to establish a baseline of normal behavior and if anything deviates our models are able to look at it and flag it as an anomaly. This allows us to catch zero day vulnerabilities and new attacks. It allows us to avoid a cat and mouse game of constantly adapting to new attacks and instead allows us to catch any anomalous behavior. This is how our system is also able to do things like predictive maintenance and safe operation.

Do you currently offer a gateway?

We do not currently offer our own gateway however we are able to install as a software application on an existing gateway by working with the manufacturer. If you currently have a gateway manufacturer and would like to make an introduction, we can work directly with them.

What do you do with the data if there is an alert triggered?

We send the data to our SOC for analysis. We can review the data and catalog the attack if it is a known attack or identify the vulnerability. We can then share that vulnerability with our partners and OEMs to patch the vulnerability on all models.

Does Fleet Defender run on bare metal?

Fleet Defender’s software when installed as a software application at the OEM level can run on bare metal. Our system is programmed in RUST, a memory safe language utilized by the US Military. As a telematics application we exist as a containerized app on your existing telematics unit.


How do you train your models for my specific vehicles?

If we already have your vehicle cataloged in our system, we don’t need to do any additional onboard training. If we do not currently have your make and model in our system, we are able to take data from your vehicle and run it through our models in a secure azure cloud. We train them and can push those models over the air to the device. We don’t do any real time training to avoid data poisoning attacks. All training is done before the system goes into full operation.



We're here to discuss optimizing fleets and fleet cybersecurity... or anything platform intelligence!

Contact Us

Stay Up To Date On Platform Cybersecurity News*