Cyberhaven Cookie Policy
This website stores cookies on your computer to enhance your browsing experience, analyze site usage, and assist in our marketing efforts.
Accept
February 4
1pm ET / 10am PT
Learn More
With a TraceCyberhaven Engineering

With a Trace

Industry news
Published date:
7/24/2025

America’s AI Action plan has arrived: 3 key takeaways that data security leaders need to know

On July 23rd, the White House released America’s AI Action Plan, a sweeping federal strategy to drive U.S. leadership in artificial intelligence. The message was loud and clear: AI is a national imperative. The plan calls for removing regulatory barriers, investing in infrastructure, and accelerating AI adoption across commercial and government sectors. For data security leaders, this signals a pivotal shift.

7/11/2025

Fireside Chat: Breaking Free from Legacy DLP

There’s a silent frustration building inside security teams today. It’s the fatigue of defending critical data with tools that can’t keep up. The friction of investigating endless false positives. The anxiety of not knowing what sensitive data is actually doing across your environment. And the sinking realization that despite massive investments, DLP tools are failing at the one thing they were designed to do–prevent data loss.

7/7/2025

How Legacy DLP Leaves You Exposed

Legacy DLP tools are blind to how data moves in today’s cloud-first world—leaving gaps attackers exploit. From shadow IT and SaaS sprawl to insider threats and misused personal devices, outdated solutions miss the subtle, high-risk behaviors that matter most. True protection requires context-aware visibility, behavioral insight, and data lineage that follows sensitive information everywhere it goes—not just where it started.

7/4/2025

Why Traditional DLP Fails in the Age of Cloud and Collaboration Tools

DLP emerged at a time when corporate IT environments were relatively straightforward. Employees worked primarily from corporate offices, data resided in on-premises servers, and communications happened through company-managed email systems and file shares. Traditional DLP solutions were designed to thrive in this environment. They were built around static policies and content inspection techniques that examined files and communications for specific keywords, file types, or formats, flagging or blocking activity that violated predefined rules.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
7/1/2025

The Evolution of Data Loss Prevention: From Perimeter to Insider Risk

Data loss prevention, or DLP as most of us know it, began as a strategy to control how information was stored and moved within organizations. Ultimately the goal was to prevent data from leaving. The premise was simple – identify where sensitive data was stored, define what could or couldn’t happen to it, and enforce those rules through network and endpoint controls. These early DLP tools relied heavily on static content inspection and then blocking or alerting based on pre-configured rules.

Cyberhaven news
5/13/2025

The Next Chapter in Cyberhaven's Journey

Today, I'm both honored and excited to share that I've stepped into the role of interim CEO at Cyberhaven, as Howard Ting transitions to our Board of Directors.

Product update
4/29/2025

Security for AI: enabling secure AI adoption across the enterprise

AI is transforming productivity across every industry—from marketing and design to legal and engineering. But while employees rush to embrace tools like ChatGPT, Gemini, and Microsoft Copilot, many are using other tools without oversight from IT or security. As this grassroots usage grows, so does the volume—and sensitivity—of data flowing into AI tools. Companies now face a critical challenge: how to capture the enormous potential of AI while managing the risks it can introduce to their data.

Industry news
4/23/2025

AI Usage at Work Is Exploding — But 71% of Tools Put Your Data at Risk

As AI becomes deeply integrated into critical business operations and adopted by increasing numbers of departments and employees, the volume and sensitivity of data flowing into these systems has grown exponentially. Companies now face a dual challenge: harnessing AI's potential while managing the substantial data risks it introduces.

Security best practices
3/28/2025

Breaking silos: How to align GRC, cybersecurity, and privacy teams

Over the years, I’ve learned a few lessons (some the hard way) about how to bring security, GRC, and privacy teams together. At the core of these efforts is a simple truth—data is an organization’s most important asset. Securing and governing it effectively requires a cross-functional approach. Spoiler alert: it’s not just about tools and frameworks; it’s also about people and how we work together.

Security best practices
3/28/2025

How CISOs can justify their cybersecurity budget

Every year, companies reevaluate their budgets, making tough calls on where to invest for the most impact. In many organizations, cybersecurity spending is often seen as a cost center. However, without adequate security investments, companies put themselves at greater risk for data breaches that could disrupt business operations and damage customer trust, ultimately costing the company a lot more in the end. To minimize these risks, it’s important to quantify them through risk assessments and metrics. When security investments are tied to business priorities and backed by data, they become easier to justify and far more effective in preventing costly incidents down the road.

Security best practices
3/28/2025

Secure employee offboarding isn’t happening fast enough to prevent employee data theft

Departing workers can pose significant risks to data. Let me share a story about an individual who stole and deleted valuable research data right before submitting his resignation: six weeks after a contingent worker left the company, the FBI contacted us. It turned out that the individual had tried to sell the company’s confidential data to a third party. When he left, everything seemed normal. However, he had transferred some of his work to a personal account before leaving—an activity most companies struggle to detect. Just 24 hours before an employee resigns—or when a mass layoff is looming—data theft spikes dramatically. To reinforce this point, in the 24 hours before a layoff organizations see a jaw-dropping 720% surge in data exfiltration activity compared to the norm. Employees may download sensitive files, forward emails, or copy customer lists—actions that can have lasting consequences, especially if that data ends up with competitors or malicious actors.

Security best practices
3/28/2025

Managing shadow AI: best practices for enterprise security

The rush to work faster with artificial intelligence (AI) risks encouraging employees to accidentally put sensitive data at risk. Take this scenario: someone in the procurement team has a tight deadline, so they upload a confidential contract into an AI tool to review a few redlines. It’s unclear if the AI system is storing the data from the contract, how long it’ll be retained, and if the data will resurface in a future prompt to someone else. There was no malicious intent here, but there’s no visibility into what happened or will happen to the data and a lack of controls on compliant usage of AI tools. This isn’t just an issue with one department—it’s happening throughout organizations. Employees are using AI tools in the shadows, leaving companies with little control over their data. In this blog, we’ll explore how to manage data exfiltration risks when dealing with unsanctioned AI tools.

Security best practices
3/21/2025

How cert pinning and E2EE broke your CASB — and why endpoint is the new cloud control point

Cloud adoption among enterprises accelerated around 10 years ago. During this time, network-based tools emerged as solutions that could protect data as it traveled to the cloud. These solutions, including Security Service Edge (SSE) and Cloud Access Security Brokers (CASB), utilized network-based proxy architectures that could intercept and control traffic. By inspecting data in transit, it ensured that data was controlled according to security policies, effectively preventing exfiltration of confidential data.

Security best practices
3/12/2025

The file and SaaS data perimeter is broken: data security needs data lineage

We are in the midst of a major technological shift. And when shifts happen, new industry-defining companies emerge. The winners aren’t just those with great ideas—they are the ones who adapt and respond to change the fastest.

Product update
2/4/2025

Smarter than ever: Linea AI’s next leap forward in data security

Last year, Cyberhaven introduced a revolutionary solution that changed how companies protect their most valuable data: Linea AI. Today, we’re excited to share its progress, success stories, and the advancements shaping its future.

Security best practices
11/4/2024

Why data security needs a platform: what recent DSPM and DLP acquisitions tell us about the future of cybersecurity

In recent years, we've witnessed an acceleration of consolidation across the cybersecurity industry, with data security at the heart of this evolution. The rise of AI use cases has accelerated the need for protecting sensitive data for most enterprises. Major acquisitions like Dig Security and Laminar in the Data Security Posture Management (DSPM) space, alongside acquisitions of DLP (Data Loss Prevention) companies like Next DLP, Trail, Mimecast, and Code42, signal that we are entering a new phase in how enterprises secure their most sensitive asset—their data.

Security best practices
10/29/2024

Don’t be fooled: data security requires global data lineage, not “local lineage”

Securing data today requires the context provided by data lineage: where data came from, who interacted with it over time, which systems have used it, and more. But buyer beware: many vendors now claim to offer “data lineage” that only provides a tiny fraction of the context of true, global data lineage.

Security best practices
8/3/2024

Automatic visibility: the key to a more proactive data security program

In today’s rapidly evolving digital landscape, the ability to see, understand, and control data movement within an organization is more critical than ever. Cyberhaven’s customers are turning to our Data Detection and Response (DDR) platform to power their data security programs, moving away from legacy solutions that fail to offer comprehensive visibility. Cyberhaven stands out by providing unmatched insights into data usage and movement across every part of an organization. From endpoints to browsers and cloud applications, Cyberhaven captures every interaction—every download, modification, upload, and share—and correlates these events in real time to build a complete data lineage. This visibility transforms how organizations manage and secure their data, setting a new standard in data security. Read on to learn how organizations are taking advantage of this visibility to build better data security programs!

Security best practices
8/3/2024

The top 5 reasons endpoint agents are essential for data security

Agents can be a pain, we know! From deployment, to managing upgrades, dealing with agent conflicts, and responding to user complaints, we know security teams would rather achieve their objectives without an endpoint agent. But, when it comes to securing your company’s data, there are certain use cases that can only be achieved with an endpoint agent. If you’re not sure if an agent is right for your security program, read on for the top 5 reasons your enterprise needs an endpoint agent for data security.

Security best practices
8/3/2024

Shield your acquisitions: security strategies for the 2024 M&A market

After economic headwinds caused a downswing in corporate mergers and acquisitions, analysts are projecting an increase in activity in the second half of 2024. This uptick in activity, however, will feature different trends due to the current economic and regulatory climate, with big implications for information security. Read on to learn more about projected shifts in acquisition strategy and the implications for information security!

Security best practices
7/30/2024

Improve security with instant feedback: how policies with notifications educate users

Real-time feedback on risky behavior stops sensitive data exfiltration and educates employees on security best practices, based on research from Cyberhaven Labs analyzing data on warning and blocking policy implementations.

Security best practices
7/17/2024

One platform, complete protection: why data security is moving on from point solutions

As the world enters the AI Era, CISOs and CIOs are looking at data security with renewed interest and urgency. Instead of multiple overlapping yet disconnected tools, it’s time for one unified platform to trace and secure data wherever it goes.

Security best practices
7/15/2024

Modern data security: why the convergence of DLP and IRM is more effective than the sum of its parts

In the past decade, organizations seeking to protect sensitive data from negligent or malicious insiders faced two choices: invest in a Data Loss Prevention (DLP) product or an Insider Risk Management (IRM) product. These solutions addressed the same problem from different angles. DLP products focused on analyzing data content to control its movement, while IRM products monitored user behavior for risky actions.

Security best practices
6/27/2024

Navigating the FTC’s Non-Compete Ban: A Guide for Information Security Teams

On April 23, 2024, the Federal Trade Commission (FTC) issued a ruling that banned the use and enforcement of non-compete agreements across the United States. With this ruling, enterprises that relied on these agreements to help preserve their competitive advantage must adapt their strategy for protecting proprietary information when an employee departs. Read on for a breakdown of the ruling, what strategies remain open for dealing with this risk, and how security teams can help their organization adapt.

Guide

The 15 Top Data Detection and Response UseCases

Download
Live demo

See our product in action

The best way to understand the magic of Cyberhaven is to see a live product demo.
Request a demo

Trace your data to protect it like never before