fbpx

NEW: 2022 Gartner® Market Guide for Data Loss Prevention

Get my copy
April 12, 2022

Cyberhaven Product Update – April 2022

The Cyberhaven team is always working to bring you the best data protection solution and customer experience possible. As part of our regular cadence of improvements, we wanted to share some of the latest features and enhancements in the product, and what they mean to your security practice.

This update summarizes information related to Cyberhaven version 22.03. Key features and enhancements include:

Tracing and Control of Archived and Encrypted Content

Cyberhaven can now track and control data even after it is archived or encrypted. For example, a malicious insider may attempt to evade security controls by hiding sensitive content in a password-protected zip file. If the user attempts to exfiltrate the archive, Cyberhaven will continue to detect the incident and block based on the organization’s policies. While no tool can directly inspect the encrypted archive during exfiltration, Cyberhaven’s use of data tracing ensures it remains aware of the content and can apply policies accordingly.

Likewise, Cyberhaven also now tracks un-archiving — for example, it can block a user from exfiltrating a file extracted from an archive downloaded from a sensitive source.

NOTE: This feature is in beta and is disabled by default. Please contact Cyberhaven Support if you would like to test the feature.

Support for Command-Line Apps on Windows

Cyberhaven can now trace data being transformed via a command line. Specifically, the following operations are supported:

  • cmd.exe: rename/move/copy/xcopy/robocopy commands
  • powershell.exe (or windows terminal): same as cmd.exe + Copy-Item/Move-Item/Rename-Item/Remove-Item

NOTE: This feature is in beta and is disabled by default. Please contact Cyberhaven Support if you would like to test the feature.

Folder Upload on Mac and Windows

Cyberhaven always tracks when users upload files to the web using supported web browsers. In this release, we have added support to also track when users upload entire folders (e.g., by drag-and-dropping a folder to a file-sharing application).

Support for Incognito Mode on Mac

Cyberhaven can now detect and control when users upload data to Incognito browser windows on both Mac and Windows. Security administrators can choose to simply record, trace or block such actions using Cyberhaven policies.

Pivot to Related Events From Any Incident or Dataflow Details

When reviewing incidents or dataflow details in the Cyberhaven dashboard, security analysts can now easily pivot to related incidents based on any attribute of their choice. Users can simply hover over the attribute name in the details view and click on the looking glass icon:

Cyberhaven - Pivot to Related Events

Additional Enhancements

This release also introduces a variety of improvements under the hood that further improved the performance, reliability, and manageability of the Cyberhaven DDR platform.

  • Support Rollback During Cyberhaven Updates In the rare case that a Cyberhaven agent fails during an update, the installer will now automatically roll back to a stable state.
  • Performance and Memory Improvements on Mac We substantially improved the performance and memory usage of the Cyberhaven agent on Mac.

As always, we are actively working on new enhancements that help our customers protect their data and solve security problems that they could never do before. For additional details, you can find the full release notes for this release at https://docs.cyberhaven.io/docs/march-22-03.

If you would like to learn more about any of these features or the update process itself, please reach out to Cyberhaven team members or contact us.

Start tracing your data