Full Export of Incidents and Data Flow Details

This release makes it easy to further harness and analyze your Cyberhaven data outside of the Cyberhaven platform. Staff can export a wealth of incident or dataflow details in CSV format including up to 55 fields such as URL, email address, device serial numbers, or app command lines. Users can choose between a concise CSV report with only the most essential information or a full report with all available fields.

Support for Tracing and Blocking Incognito Browsers

Cyberhaven now detects when users upload data to Incognito browser windows. Security administrators can choose to simply record, trace or block such actions using Cyberhaven policies. This ensures Cyberhaven always maintains full context and prevents users from either inadvertently or intentionally evading security policy.

Best Practice: Policies that monitor or block uploads to certain websites (e.g. Webmail or Social Media) should always be combined with a policy to monitor or block uploads from the same datasets to Incognito windows. Due to privacy-focused limitations imposed by major browser vendors, Cyberhaven does not detect URLs for uploads to Incognito windows (Cyberhaven replaces the URLs with “INCOGNITO” string in such cases). Users could use such uploads to bypass other web-focused policies if uploads to Incognito windows are not explicitly monitored or blocked.

Full-Window View for Policy/Dataset Search

Cyberhaven now allows viewing or editing definitions of policies or datasets in a convenient full-window mode. This capability enables users to see the entire policy at a glance and makes working with longer definitions much easier.

Comments for Incidents (Beta)

Security analysts can now add comments to incidents. For example, security analysts could use comments to explain why incidents were ignored or resolved. Cyberhaven keeps the history of the resolution process of each incident, including all assignments or re-assignments, comments, and resolutions — and shows it at a glance when viewing incidents.

This feature is currently in beta. Please reach out to your Cyberhaven contact if you’re interested in trying it out.

Remote Configuration for Agent Blacklists

In rare cases, it may be necessary to have Cyberhaven exclude certain areas from being monitored. For example, in order to ensure compatibility with a specific antivirus product, Cyberhaven may need to avoid monitoring a certain part of the filesystem. This feature allows staff to remotely create and edit such blacklists on all endpoints or for specific endpoint groups.

Note that this feature is currently not exposed in the UI but is available in the backend. Please reach out to your Cyberhaven contact if you need to use this feature.

This release also introduces a variety of improvements under the hood that even further improved the performance, reliability, and compatibility of the Cyberhaven agents. As always, we are actively working on new enhancements that help our customers protect their data and solve security problems that they could never do before. For additional details, you can find the full release notes for this release at https://docs.cyberhaven.io/docs/january-22-01.

If you would like to learn more about any of these features or the update process itself, please reach out to Cyberhaven team members or contact us at https://www.cyberhaven.com/contact-us/