Home
>
Blog
>
Cyberhaven Unlocked: Designing Your Deployments

Cyberhaven Unlocked: Designing Your Deployments

No items found.

December 10, 2025

1 min

In This Article
Example H2

Introduction and Webinar Kickoff

Ben McGraw: Hey, Donnie, how are you?

We'll give it a couple of minutes, uh, for, to let others join. Um, and then we will kick off here in just a few minutes.

All right. I think we'll go ahead and get started here. Uh, hello everybody. Welcome to today's webinar.

Overview of New Deployment Features

Ben McGraw: Where we're gonna be talking about designing your deployments, we're gonna be discussing, you know, the new profiles, configurations, uh, and the new endpoint management redesign. Um, I will go ahead and hand that off to Ben Crocker to start, start our conversation

Ben Crocker: off.

Ben McGraw: Um, we'll dive back into some demos, um, and then wrap up with best practices and recap on a couple of items. So, uh, if you don't mind, Ben, I'll pass it to you.

Ben Crocker: Thank you Ben. Uh, you, you have the Ben show today, everybody. Um, uh, uh, we're gonna talk, uh, about some new functionality. We've been working on this actually for quite a long time.

Um, our intent with, um, with the profiles and configurations work that we've done is to expand the availability of functionality in the platform for customers to manage their own deployment, to understand what's going on with the endpoints that are deployed, the sensors that are out in your environment, and to be able to control that.

And also, um, eventually to be able to troubleshoot, to be able to understand statistics and all of the things that are going there. Ben, if we could have the.

Um, if we compare what you may have seen in the platform up until now, and in fact in, in many instances, none of you would've been able to see the configurations that were in the platform. What we had was deployment groups, as they were called. You would select the set of devices that you were, um, that you wanted to send us specific configuration down to.

You'd be able to select the policies that were going down there, the content inspection rules that were being associated with those. But they were delivered in this one huge block of monolithic set of settings, um, that included actually a whole bunch of things that weren't exposed in the UI of the platform at all.

We were using manually targeting those, you had to pick those devices for yourselves. You had to be able to, um, uh, decide the, the groups manually once they'd connected to the platform or when you did the install of the devices. And then there was this very large and quite complex, um, JSON configuration that went down there.

And as mentioned, in a lot of cases, you guys wouldn't have been able to see it. It would've been Ben and the other guys from the, the support of the CX organizations that would've managed those for you. As we look at what we are showing you in the platform in a moment, and Ben's gonna walk you through that, we changed that into something that I think represents, um, a well-known workflow for delivering configurations.

You have a profile. That takes a, a set of reusable objects of configurations, connects them together and allows you then to target them down to the devices inside your environment. That profile is built of those separate building blocks of configurations where you can set a configuration that allows you to decide about maybe the performance or the detection characteristics or the update characteristics of that set of devices.

Put those into a, into a group and apply that to the set of devices.

Dynamic Targeting and Overrides

Ben Crocker: Dynamic targeting allows you then to say, I, it doesn't matter if that device has been connected to the platform before or not. If I set these characteristics, when that device connects, it'll be applied in into that group of devices and Ben will show you how that works with targeting in there.

So when you have dynamic targeting, there are some things where. Need to allow for those to overlap. And we've covered that in the settings as well. And then for the issues where you do need to look at o uh, at setting very specific configurations, or you're talking to the support organization and you need to set a particular setting, there's an option for overrides.

So while we have a lot of those things exposed in the ui, the capability to get down in the weeds and be specific about stuff is already included. So all of those things inside the platform available to you guys. The other thing to mention here is.

API Integration and Reusability

Ben Crocker: Um, at the same time as this functionality is delivered, the APIs are all available.

So all of the things that, that Ben will show you as he goes throughs and shows the profiles and the configurations and even the overrides for those things all available inside the, um, inside the API and, uh, available for you to integrate with all of those systems that you use, whether that's comp management or, or actual configurations.

And next one, please, Ben. And so as mentioned, we're having those kind of building blocks and we wanted to allow for reusability inside. Inside your environments, as you look at how you deploy changes in configuration, you maybe have one config that represents the vast majority of the devices in your environment.

And so that might have one set of policy configurations or, or one set of resource utilization configurations, and you want to have that and use that everywhere. But then for another set of devices, you might want to change. Either the policy or the utilization or the detection characteristics to be very specific.

And so taking those things, splitting them into reusable objects, allowing you to reuse those in a, in a one to many scenario, one configuration to many deployment groups if necessary. Or of course, if you really want to be specific one-to-one, I've got this set of devices, it's my test set of devices. I turn on everything in there and then I can filter those through.

So allowing. Intentionally allowing for that reusability and that the settings there to allow you to roll things through into your environment, test it in a set of devices, move into a bigger set of devices and make sure you're there. So, um, really hoping to give all that flexibility. What is there, of course, is that default profile mentioned at the bottom.

Um, and when Ben shows you about the, uh, the priorities, you'll see how we've set that up. Every device will always have a profile associated with it. If it, if it falls through all of the ones that you've created as dynamic ones, then it'll hit the default profile and it'll be there. But they'll always have a config, a device will always, um, uh, land in a group there and be able to do those things.

So that's the kind of overview for that. Ben's gonna take you through some of that stuff, um, in the UI and show you what's there. I'll come back afterwards and maybe talk a little bit about the other things we we're gonna, um, um, add into that. Um, what I would say is there is a q and a. Please ask any questions if you've got in there while Ben's tapping away.

I'll do my best to answer all of the questions, um, uh, that are going on there. Thank you, Ben.

Ben McGraw: Thank you.

Live Console Walkthrough

Ben McGraw: Alright, so before we, we dive into the platform, just kind of set up what we're gonna be doing here. I'm gonna. Go over the console. We're gonna talk about, you know, where, where these new, uh, enhancements live in the console, uh, the endpoints, the installers, the profiles, the configurations.

We'll, we'll touch on each of those. I'll probably start with the endpoints first, and then we'll pivot from there. But lemme go ahead and share my screen here. Get the live console. We'll stop sharing the presentation. Oops. Share.

Alright, so we should see the console here. We are in a staging environment.

Endpoint Management Enhancements

Ben McGraw: Uh, so as many of you are probably aware previously, this is what the endpoint sensors page looked like. This will go away once we migrate or turn on the setting for you. Uh, this will eventually go away, so you will no longer use this, but I just wanted to to start by saying, Hey, this is where you do all of your work now, but this is changing and I'll show you.

Uh, what that looks like. So here at the bottom left, we have the new navigation for endpoints. We have various sections here, profiles, endpoints, configurations, and installers. I'll start with endpoints. Um. You land in an endpoint inventory, uh, similar to the previous endpoint management, uh, page, but we've called out some additional context for each endpoint here on this particular view.

As you can see, the endpoint status is at a glance. We also have some icons for, uh, various operating systems. So you could see that immediately and, you know, have a takeaway from, from what. You know, devices you're looking at, whether they're active, last time they've communicated all the standard stuff you're, you're typically used to.

However, we also added the, uh, ability to click onto each of these sensors and get additional information about the endpoint itself. So in this case we have, uh, just an environment. Um, this is just an example, uh, endpoint, but we can see whether or not it's healthy. Any particular errors that may have been attached or statuses that are attached to an endpoint, if you have like an Outlook plugin that needs updating or browser extension, all of those particular, uh, statuses will show up here.

Uh, there will be tabs to allow you to tab through, you know, critical minor, uh, those types of things as well. I don't have any to show there, but statuses are pretty straightforward. We also collect. Some additional, uh, metadata from the endpoint that will display here in the system info. Um, and it will tell you, you know, what's the profile last assigned to the device when it checked in?

Pretty straightforward. Uh, we also allow you to run the diagnostics from the screen as well. There is a little actions menu, which is similar to the previous, uh, endpoint Management, which allows you to perform similar actions. You know, request a diagnostic view the pop out, uh, or you can delete as well.

Uh, you may notice that at the top here, we have various columns and they're filterable, but what we did a little bit different here from the previous endpoint management page was allow you to filter from this filter menu so all of the filterable, uh, columns or options will be available here on the left side once you click a filter, and then you can go ahead and select your various filters, apply those.

Uh, depending on what, what you're looking to filter on your criteria there. There's quite a few filters here. Uh, just depends on your use case, what you're trying to, to narrow down. Uh, but pretty, pretty straightforward. Um, again, uh. Gives you a live inventory of your environment. Um, I'll hop into installers, won't spend much time here.

I think we all understand what this is. But this was previously in a dropdown menu on the endpoint, uh, sensors page. Now we have a dedicated page for that separated by operating system here at the top. All of the standard stuff you would expect to see. So the MDM profiles, the installation commands, the various versions as well.

So, uh, you can just grab those from the endpoint installers page. Pretty, pretty straightforward. Won't spend any time there.

Creating and Managing Profiles

Ben McGraw: I think the most important stuff we want to cover here is profiles. So profiles and configurations. What is a profile? Been sort of already you set the foundation for you here, but I'll, I'll recap.

So profile is, as you can see here, uh, a set of configurations, targeting criteria, and a priority. So targeting criteria you're gonna define, uh, based on what groups of devices or. It could be a very specific device, uh, that you want to apply this particular profile to. I'll walk through that example here in just a few minutes, but a profile is made up of these six configurations, well, five configuration profiles essentially, that you'll be able to modify, and then one configuration that's just attached to the profile, or excuse me, the profile itself, which is the uninstall protection.

I'll talk a little bit about each of these as I move forward. Um, let's see here. One of the things you'll notice outright, and I'll just, I'll touch on, and this is really a topic for probably a different conversation, but migration, right? So all of the existing customers are using the old endpoint management.

Once we enable the feature flag for this, there's an automatic migration that occurs where we take your existing deployment groups, all of the associated configurations for those, combine them into a profile, migrate them over. You'll see those profiles here. This is just a default profile that existed in the environment before we migrated.

Um, one thing to note about these migrated profiles are, is that they are read only. You cannot modify these, so we can turn on the, the feature, the migration occurs. These are in there as a base for you, or at least to keep your, your environment running as it was prior to the migration. Um, but it gives you at least an ability to go in and take a look at the preexisting settings and how they apply.

Here. But one thing to note as well, all of those settings that were previously in the, uh, remote config, they're brought over as overrides for, uh, and I'll talk about overrides towards the end, but you'll see an override section here where you can apply overrides to the overall profile. And there's various reasons why you might want do that.

Could be support related, uh, cases where you're troubleshooting or maybe you want to override a particular feature. You can do that through the overrides. Uh, I'll talk about that in a few minutes. So default profiles great. Uh, but as Ben mentioned, you'll wanna start thinking about profiles after the migration.

Um, and default profiles a good place to start. It gives you a good foundation. Uh, but in my organization, we'll want to default or a global base, uh, profile. So we're gonna walk through creating a, a, a base, a global base profile for my. Hypothetical organization here. So before we can do that, we have to visit the configuration sections for, uh, the profile.

So I'll dive into that.

Configuring Performance and Detection

Ben McGraw: Now, as you can see in the configurations here, we have five, uh, default. Profiles that'll allow you to have a base for, for configuration and operation of the sensor. We'll start at the bottom. The performance, uh, default here. These are the performance related knobs that we've exposed so far.

Um, whether it's offline storage, as you can see here, there's various other settings, how much cash we take up on the endpoint. Uh, I guess total directory size of the, the. Uh, directory that we're, we're taking up on disc, uh, various other settings as well. How often the device is gonna communicate, uh, if you have VDI environments, whether we're, you know, scaling, uh, appropriately with that, with the VDI.

You can set those configurations here as well. Pretty straightforward, but we'll, we'll, we'll dive into that once we start creating a base profile. Talk quickly about detection. Detection is basically all of the, the. Knobs that we can turn on and off for telemetry collection. Right. So what is the sensor inspecting?

What is it looking for? Um, browser extension, enablement ports for, uh, particular use of browser extension. You may have, uh, you know, endpoints or servers or other applications that are using our port. We allow you to now configure, uh, to a custom port so that uh, we can continue operation with the browser extensions.

We've exposed a lot of the settings that were typically in the remote config that you had to reach out to support. Um, to actually change or modify. Uh, we're trying to, to empower the users to have more visibility into what settings are enabled, what, what telemetry is being collected. So it's complete transparency on the overall, uh, configurations for, for an endpoint.

So, detection related items here. We'll, we'll, we'll talk about these as I create the.

Content Inspection and Software Policies

Ben McGraw: Sample profiles, but content inspection default, these are all the content inspection related, uh, settings. You know, how big of the files by default are we gonna send to the content inspection data and motion settings. Uh, the default here has data at rest, disabled, and, you know, discovery scan and content inspection scan.

Um, but what, and one of our, uh, scenarios here, we'll, we'll configure one that, that has data arrest enabled. Software, uh, policy here or configuration defines your update policy. For, for endpoints, uh, the default here is latest standard. So you'll probably, and most organizations are gonna want to, as I mentioned, create a default or a base for their org, where you probably will set different update configurations, maybe an n minus, N minus one previous standard, uh, scenario as well.

You also have some controls around the browser extensions, whether you want those to update to the latest. Uh, or turn it off completely. You have the ability to do that. And then policy default, so this is basically all. Policies that you currently have in your environment are applied to this default policy.

So if you just ran with this out of the gate and you had blocked policies applied throughout your environment, uh, they would apply to all endpoints that match this particular profile. So you just want to think through that. Maybe you want to target your deployment in a specific way. Maybe you want only monitor policies for your default group.

Um, but we'll go ahead and, and create that now. So starting out, we'll just, uh, clone or duplicate the existing. Uh, configurations here, and we'll just call this performance, uh, global. Oops. Global base. We'll just use that as our, our naming here and we will, it's not the default, we'll just call it global base.

Move through here, the settings. We can see the various settings, as I mentioned, uh, in a little overview, we're gonna leave this all default for now. You'll get a confirmation or a section for you to review before saving. It's very important that you do this. You wanna make sure that any configurations that you're modifying, that you are sure, uh, in what you're changing.

Because as soon as if this is a applied to an existing profile, when I hit save, those settings are gonna be picked up by the sensor. So it's just important to make sure before you move on from this. Particular screen that all of the intended settings are are correct. So we'll save this. We have a performance global base, and we'll do the same for each of these.

So we have, uh, a particular global base that we'll use for our overall profile. So from a detection perspective, we'll do the same. Duplicate, we'll call this, it's not a default, call it a global base. Great. We'll see. There are various settings here in my organization. I don't think. Uh, it makes sense to have screenshots enabled for, for all of my devices.

Maybe I wanna do that in a targeted approach. So I'm gonna go ahead and turn that off for now. Uh, but then you have other options as well. And again, this is default, so I won't go through changing a ton of these. But, uh, to kind of explain, you have the ability to pick and choose what features you want.

Enabled for the sensor in terms of how it's collecting telemetry. Maybe you wanna enable teams visibility. You can do that here as well. Maybe in your organization you do not have, you know, safari use or you don't allow Firefox is blocked. Maybe it's just Chrome and Edge, right? You're able to modify these particular uh, settings to.

Either turn up the visibility or turn down the visibility depending on, uh, your environment's, uh, requirements. So I'll just proceed forward here. Again, it's always important to review these, uh, settings. Before you save, I'm reviewing, we'll go ahead and save, move on. Uh, I'll do the same for content inspection.

Quickly create a global base here

moving forward. You'll see I don't have a bucket configured for this, so please ignore this, uh, message for now. But if you did have a storage bucket configured in the environment, you would get some additional settings here to control where, where that data gets stored in your storage bucket. Uh, these are default settings, as I mentioned, right?

What's the max file size? We'll send to DLP scanner, 25 megabytes here. These are all pretty standard. We'll just leave those as is for now. Moving forward, uh, in my org, I do not want to turn on data at rest globally. I'll do that in a targeted approach. So I think the default settings are good. Data in motion, uh, is perfect.

So anytime some file moves around, uh, we want, we wanna send that off to the DLP scanner and get some information, uh, back based on its classification. These default settings are fine as well. We're not gonna enable any content, uh, discovery or content inspection for data at rest. We'll move forward here.

Go ahead. Always confirm. Best practice save. All right. That was content inspection. Now we'll hop into software. Uh, and this is one that will probably be different for. Most orgs, right? You're not gonna, and unless you like the latest and greatest software all the time for your, for your global fleet, but in most orgs, you're probably gonna set some sort of, uh, deviation from, from the default.

So we'll just move forward. My org. I think we're gonna go previous standard. Uh, it makes sense for me. I like to have at least a n minus one. Or even in some cases in LTS, uh, but we'll just say, uh, and minus one in this case. And then browser extension's fine. We we're gonna leave that on the latest. We'd like to keep that, uh, extension updated to the latest.

I think 3,600 is probably a little long. I want to just set a default to 60 minutes to have my agents check in if there's an update. I'm just gonna double check those settings. Everything looks good moving forward. All right. And then finally is the policy default. We're gonna want to probably make some modifications here as well.

Again, every org's gonna be slightly different. Um. We will, maybe I just want, uh, monitor policies set in my environment. 'cause as you can see, the default here has all, and again, if you have block policies at play, they're gonna be applied to all devices. Maybe that is okay for your environment, but maybe you wanna be a little bit more targeted in your approach there.

So in this case, we're gonna select specific policies. There's a few sample policies in here for default, but we're just gonna monitor, uh. Some flows to, you know, gen AI chat apps and USB In this particular scenario, we're gonna apply that globally to all of our devices. We'll go ahead and we'll see the policies that we chose here.

Click next. We get a confirmation as always, and we're gonna wanna save.

Ben Crocker: Ben, I might have one comment into this one, um, specifically about the policy stuff, guys. The, this is to, um, to allow the fact that you can go through and decide. About a new policy that you've put in an environment and how you can target that and do that kind of stage rollout.

Um, currently the default behavior is every policy you make has to be targeted to all of the devices. In this case, it means you can make a policy. You don't have to do the complex targeting in the policy itself to restrict it to a set of devices. You can use the profiles, you can target those devices that you want and you can put that policy in there.

So that's a, a change that's relatively new to us in, in the platform as a whole, but we really think it allows you to decide who gets the policy when they, when they get it, and the impact that it has. So, um, we're, we're really pleased about that one, and I think it's gonna give you guys a lot of flexibility.

Ben McGraw: Yeah, absolutely. Being able to target specific endpoints with policies, uh, through this mechanism is great. Not having to add a list to a, a particular policy itself and define users, this really makes it a lot easier. Uh, okay.

Setting Up Global Base Profiles

Ben McGraw: So now that I have my configurations set and made, um, aside from the defaults, of course, we're gonna want to go ahead and create that profile I mentioned, so the global base profile, right?

So you can clone the existing, um, you have the ability to do that we'll, just. Clone it. We have the default, we'll call this global base. Whoops. Global base. Uh, actually we'll just get rid of the default 'cause it's not what we're gonna call it global base moving forward. And this is where we talk about the targeting.

Oh, actually the default here. I'm not able to select. So what, we'll, we'll add a profile here, we'll call it global base.

Global base. We'll give it the same description. Move forward here. Here's the targeting that I wanted to show you. So from here, uh, you're able to specify what types of endpoints you want to target, whether it's by so if you have host name. There's other, uh, couple of other fields here as well. So right now we offer host name, serial number, and os for targeting.

There is some plans to expand that. I'll let Ben talk a little bit about that towards the end of the presentation about what direction this is heading. Um, but for my org here, and for this example, we're just gonna say host, excuse me, so because we wanna target all OSS in my environment, Lennox Mac windows.

We'll just do that. We'll immediately see that the global base previewed 30 plus endpoints or plus 30 endpoints, um, for this particular, uh, profile. Now this is where we'll want to make sure that we're setting the priority. Appropriately for, for the environment or for the profile's use. Excuse me. In this case, we're gonna want to just set it just above the default.

I'll probably give it something like a 10 to keep it low, but not all the way to the bottom. Uh, you never know what scenarios might come up where I want to adjust. Uh, so we'll just for now, leave it at ten five. It could be two for, for, uh, your purposes, but ten's a good number for, for us here. We'll hit next, and now we get to select what configurations we want to apply to that particular device population, in this case, defaults.

We want to avoid. We want to just add our performance, global content inspection, global detection, global software, update global, keep everybody on N minus one. And then policy global only monitor policies pushed out to the environment. You'll see uninstalled protection here as well. That's that sixth configuration that's not tied to an actual configuration itself.

It's more tied to the profile. You can go ahead and enable that here. We'll just do it for a demo purposes. Once you click next and then S save, at this point, you'll see a popup for that password. Uh, for you to note it down. Keep it safe place. Otherwise, you'll have to reset. Got it. Cool.

Setting Up Default Profiles

Ben McGraw: We've created a default profile global base that should be targeting all of our devices.

Um, it takes a moment before you see that number reflect so as agents start to check in and, and, and that the system does its targeting, you'll see that, uh, that number will reflect here. But that's the. Typical base, global base scenario that you'll wanna probably follow. Once this gets turned on in your environment, you, you'll, again, you'll have the default profiles migrated from, excuse me, your deployment groups migrated from the previous version.

Uh, but you can't modify those. So you'll start to, you'll need to start thinking about like, what steps do I need to take to. Actually create new profiles in this environment. Um, and we'll touch about on it at the end in, in the recap. But, uh, your CSM or Tam, uh, will be in touch for that, you know, low effort migration process.

Um, long story short, so lemme go ahead and just see here. We'll bounce around. I'll pop back just to see if the numbers change. We don't see the numbers change just yet, but I would expect that we should see the targeting change here because it's for all Mac Linux and the priorities 10, so it's above the default and my migrated group.

So I would imagine that this number's gonna start changing here in just a moment, but instead of waiting for that, we'll just continue to motor through some of the existing, uh, scenarios that might, might come up in your environment. So now I have a global base with an N minus one. Update policies set across the board that might not be good for all of my devices.

Maybe I have servers. They're managed by a server team. They're controlling all the updates through SCCM. Uh, so I want to exclude those devices from, from this group.

Creating Server Update Policies

Ben McGraw: So before I do that, I want to create a server update, uh, software update policy or, or configuration. So we'll just actually in this case, clone the one we just created.

We'll call this one. Software Update servers. We'll say Windows servers, call it that. Uh, let's give it a little description. I won't bother with that for now. Then we'll go in here and just turn off updates for things that are not applicable in my Windows environment. Again, managed by SECM. So I want this particular update policy to apply.

And also nobody's browsing the web on my server, so we're gonna turn this off. And I hear laughter, even though it's muted, I hear laughter. Um, okay. And we're gonna want to confirm, make sure that that's exactly what we intended it is. So we'll save it.

Targeting Specific Device Groups

Ben McGraw: And then from the profile section, now I want to create a server profile.

We're gonna do that. Call this one Windows servers.

We'll go next. I'll leave the description out and this is where we can use the dynamic targeting to target very specific groups of devices, as we mentioned. So I know my servers, uh, there's two particular data centers I have in mind. One is in Northern Virginia. So we'll, they're, they'll contain an IAD in their, their name.

We'll also add some additional criteria 'cause I only wanna focus on window servers There. We do have some Lennox servers as well, so we'll just, uh, focus on Windows and they also contain another string within their host name, SVR. So this will give me all of my Windows servers in my Northern Virginia Dulles data center.

Um, and they also contain SVR. We'll want also include my Atlanta data center. So we'll say a TL, uh, host name contains SVR. Slightly different than the order I did up here, but that's okay. Uh, the end result will be the same. We'll set the OS to Windows as well, and then we'll want to adjust the priority.

In this case, we see five, which is below the global base, so we'll want to push it above that. I'll go ahead and make that 15. Um, 'cause again, the higher priority I, if your criteria matches more than one group, the priority is what takes precedence, right? So if the higher the priority, that's gonna be the profile that applies to those devices we see.

In this case, it's 14. That's great. That's the number of devices I have in my data center. We're gonna go with that. So we'll go next and then from the configuration perspective, we're gonna wanna select, I'm okay with the performance settings for the, for the global base, that's fine as well. Same for content inspection.

We'll do that. Uh, detection's the same. Software update is the one that really, I wanted to make sure it was off because server team would get pretty upset. We'll just go ahead and select the update policy for servers. And then the global base for, uh, our policies as well. Uh, we'll leave uninstalled protection off.

In this case, we, we want the, you know, simplicity for, for our server admins and, and being able to, you know, work on their servers. Go ahead. Next, you'll see the confirmation of the criteria. We set up the priorities. All of the settings in the configuration itself will hit save, and then we should start to see devices populating there as well.

Um. Interestingly enough, I don't see the number, but it's possible 'cause it's just dummy endpoint data for this demonstration purposes. Uh, but we'll, we'll have to look into that. That's typical scenario that might come up.

Configuring IT Pilot Groups

Ben McGraw: Another, maybe you have it pilot group. It's similar in this scenario, but maybe you have an IT pilot group, uh, you know, the canary group of sorts where you want to have the latest and greatest for a specific, uh, set of devices.

We'll call this IT pilot. Move forward here, and in this case, we'll, we'll just target all of the host names that start with Jack, so out of our Jacksonville office and have ops in the name. Um, this will target all of those devices. We, we think that they're a good, uh, pilot or test group. We'll give this a priority above the default as well.

So I'll just call this 20 for now. Could be 100 set at the top, not quite sure. Uh, it just depends on the scenarios and how many profiles you have, where you want it to fall. We'll go ahead. Next. This will be all of my, my Jacksonville, uh, devices. That's where my it ops team, uh, resides. Performance default or global base is fine.

Content inspection, global base is fine. Uh, detection same, but if you recall, our global base for software update is n minus one. We want latest and greatest, and the software default that was applied from the default profiles is latest and greatest. So we'll leave that selected for this group and then policy base as well.

Um, moving forward, we'll leave uninstalled protection as well off, go ahead and move forward. We can confirm. And that would account for, you know, the IT pilot group, the, the canary, uh, group, uh, as well. So they will get the latest and greatest configurations. We can see that through the confirmation here.

Uh, these are the different configurations assigned, and they have the software default. So they'll be n minus one, or excuse me, latest standard. Latest standard for software default. All right. That's, uh, typical scenarios that we might run into where it's Windows server updates, the the canary. Uh, if we want to target specific device populations for policies, let's go ahead and do that as well.

Uh, let's go ahead and can create a configuration.

Applying Policies to Finance Teams

Ben McGraw: Uh, so maybe you have a. We'll use an example here for my, for my environment. I want special, uh, policies applied to my finance team. Uh, we want block policies. We don't want any egress. Um, maybe we also want more comprehensive, uh, content inspection policy as well.

So let's go ahead and create those really quick. So, content inspection base, we'll, we'll, we'll copy that, we'll duplicate it. Um, we'll call this content Inspection Comprehensive. Um. And then we will move forward through here. Let's see. Those are fine for the defaults, but we'll want to turn on discovery, scan data at rest, uh, configuration settings here as well.

We'll wanna make sure that we're inspecting all content on these devices, discovering files that are sitting there dormant. We just wanna know everything that's on, on these finance, uh, devices. So moving forward, we'll get confirmation. Again, I don't have a bucket configured for this environment, so, uh, in, in yours, you may, and you would see options for configuring that as well.

So we'll go ahead and save this configuration, uh, as well. And then we'll want to create a policy version as well. Well, let me just clone our base policy, duplicate that really quick. We'll call this policy comprehensive. I as well, oops, apologies for that. Next we see, okay. We have, since we cloned it from our global base, we have those monitor policies selected, but that's not what I want.

I want to turn on the blocking for this particular environment. We still wanna monitor, maybe flows, USB, but we wanna start blocking the other items. It's very important that they can't egress any data. Go ahead and save this confirmation. Everything looks good moving forward. Okay. Got it. So now we have a policy comprehensive and a content inspection Comprehensive.

So let's go ahead and create a profile targeting our finance devices. So we'll call this finance.

I will skip the description for now. You'll want to add descriptions 'cause it'll help with managing this in, in the future. Um, and we know our host names, uh, start with, in this case it'll be out of our Jacksonville office. They also have, uh, FIN in the, um, host name as well as they're only Max as well. So we can go ahead and limit scope here by OS to Max only.

All right, so let's see here. We see finance is actually not matching any devices. Let's, uh, let's remove the, oh, from the demo here. Uh, okay. We'll set. This above all of the others. 25. Just to give it a higher priority. I dunno why we're not matching, maybe it's not Jack's in my demo here and we'll just say FIN.

There we go. Perfect. We'll use that as an example. We will jump to OS because again, I know those finance individuals are on Mac so and I don't want to target any other, uh, devices with, with that might have that as a partial match. So we can see seven devices now match that particular profile. So we'll hit next that we have our targeting right.

Uh, and here's where we can set the, the different configurations as mentioned. Content inspection. We want the comprehensive one and we want data and rest on discovery. Scanning on detection. We'll leave it a global base software update. Global base is fine. And then this is where we made the policy, the comprehensive policy as well.

So targeting blocks as well. We don't want them to be able to uninstall and we'll go ahead and, uh, move forward here. Save. Make note of your password. So now we have a finance, uh, profile that's targeting finance devices, specifically with our comprehensive policy, uh, configuration and our content inspection, uh, as well.

And you can take this even further. Maybe you want screenshots enabled for this particular set of users. You would go ahead and create a detection policy, modify that, and then you could target, uh. Screen captures as well. But again, we'll require a bucket to be set up in your environment, um, as well. Uh, again, you could take this a little bit further.

If you had VDI environment, uh, and you wanted to adjust performance settings for those particular VDIs, like the scaling factor or limit the resource use utilization, you would just clone a, uh, performance configuration, modify those particular settings, and then create a, uh. Profile to assign to those particular VDIs.

Maybe your VDIs have vdi I in the, uh, host name and you can target those pretty easily, pretty, pretty straightforward.

Using Overrides and Custom Messaging

Ben McGraw: One thing, uh, I will wanna talk about before, uh, running through all of the examples here is overrides. I did mention, uh, overrides, so. The, I mentioned them in the context of your migrated profile.

So the default, or excuse me, the remote configurations that are existing today for you, and those groups are tied together. Uh, when the migration happens, we flatten all of those configs out into the overrides. And you'll see that here from an override section. I'm not gonna explain what all of this really means, but these were the, the overrides that were previously in that particular group.

Again, we've applied them here at a profile level, not configuration level, but profile level. Uh, but maybe in my finance, uh, devices, I want to. Turn on, fail closed, and also maybe customize. Oops, customize, uh, the fail closed messaging. Right? So let's go ahead and navigate to the override section. You'll see this here.

This is because I set, uh, password or uninstall password. Uh, this is the, the information it dumps in there as an override. What we'll toggle the editor here. And on my other screen, I have some configurations we'll want to add. Here as well. This is just an example and I will caution that the overrides really should be used, uh, sparingly, uh, and with guidance from support.

Shouldn't be modifying these yourself unless you have a clear understanding of what you could be modifying. But in this particular example, I'm just showing how the overrides would function. We're gonna drop in here, fail closed, so we're gonna set that to true. You can configure this in the. Detection portion, but I just wanted to highlight the fact that you're able to, to create, uh, overrides.

'cause maybe you do have it enabled in your, your detection profile or configuration, but you don't have custom verbiage set up for the prompt that is displayed. When it happens. You can come in here, modify that, and then override for, for your user base. So we'll go ahead and hit save. Next. Save. Good to go.

So now that particular finance, uh, profile has. Uh, fail close enabled. It's also going to allow me to customize that prompt as well. So if we want to display custom messaging, uh, you know, give 'em a short link to, I don't know, documentation, uh, something that they're able to. You know, understand what's occurring.

Uh, pretty straightforward. There's also probably one other override scenario that we may run into in the wild here.

Disabling Sensors

Ben McGraw: And, and you may encounter it in your organization, uh, you may need to disable a sensor, right? Um, there will be future enhancements that you're, you're able to disable sensors. I believe Ben will talk about that in just a moment.

But really quick, we'll call this disabled sensor. And I'll show you what that looks like. We're gonna be very specific. In this case, I'll just make up a name, JS Ops. Ben this, this device won't exist. But I'm just going to give you an example because you wouldn't wanna apply this to, unless you want to, for whatever reason, disable a group of devices.

You'll wanna be very specific here, what you're targeting, right? So in this case, I'm gonna set a profile of 100 or a priority of 100 because I just want it to be at the top. I don't want any other profiles to interfere with me disabling this particular device we're gonna hit next. We're just gonna give it all of the base configurations, which is fine.

I mean, you could have left this default if you'd like. I'm just gonna do it out of. Demonstration purposes here, we'll just set to all of the global base. Uh, uninstall protection doesn't really matter. Here's where the override, we'll want to set an override for disabling the windows sensor. In this case, these are Windows devices.

We'll, uh, drop that in here. So now sensor will be disabled when it matches this particular profile. Save. Got it. Anything that matches this particular is a very dangerous one, right? You would want to make sure that you're targeting very specific devices or knowing the pattern of those devices, uh, with that criteria, or you could potentially disable your entire fleet.

Uh, but that's an example of common scenarios you might see in your environment. You know, setting update policies, targeted profile, or excuse me, targeted policies that you're applying to devices, whether it's monitor, you know, blocking, what, whatever they might be. Or, you know, configuring various customizations for content inspection, performance, and all of the other settings we went over.

All right. I, I think that wraps it for the demonstration purposes, uh, of the different scenarios. Uh, I don't know if there were any questions that you wanted me to answer specifically, or I can pass it back to Ben to discuss a couple of items here.

Ben Crocker: Yeah, there's, um, there's one question that I didn't get to answer in the, um, uh, in the chat, so I'll do that live. Um, Andrew, um, overrides are only for the devices that are targeted by that profile. Um, so if you set, uh, an override in there, that override will be sent to all of the devices in, in that profile.

The priority part you mentioned is about ensuring that only ever one profile is applied to any other device. And so that's why those numbers are there, um, because dynamic targeting could allow for you to, to overlap those things. You could say Windows and host name contains a and there are lots of host names from that.

But the, the priority makes sure that only one of those would ever apply to those things. So, um, yes, it should mean that if you apply an override, it will, um, only apply to the devices that are targeted by that one profile.

Ben McGraw: All right, then I will go ahead and stop sharing here. Get the slides back. Gimme one second. All right.

Best Practices and Roadmap

Ben McGraw: Actually, uh, I'll talk really quickly about the best practices. We, we, we talked about the, you know, what profiles are. It's basically who gets what, right? And the configurations are how the, the sensor behaves, like what it's gonna do, the telemetry collection.

Uh, all of that, um, you'll wanna start with a base profile. Those defaults are, are okay from, or excuse me, the migrated profiles are okay because they're your existing settings. But you'll wanna start thinking in the new paradigm here with profiles and configurations. Um, and any changes that you make going forward, you'll, you'll definitely need to do that because the migrated profiles are, uh, read only.

Um, as we mentioned here, clone the, the default profiles. These are a good, you can consider them as vendor managed templates in a way, uh, because we're gonna put all the optimal settings or. The settings that will work out of box for sensors to start collecting all of the, the default telemetry that we expect.

Uh, as I mentioned, you'll definitely want to test, uh, these out on small groups, making sure that that criteria is defined properly and you're not over scoping and apply these uh, profiles, especially in the case of disabling a sensor to the wrong devices. Uh, again, plan to move off of the default or legacy profiles.

Uh, the, these will be read only, you won't be able to do anything with them. Um, your Tam, CSM or, or even support will be able to help facilitate, uh, some of that conversation. And again, overrides only for advanced use cases, often with supports, guidance or TAM from, from the tam org as well. Um, and that, that, that's pretty much it for the best practices.

Ben, I'll hand it off to you for the roadmap slide.

Perfect.

Ben Crocker: Um, and so to this, uh, actually will answer a little, a couple of the questions that came through, um, in the q and a as we were going through. Um, this is what we have called internally phase one of endpoint management. A, a big step in the right direction, um, to enable all of you guys to be able to manage and understand what's going on with configurations for your endpoints.

But there will be one or two more phases of this where we look at delivering new things. And so the roadmap is, is about allowing. You to completely understand what's going on with those endpoints, to be able to see detailed information with regards to status and issues that are happening there, and actually support it in the future to use, uh, um, the integrations capability in the platform to send those things out as a, as an incident or an event going into your third party systems, your civil, or whatever it might be.

Um, there was a request about a disable and enable absolutely that functionality Ben showed you. We want to be able to enable that from the UI to be able to target an individual device and say, Hey, I want to disable this one right now. You put it in a profile and target all of the devices. In the future, we'll be able to allow you to target an individual device and say, I only want to look at Ben's one device, and so I don't have to make a profile for that to do it.

I can send an individual configuration down. Actions, like restart or, or those kind of things, or maybe even do the troubleshooting, the DIO bundle, um, to be able to do that uninstall and update. Update. If you are using Cyber Haven to deliver software that's relatively easy to go and do uninstall is actually a little bit harder because uninstalling yourself, of course, means you can't validate that you uninstalled.

But we think we've got a workflow for being able to do that. And so we'll look at all of those capabilities going forward. So really there'll be another section in there where we look at reporting metrics, troubleshooting all of those, um, to really put in your own hands. Uh, I kind of, I guess it's an overused term, but kind of shift left the support of your own endpoints allow you to look at those things.

The CX guys to help you with troubleshooting, send documentation, all of those kind of things, and you to get into the weeds and be able to do those things for yourself. So that's, um, uh, um, planned for early in, in next year, I guess somewhere between Q1 and Q2. We will, um, we'll be looking at delivering that and, um, a as the, as that becomes a reality, the CX team will be able to help you guys out with, um, with when that, that's ready to go.

Ben McGraw: And Ben, I'm not sure if you mentioned this, apologies in the beginning, but the API is available.

Ben Crocker: Uh, yes, I did. Yeah, you, you're absolutely right, Ben. Um, we really tried hard and we are trying hard with all of the functionality that we deliver to kind of come to an API first world. And if it's not exactly API first, maybe API, very close second, um, in this case in 25, 10 0 2, where we released the endpoint management functionality.

The full set of management APIs are there. So everything that you can do in the configurations that Ben showed you, you can do via the API. You can see those things. You can get the list of devices, you can export those, you can get and manage the configurations. So if you want to work in a kind of configuration as code type environment, maybe pull it into your source code repository and keep it as a backup and those things, the APIs are there to help you do that work.

Ben McGraw: All right. And I can just kind of give a recap really quick here. So, existing profiles, uh, they're migrated as read only. I mentioned that a couple of times. Really wanna drive that home. You won't be able to make any changes after they migrate. Um, the endpoint sensors view that you have currently today, once we do the migration or flip that feature flag, you won't be able to access that previous screen.

Um, yeah. And then again, the, the migrated profiles preserve the current behavior. So we, we take all of those remote configs, flatten 'em out, apply 'em to the profile level, not uh, obviously not editable day to day changes. You'll wanna move those two new profiles. Uh, so you'll see your existing migrations and you'll try to start to think, how do I convert this to an existing.

You know, profile and set of configurations. Uh, and as I mentioned, your CSM or TAM will get in touch with you about the, you know, low effort migration. I mean, it's really no effort in terms of migration. It's happens automatically when we flip the, the flag. Um, but you'll have to start thinking in a different way.

Going forward and, and we're here to help facilitate, uh, some of that migration as well. And, uh, all of the documentation is already online, so please feel free to check that out. Uh, API is available in the console as well, so the API spec, uh, for that, feel free to check that out. If you have any questions, of course, always feel free to reach out.

And, uh, that concludes the presentation. Thanks so much everyone. Really appreciate everyone's time. Obviously if there, we still have a couple of minutes here. If there are any other final questions, feel free to, to answer or or, or pose them and we'll, we'll answer.

All right. Well, thanks again everybody. Appreciate your time.

Okay.

Thank you.

Cyberhaven and a leading robotics company customer story

Q&A: Turning Data Visibility Into Faster Protection With A Leading Robotics Company

A surgical robotics company shares how Cyberhaven's data visibility, DSPM, and DLP accelerated their security posture across endpoints and cloud.

Read article
What is Data Compliance?

What Is Data Compliance?

Learn what data compliance is, how major frameworks like GDPR, HIPAA, and PCI DSS work, and the tools you need to stay compliant.

Learn more
2026 AI Adoption and Risk Report for Manufacturing

Manufacturing AI Report: Polarized Adoption From 30 to 300 Tools

Manufacturing AI adoption is polarized—frontier orgs use nearly 300 GenAI tools while cautious ones use 30, and legacy OT keeps agentic adoption at 50%.

Read report
Portraits of three professionals with company logos AWS, Upwind, and WIZ below each respectively, against a blue background.

Watch the 2025 Data Defense Forum

AI-era DLP strategies from
Joe Sullivan & Fortune 500 security leaders
Watch now
Text reading 'The DLP Disconnect' with 'The DLP' in bold blue and 'Disconnect' in italic blue on a white background.

Why Decades of DLP Investment still Aren't Paying Off

77% of security leaders say data sprawl makes breaches inevitable
Get report
Blue wireframe illustration of a downward arrow integrated with a cube shape on a white background.

Why Legacy DLP fails

The fundamental flaws in traditional DLP approaches
Learn more

See

Watch on-demand demos

Learn

Explore resources

Meet

Talk to an expert

Connect with Cyberhaven