Back to Blog
Minute Read

Introducing Cyberhaven’s Full Context Blocking… and how it can transform your data protection program

Volodymyr Kuznetsov

Today we announced the availability of our new in-line blocking and adaptive response capabilities in the Cyberhaven Data Detection and Response (DDR) platform. For the first time, organizations can proactively protect any piece of data or content based on its full enterprise lineage, context, and risk. This makes data protection policies far easier to implement and maintain and far more accurate, but most importantly, it enables enterprises to protect types of data and risky behaviors that traditional controls have been blind to.

In this article

A New Era of Data Protection

Cyberhaven DDR gives organizations a new way to approach data protection, one in which enforcement can be applied to all types of data and decisions are based on a complete, historical, and enterprise-wide view of risk.

  • Enforcement based on data origin and provenance — Traditional DLP tools have blocked data based almost exclusively on a file’s content. Cyberhaven introduces a smarter, more reliable approach to blocking that leverages the full enterprise history and context of data. For the first time, enforcement decisions can be applied in real time to any high-value data based on the user, application, or web service that created it. These controls follow the data even as it is modified, copied, and shared across the enterprise, all without the need to tag, encrypt, or otherwise pre-process the data.
  • Enforcement across risky apps, features, and user actions — Cyberhaven’s Full Context blocking also extends to all the ways data can be shared, including areas that traditional DLP or CASB tools are not able to control. This could include blocking such risky behaviors as sharing a sensitive file over an encrypted chat application like WhatsApp or preventing data from spilling into a user’s personal-use applications — personal cloud storage, email, social media accounts, and so on.

What Cyberhaven Blocking Means to Your Business

Cyberhaven’s in-line blocking capabilities open the door to policies and protections that were never possible with traditional DLP or data protection tools.

  • Protect any type of content or data — Historically, enforcement could only be applied to predictable, static content that matched regular expressions or content that was tagged ahead of time. Cyberhaven DDR now enables high-confidence blocking for any type of data including images, presentations, source code, design files, or documents that are constantly being modified. For example, Cyberhaven can enable multiple users to collaborate on a highly sensitive board presentation while ensuring that it isn’t overshared, without the need to rely on predictable data patterns that would not be present.
  • Control every copy of data without tagging — By continuously tracing all data, Cyberhaven is able to keep track of all the copies and derivatives of a file and enforce policy consistently, all without tagging. This enables organizations to easily control the risks of data sprawl without disrupting end users’ ability to create and collaborate. It also ensures that policies are consistent even in scenarios where data tags are not supported or could be lost, such as in a CSV file or one converted to a new format.
  • Block evasion attempts — Since Cyberhaven Full Context Blocking doesn’t rely only on content analysis, policies will continue to be enforced even when the content is obscured. This ensures that policies remain enforceable even if users attempt to bypass security controls by encrypting or archiving the content, changing file types, and more.
  • Enforce without losing privacy — Traditional DLP tools can cause inadvertent privacy issues when inspecting or capturing an end user’s personal data. Because it understands the full origin and history of data, Cyberhaven DDR can avoid this risk by making enforcement decisions without directly inspecting the content. And in the future, Cyberhaven’s understanding of data lineage will enable the platform to only monitor and secure data that originates from the organization while ignoring files that come from personal banking, social media, and similar origins, further strengthening privacy protections.

{{ promo }}

Protect Data and Mitigate Risk Without Disrupting Work

Historically, organizations have been loath to block data out of a concern that it could disrupt productivity and valid work. DLP tools were highly prone to false positives, and policies didn’t always accommodate the needs of users or the business. Cyberhaven’s approach to blocking solves both of these issues.

  • High-confidence blocking with minimal false positives — Cyberhaven DDR brings multiple contextual elements together to ensure every piece of data is classified accurately. The combination of lineage, app, user, and content means that organizations can confidently enforce policies without frustrating users and overwhelming the security team with alerts and false positives.
  • Adaptive user education and response — Organizations can do more than block when a policy is violated. In addition to enforcement, Cyberhaven’s adaptive response capabilities offer real-time user education and coaching that can help users better understand new policies and reinforce improved security habits. For example, Cyberhaven can remind users of a new corporate policy to standardize on Office365 and move away from Box or Dropbox without disrupting the user’s work. Additionally, the platform can optionally allow users to provide feedback if they believe there is a valid business reason for the flagged action.

Powered by Breakthrough Technical Innovation

Cyberhaven has developed its own proprietary graph-based analysis engine to ensure that every blocking decision is highly accurate and based on the complete enterprise context of a given piece of data, including its entire history and the actions of all users who have ever interacted with the data or its derivatives. For example, to a conventional DLP product, a highly confidential legal agreement and a publicly available agreement template might look the same. In contrast, since Cyberhaven DDR can easily see that the former was created by the company’s legal department and the latter was downloaded from a public website, it will block attempts to leak the one without interfering with sharing the other.

Graph-based analysis has become one of the most powerful tools for solving complex problems and gaining insights from large datasets in domains like fraud detection and recommendation engines. However, even modern graph databases are designed for graph traversals of relatively short depth. For example, increasing depth from 2 to 6 hops could reduce traversal performance 100x. Applying graph analytics to DLP requires following data across an enterprise through any number of hops and running it for millions of pieces of data simultaneously in real time — well beyond the capabilities of even the best graph DBs today. Therefore, the Cyberhaven team built a proprietary graph DB with a multi-vector graph analysis engine capable of tracing all data flows in real time, even in the world’s largest organizations with hundreds of thousands of employees. Queries that would require hours in even the best graph DBs are solved by Cyberhaven in milliseconds.

While this underlying technology is ultra-sophisticated, it makes data protection decisions ultra-simple. Instead of writing complex rules with poor results, Cyberhaven Full Context Blocking does the hard technical work to ensure organizations can enforce blocking policies reliably and without disrupting valid user workflows.


With the addition of Full Context Blocking, Cyberhaven’s DDR platform solves the most long-standing challenges in data protection. For years, organizations have been forced to cobble together multiple incomplete solutions such as DLP, data tagging, and CASB, while remaining unable to discover and protect all types of data, which exposes them to unacceptable data risk. By marrying full enterprise context and lineage with real-time enforcement, security teams finally have precise and effective control over any sensitive data regardless of what it is, how it is shared or modified, and who interacts with it. Please reach out to the Cyberhaven team if you would like to learn more about how we can help protect your data and content.

Read the Cyberhaven data detection & response datasheet
Download now
Learn the 15 top data detection and response use cases
Download now