Cyberhaven Product Update – November 2021
The Cyberhaven team is always working to bring you the best data protection solution and customer experience possible. As part of our regular monthly cadence of improvements, we wanted to share some of the latest features and enhancements in the product, and what they mean to your security practice.
This update summarizes information related to version 21.11 of Cyberhaven released on November 22, 2021. Key updates include:
Cloud Account Detection for macOS
We continue to extend our ability to track and control how data is shared based on the specific account that an end-user is using. For example, an employee may be allowed to move corporate data to the corporate instance of Box but not to the user’s personal Box account. With this release, we have extended the ability to control Google Workspace, Office 365, and Box, on both Windows and macOS. Stay tuned, as we will substantially expand the list of supported cloud services in coming releases.
AI-Based Source Code Detection
Protecting source code is critical to many organizations and Cyberhaven uses both lineage-based data tracing and content-based analysis to detect and keep track of source code. This release introduces a major update to the way we performed content-based source code detection. Our new model uses a state-of-the-art neural network based on the same technology as the famous GPT-3 language model. We trained this new detection model on more than 10 million source code and text snippets, to ensure highly accurate detection of source code with extremely low false positives.
Assign Incidents to Specific Team Members
Security analysts can now assign incidents to other staff for further investigation. This can help Tier 1 staff and SOC teams to streamline their triage and escalation process to ensure incidents get to the right analysts even faster.
Automated Screenshot Collection (Beta)
During an investigation, security teams often need to preserve irrefutable proof of a user’s actions. Cyberhaven now lets teams automate the collection of this proof by capturing a series of screenshots of the user’s screen. When enabled, Cyberhaven will capture up to 30 screenshots every second leading up to and including the incident so that security staff can see the exact user actions that violated the policy and the context that led up to it. In the future, we will allow staff to configure how many screenshots to capture and for how long before and after the incident.
Availability: This feature is currently in beta and disabled by default. If you’re interested in testing it out, please talk to your Cyberhaven representative. This feature is available in the Automation product plan.
Preview Content Details Directly in the Dashboard
Organizations can now choose to let analysts view additional data stored in their private storage bucket directly from the Cyberhaven dashboard. For example, staff would be able to see content attribute matches, captured content, and screenshots of users’ screens during incidents all without leaving the Cyberhaven UI.
It is important to note that Cyberhaven backend servers will need to be granted read access to the customer’s storage bucket in order to use this feature. The access token is stored securely in an encrypted form, and Cyberhaven servers only use it to grant access to the requested data from the bucket to the customer’s Cyberhaven dashboard accounts. However, customers will still have the option to see previews even if they choose not share read access with Cyberhaven. However, instead of displaying previews in the Cyberhaven UI, customers will receive a download link to the AWS dashboard.
Visibility and Analysis Improvements
Analysts can now quickly filter to see incidents in which users chose to proceed with the action after a warning (assuming this was allowed by policy). Additionally, for events involving emails, staff can now see the email’s subject in the list view.
These are just some of the recent improvements we’ve made to the product and many more are on the way. For additional details, you can find the full release notes at https://docs.cyberhaven.io/docs/november-21-11.
If you would like to learn more about any of these features or the update process itself, please reach out to Cyberhaven team members or contact us at https://www.cyberhaven.com/contact-us/.