Cyberhaven Unveils First Insider Threat Product That Prevents Data Leaks in Real Time
Industry-first solution detects data misuse and theft attempts, and automatically takes action to stop exfiltration in progress.
PALO ALTO, Calif., Nov. 17, 2022 /PRNewswire/ — Cyberhaven, provider of the industry’s first Data Detection and Response (DDR) platform, today announced its Insider Threat Platform. Built on Cyberhaven’s data lineage and graph engine, the new solution extracts insights about user behavior and correlates it with insights about what data is sensitive, to reveal insider threats that are otherwise invisible to most enterprise organizations. In addition to accurately detecting incidents and alerting security teams, Cyberhaven’s Insider Threat Platform can automatically intervene and stop data exfiltration as it’s happening.
“Open cultures and cloud applications have made it easier to share and collaborate, but they also created data sprawl and give employees more control and access to company data,” said Howard Ting, CEO, Cyberhaven. “And while this level of access is good for productivity, it increases the chances of unintentional mishandling of sensitive data or outright misuse and theft—which could cost a company millions. Recent research we conducted shows such incidents are rampant, and have been exacerbated by remote, hybrid work and The Great Resignation.”
Cyberhaven recently released its groundbreaking 2022 Insider Risk Report report, The Great Data Heist, revealing that companies are hemorrhaging critical business data due to employees intentionally or unintentionally leaking customer information, software source code, regulated health data, and more. The findings are based on anonymized behavioral events from 1.4 million workers and span 360,000 data exfiltration incidents across a broad sample of companies, including 11 percent of the Fortune 100.
Introducing the industry’s first solution that accurately detects insider threats
The Cyberhaven Graph was initially built to store every event related to every piece of data in order to build a data lineage and classify its sensitivity. To expand on this capability, Cyberhaven completely re-architected its processing engine in order to extract more insights from the billions of events and trillions of connections the platform processes across its customer base. Advancements in graph processing laid the foundation for what makes Cyberhaven’s insider threat approach so unique. Now, Cyberhaven’s new solution combines behavioral analysis with data analysis to reveal threats that are invisible to most insider threat tools that look only at an employee’s behavior without considering the type of data / file they are handling.
Cyberhaven’s new Insider Threat Platform enables security teams and analysts to:
- Combine behavior + data content and context to improve accuracy. Instead of relying entirely on behavioral anomalies, such as employees uploading an unusual volume of data, Cyberhaven layers in intelligence about the data. For example, the product is more sensitive to a user uploading a company schematic to her personal Dropbox, but not a photo from the company picnic.
- Connect events to identify threats that unfold over time. Cyberhaven Graph stores events related to each piece of data indefinitely. Unlike previous products that looked at each event in isolation or within a short period of time measured in hours, Cyberhaven can connect events over weeks or months, which is how threats evolve in the real world.
- Provides more context to speed investigations. Today, security analysts get alerts for possible insider threats and must pull more events from multiple places to understand what happened. Cyberhaven provides a full history leading up to an incident in one place, which can include screen capture, to investigate faster.
“The key challenge with insider threat tools is that they alert you to threats but don’t stop them. And they don’t detect actual threats, many of their alerts turn out to be false positives,” said John Harris, Vice President, IT Operations at Day & Zimmermann. “Cyberhaven can take action to stop data exfiltration while an insider threat is happening. That’s a big differentiator.”
For more information on Cyberhaven’s Insider Threat Platform, please visit the product blog.
Built on its pioneering data lineage technology, Cyberhaven has delivered the industry’s first Data Detection and Response (DDR) platform, enabling organizations to simply and accurately protect all of their IP and sensitive data. Cyberhaven’s DDR platform comprehensively maps the movement of data throughout an organization using multi-vector graph analytics to automatically classify any data, as well as identify and mitigate risks that traditional DLP and CASB tools leave exposed. Cyberhaven ensures security teams have full control and visibility of all high-value data whether it’s in-use, in-motion, or at rest.