[On-demand webinar] CISO Series: Decoding Cybersecurity Language with Adam Shostack

Watch now

Security Policy

Cyberhaven is a data security company, therefore we take security very seriously. We conduct comprehensive audits of our product, source code, systems, and networks to ensure that your data is always protected. The company founders and many members of our staff have extensive security experience and PhDs in computer systems security.

This Security and Privacy policy applies to the Cyberhaven SaaS products and is meant to be a high-level overview of our security and privacy controls. For a more detailed document outlining our security and privacy controls, please email security@cyberhaven.com.


Cloud Security

Physical Security and Data Hosting

Cyberhaven uses Google Cloud Platform (GCP) data centers in the United States.

Data Security

Cyberhaven processes unstructured and semi-structured data that is made available via its endpoint and cloud sensors. Cyberhaven hosts each customer’s data in a public cloud, specifically the Google Cloud Platform on resources dedicated specifically for each customer. Data of SaaS customers is stored in North America. Upon request, other regions are also supported as long as they are supported by Google Cloud.

Separate Environments / Multi-tenant Architecture

Cyberhaven uses a multi-tenant architecture in order to fully isolate distinct customer environments from each other. This means that all virtual compute, storage, and network resources are not shared between customers. This is a guarantee provided by Google Cloud Platform.

Intrusion Detection and Prevention

Cyberhaven has designed multiple layers of security monitoring to detect anomalous behavior, including the deployment of a leading solution for Kubernetes-native security. When incidents are detected, our dedicated security team acts upon them with the highest priority.

Vulnerability Management

Cyberhaven uses multiple industry-standard code analysis tools to discover vulnerabilities in 3rd party dependencies, as well as modern runtime security monitoring to mitigate unknown vulnerabilities.

Our architecture uses a micro-services approach built on the principle of least privilege. Each service is stripped to minimum capabilities in order to minimize the attack surface and limit the impact of any compromise.

Cyberhaven is using a Kubernetes-native container security platform that handles vulnerability detection and management. Critical vulnerabilities are patched on a continuous-time basis. We monitor live deployments for vulnerabilities. 

If a security vulnerability is found in our product, we prioritize fixing and patching the security vulnerabilities with the highest priority.  If the issue is with a third-party component, we patch systems as soon as a fix is available or workaround the vulnerability issue in our own code base.

Penetration Testing

Cyberhaven carries a third-party penetration test annually and multiple internal penetration tests per year. We also use automated vulnerability testing of the application prior to each release.


All in-transit data between endpoint sensors and the Cyberhaven backend is encrypted via the latest version of TLS. All in-transit data in between containers of the Cyberhaven backend is encrypted via TLS and isolated from external traffic via Google Cloud’s VPN. We score an “A+” rating on Qualys SSL Labs‘ tests.

All data derived from customer SaaS deployments of Cyberhaven is stored in Google Cloud, which employs industry-leading data at rest encryption.

Key management is done using proven industry standards and leveraging the Google Key Management infrastructure.

Incident Response

Employees are trained on security incident response processes, including communication channels and escalation paths. In case of a security incident, all Cyberhaven engineers and service reliability engineers have direct access to the CISO of Cyberhaven in order to escalate the security incident to the top level. Incident response for Cyberhaven containers is ensured through a container security platform that allows Cyberhaven to enforce incident response security, to take action, kill pods, and thwart attacks.


Cyberhaven has numerous audit and performance logging put in place. These logs also produce alerts for the SRE team when we detect performance or security-related anomalies.


Application Security

Secure Code Development (SDLC)

Accessing the Cyberhaven source code repository requires a valid Cyberhaven account, a strong password, and two-factor authentication. All code deployed in production is peer-reviewed and security-audited by at least one other Cyberhaven engineer. The software packages for endpoint sensors are code-signed only by Cyberhaven engineers using hardware and software mechanisms provided by Microsoft and Apple respectively.

At least annually, engineers participate in secure code training covering OWASP Top 10 security risks, common attack vectors and Cyberhaven security controls.

Quality Assurance

Dedicated application security engineers identify, test, and triage security vulnerabilities in the Cyberhaven source code.

Authentication & RBAC

Cyberhaven currently supports authentication to the Cyberhaven dashboard via Google SSO (based on OAuth2.0) and password-based authentication with mandatory 2FA. We implement best practices with respect to user password and session control, including password complexity checks, two factor authentication, password and session expiration, and password reuse checks.

Cyberhaven currently implements a basic RBAC scheme containing regular users and administrators of the dashboard.

HR Security


Cyberhaven requires developers to undergo security development training annually.


All employee contracts include a confidentiality agreement.

Endpoint Management

Access to customer environments is only granted on a need basis. Such endpoints are protected with  state of the art security management, anti-malware, and monitoring tools.