Cyberhaven, provider of the industry’s first Data Detection and Response (DDR) platform, announced its Insider Threat Platform. Built on Cyberhaven’s data lineage and graph engine, the new solution extracts insights about user behavior and correlates it with insights about what data is sensitive, to reveal insider threats that are otherwise invisible to most enterprise organizations. In addition to accurately detecting incidents and alerting security teams, Cyberhaven’s Insider Threat Platform can automatically intervene and stop data exfiltration as it’s happening.
Also Read: Eppo Set to Launch Next-Generation Experimentation Platform that is Powered by Snowflake
“Open cultures and cloud applications have made it easier to share and collaborate, but they also created data sprawl and give employees more control and access to company data,” said Howard Ting, CEO, Cyberhaven. “And while this level of access is good for productivity, it increases the chances of unintentional mishandling of sensitive data or outright misuse and theft—which could cost a company millions. Recent research we conducted shows such incidents are rampant, and have been exacerbated by remote, hybrid work and The Great Resignation.”
Cyberhaven recently released its groundbreaking 2022 Insider Risk Report report, The Great Data Heist, revealing that companies are hemorrhaging critical business data due to employees intentionally or unintentionally leaking customer information, software source code, regulated health data, and more. The findings are based on anonymized behavioral events from 1.4 million workers and span 360,000 data exfiltration incidents across a broad sample of companies, including 11 percent of the Fortune 100.
The Cyberhaven Graph was initially built to store every event related to every piece of data in order to build a data lineage and classify its sensitivity. To expand on this capability, Cyberhaven completely re-architected its processing engine in order to extract more insights from the billions of events and trillions of connections the platform processes across its customer base. Advancements in graph processing laid the foundation for what makes Cyberhaven’s insider threat approach so unique. Now, Cyberhaven’s new solution combines behavioral analysis with data analysis to reveal threats that are invisible to most insider threat tools that look only at an employee’s behavior without considering the type of data / file they are handling.
Cyberhaven’s new Insider Threat Platform enables security teams and analysts to:
- Combine behavior + data content and context to improve accuracy. Instead of relying entirely on behavioral anomalies, such as employees uploading an unusual volume of data, Cyberhaven layers in intelligence about the data. For example, the product is more sensitive to a user uploading a company schematic to her personal Dropbox, but not a photo from the company picnic.
- Connect events to identify threats that unfold over time. Cyberhaven Graph stores events related to each piece of data indefinitely. Unlike previous products that looked at each event in isolation or within a short period of time measured in hours, Cyberhaven can connect events over weeks or months, which is how threats evolve in the real world.
- Provides more context to speed investigations. Today, security analysts get alerts for possible insider threats and must pull more events from multiple places to understand what happened. Cyberhaven provides a full history leading up to an incident in one place, which can include screen capture, to investigate faster.
“The key challenge with insider threat tools is that they alert you to threats but don’t stop them. And they don’t detect actual threats, many of their alerts turn out to be false positives,” said John Harris, Vice President, IT Operations at Day & Zimmermann. “Cyberhaven can take action to stop data exfiltration while an insider threat is happening. That’s a big differentiator.”
SOURCE: PR Newswire