Cyberhaven Applies Behavioral Analytics to Better Secure Data
Fresh off raising an additional $13 million in financing, Cyberhaven has launched a tool that enables cybersecurity teams to track how data is being moved across an extended enterprise.
Cyberhaven CEO Volodymyr Kuznetsov said the Data Behavior Analytics (DaBA) service developed by the startup makes it possible to record and analyze the flow of data across all corporate assets, including software-as-a-service (SaaS) applications and custom homegrown applications, without having to make any changes to the data itself.
Based on those data flows, it then becomes easier for cybersecurity teams to construct policies that reflect the actual workflow of the organization, said Kuznetsov.
In contrast to existing data loss prevention (DLP) tools or cloud access service brokers (CASBs), DaBA employs behavior analytics to identify workflows and identify potential breaches. That approach eliminates any need to inject code into an application that cybersecurity teams might want to track, said Kuznetsov.
Cyberhaven also provides more visibility into the type of data that is being exfiltrated, which Kuznetsov said makes it possible to prioritize breaches involving, for example, the theft of critical intellectual property. Once cybersecurity teams suspect a data breach has occurred, it also becomes a lot easier for cybersecurity teams to figure out how data was exfiltrated, including not only where data went but also who accessed it when, said Kuznetsov.
DaBA was developed using technologies and techniques pioneered by the U.S. Defense Advanced Research Projects Agency (DARPA), Kuznetsov said, which wanted to create a tool for tracking data usage that didn’t necessarily require a team of data scientists to set up and employ. Cyberhaven is now making that capability available to IT organizations via a software-as-service (SaaS) application that tracks such things as when data has been downloaded from a cloud application.
The most immediate benefit is the reduced time and effort required for any forensics processes in the wake of a data breach. Many cybersecurity teams today spend a lot more time trying to figure out what happened than they do remediating whatever vulnerability was exploited, either by an insider or someone who has compromised the credentials of an insider.
There’s a direct correlation between the amount of time cybersecurity teams spend investigating breaches and the amount of fatigue being generated. Most organizations are short-handed when it comes to available cybersecurity expertise. Tools that are made available as a cloud service have the potential to not only improve morale by reducing fatigue but also dramatically improve the productivity of the cybersecurity team without increasing headcount.
Of course, the real goal is to narrow the gap between when a data breach occurs and the response to that event. There may come a day when any data breach immediately triggers a set of controls that either limit the extent of that breach or encrypts data in a way that immediately renders it useless. In the meantime, however, the first step toward achieving that goal is deterring who is legitimately accessing data for what purpose.
