Cyberhaven releases data detection and response tool to stop insider threats

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

The worst threats often come from within. Employees clicking on phishing emails, selecting weak passwords or even selling credentials to third parties can trigger a data breach that costs millions. The problem is that there aren’t many solutions available to stop negligent and malicious insiders from leaking information. 

That’s why today, Cyberhaven announced the launch of the Insider Threat Platform it claims is the industry’s first data detection and response (DDR) platform that can prevent data leaks in real time. The solution has the ability to detect data misuse and theft, and can automatically intercept an attacker exfiltrating data. 

For enterprises, this approach offers the ability to reduce the chance of malicious and negligent insiders either leaking information themselves or providing other threat actors with access to the environment. In short, it provides better protection for intellectual property and other high value data, the company says.

The reality of insider threats 

The release comes as insider risk is becoming a bigger threat to enterprise data. In fact, insider threats are so common that almost one in ten employees (9.4%) will exfiltrate data over a six-month period. 


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

More broadly, customer data is the most common type of sensitive data taken (accounting for 44.6% of incidents) followed by source code (13.8%). 

At the same time, employee access to critical data becomes a critical risk when they move to another position.

“Over the past few years we’ve witnessed a surge in employees moving jobs, and in many cases bringing their former employer’s IP with them when joining a competitor,” said Howard Ting, Cyberhaven CEO. “Companies across industries increasingly have to deal with employees and contractors working on behalf of foreign adversaries swiping product designs and data about users.”

In many cases, these insider threats aren’t due to malicious activity, but users with privileged credentials making honest mistakes. 

“I think we’ve all shared something using a collaboration tool or email and as you type in the recipient’s name it autocompletes to the wrong person and in a rush you click send,” said Ting. 

Cyberhaven’s answer to this problem is to use its data lineage and graph engine to extract insights about user behavior and correlate it with insights about what data is classified as sensitive. It’s an approach that can detect and stop insider risks automatically, as well as alert security teams. 

Data-centric security and DLP solutions 

Cyberhaven’s new solution sits loosely within the data-centric security market, which researchers valued at $3.39 billion in 2020 and estimate will reach $17.12 billion by 2028. 

One of Cyberhaven’s main competitors is Forcepoint, which offers a Data Loss Prevention (DLP) solution designed to prevent data exfiltration with real-time auditing for user behavior, behavioral analytics, and unified policy enforcement. 

Another competitor is Symantec, with its own DLP solution that can identify data across on-premise and cloud environments to protect it from being exposed in real-time. 

However, Ting argues that the key differentiator between Cyberhaven’s platform and competitors is its preventative capabilities. 

“One of the things we hear from customers over and over is they don’t just want to be alerted to insider threats, they want to stop them, and that’s what our product does,” said Ting. “Before now, security products looked at data and behavior in isolation, and by analyzing both together we’re able to much more accurately detect when there’s an insider threat.” 

Originally appeared on: TheSpuzz