Cyberhaven: Protect Data by Analyzing It

You could say the cybersecurity firm Cyberhaven came about by happy accident: in 2015, a team of security researchers entered a DARPA cyber competition, and came out of it realizing they had created an entirely new cybersecurity tool.

Today, the Swiss-based company provides real-time discovery and monitoring of all critical assets for clients, and does so with the idea that assets are best protected if you constantly track where they go.

Mary Roark, VP of marketing for Cyberhaven, spoke with the Media & Entertainment Services Alliance (MESA) about the company’s unique approach to cybersecurity, the data protection most prominent among organizations today, and what’s next for the company.

MESA: How did Cyberhaven first come on the scene in 2015, what was the impetus for the company?

Roark: Cyberhaven was founded by a group of security researchers from EPFL the “MIT of Europe” in Switzerland after they were finalists in a DARPA cyber contest.

Afterwards the team decided to form Cyberhaven and received funding from DARPA to continue productizing their ideas and unique new approach to data protection. The original five founders continue to contribute to Cyberhaven’s success.

Cyberhaven successfully raised $13 million in Series A funding with Volodymyr (Vova) Kuznetsov as CEO. Now Cyberhaven has four patents. Customers rely on Data Behavior Analytics (DaBA) to help them eliminate risk and tackle the ever increasing challenge of protecting against both accidental and malicious insider threats.

MESA: Cyberhaven has a mantra of sorts: “Keep your Eye on the Data” and protect IP by analyzing data’s behavior, an approach the company calls Data Behavior Analytics. Explain this approach, and how does it reveal intent of data exfiltration and expose insider threats?

Roark: Just like in most sports, the fundamental guideline is to keep the eye on the ball. In this case Cyberhaven believes organizations can detect insider threats by “Keeping an eye on the data.” And like a ball, data is in constant motion and possession determines who wins.

By focusing on the data Cyberhaven’s approach Data Behavior Analytics (DaBA) gives organizations visibility to the entire data journey so that they can really understand what is happening to their data and answer key questions: Who is using it? How? And where is it going?

The detail in the data journey provides all the actions on data from the endpoints, servers and cloud applications that Cyberhaven can monitor. The detailed data journey provides for insights into the intent of users interacting with the data and reveals the necessary detail to speed the forensic process. Organizations will invest significant resources in investigations that many times lead to dead ends. With the deep visibility of DaBA, there are opportunities for organizations to investigate faster and with great effect.

MESA: What are some of the biggest data protection mistakes you see companies make today, especially in the media and entertainment space?

Roark: Everyone gets excited by new ideas and wants to share new ideas and experiences and as a result we are all adopting collaboration software and cloud apps that make it easier to share ideas. Collaboration facilitates bringing our ideas to market faster. As a consequence, all companies are more exposed to both accidental and malicious insider threats. There is increased risk in creative fields, where artists and staff don’t want restrictions or may not be technically savvy. A good idea innocently placed on a personal cloud share like Box easily becomes vulnerable. Social media makes it easy for hackers to track where people work and what their interests are. Unfortunately, those in especially lucrative industries with access to information become targets. All these conditions become exacerbated in the media and entertainment space.

Anything shared in the production process, especially an exotic location in a Facebook picture, can expose the production of a new film. As a result, security best practices in the media industry need to be extremely strict.

“Personal experiences, opinions and information related to pre-release content and related project activities including shooting location, plot points, spoilers etc. should not be shared to any social media platform, e.g. Facebook, IMDB, YouTube, or Instagram,” say CDSA guidelines, “[as well as] personal sharing platforms such as personal Dropbox, iCloud or Smugmug, etc. Personal experiences that occur within a restricted area such as on the set, in the editing room, in the art department may not be shared, no photos from anytime at work should be shared, personal photography within restricted areas is not allowed and may not be shared.”

MESA: There’s widespread understanding in M&E that hacks are going to happen, that it’s not if, but when. How does Cyberhaven approach detection and incident response, to minimize the impact of breaches?

Roark: Given the attractiveness of the smallest information that holds value to obsessed fans and competitors in the media industry, it becomes important to monitor all information from early idea stages through the final production process.

This means that it is a best practice to give employees devices like laptops and phones that can be monitored. Monitoring communications reduces risk by identifying potentially risky behaviors and risky individuals. Cyberhaven allows M&E organizations visibility to the entire data journey so they can see where their data and ideas are going and how ideas are being shared and where ideas are being stored.

This speeds detection and any necessary investigation in the event of a breach. Most importantly it allows the organizations valuable visibility to data usage so that they can educate staff and put the best security practices in place that meet the needs of their unique business.

MESA: What are some of Cyberhaven’s favorite customer success stories, and why?

Roark: Cyberhaven helps organizations see how people and data interact and identify gaps such that other tools and processes can be optimized. This helps organizations prioritize their security spend and determine whether more education of staff is needed, or whether additional tools or actions are needed. We have helped customers in Defense and High Tech Manufacturing and Services including Motorola, ServiceSource, Willdan, IDA and DARPA. In each case we were able to identify malicious insiders that were putting valuable intellectual property at risk. We were also able to improve business processes — especially in the case of ServiceSource to prevent careless errors where accidental cross customer contamination was creating compliance and business risk.

MESA: What’s next for Cyberhaven, what advances and offerings in asset monitoring can we expect from you next?

Roark: Cyberhaven is continually improving our product and service offerings. We are currently offering a Free Managed Services to help companies detect data at risk. Frequent reports highlight where data is being improperly handled or being placed in risky locations. We learn alongside organizations and are then incorporating new features for actionable insights to help organizations prevent data leakage.