Security teams can respond 80% faster to events with Cyberhaven’s AI-powered data lineage tools

Enterprise staff are wanting to reap the benefits of AI instruments — whether or not their employer likes it or not. This unapproved use, what’s generally known as shadow AI, is growing dramatically: As a lot as 96% of the work workers do with AI is thru non-corporate accounts. Whether or not executed inadvertently or maliciously, this may leak an enterprise’s extremely delicate and proprietary information. 

Safety platform Cyberhaven says it could actually resolve this drawback by monitoring information lineage, or information lifecycles throughout totally different customers and endpoints. The corporate has particular giant lineage fashions (LLiMs) for this job, and at the moment is saying Linea AI, the following era of it platform meant to assist cease shadow AI and predict what flagged incidents could also be most harmful. 

“It manifests itself on this type of lineage: You perceive the place information is coming from, who has had entry to it, throughout all of the totally different endpoints, throughout all of your customers,” Nishant Doshi, Cyberhaven’s chief product and improvement officer, instructed VentureBeat in an unique interview. 

90% discount in incidents requiring guide evaluate

In keeping with Cyberhaven’s evaluation of the workflows of three million staff, AI utilization grew 485% between March 2023 and March 2024, and workers are more and more sharing delicate information: Almost 83% of authorized paperwork and round 50% of supply code, analysis and improvement supplies and HR and worker data that workers share with AI are going to non-corporate AI accounts. 

To assist forestall this unsanctioned use and shield delicate firm information, Linea AI makes use of an LLiM skilled on billions of actual enterprise information flows. Geared up with pc imaginative and prescient and multi-modal AI, it is ready to analyze information from photographs, screenshots, technical diagrams and different supplies. A brand new “Let Linea AI Resolve” characteristic now autonomously assesses coverage violations and gauges incident severity to assist reduce down safety operations heart (SOC) alert fatigue. 

“So similar to the big language mannequin (LLM) which is predicting the following phrase, we’re predicting what the following actions are going to be,” Doshi defined. 

Cyberhaven claims that, because of this, prospects are seeing a 90% discount in incidents requiring guide evaluate, and an 80% drop in imply time to reply (MTTR) to safety incidents associated to information safety. The corporate’s instruments are capable of uncover 50-plus important dangers monthly not detected by conventional instruments. 

“Cyberhaven reveals us precisely how our information strikes and is used throughout the group, giving us visibility not discovered with conventional safety instruments,” stated Prabhath Karanth, CSO and CIO of household monetary app Greenlight. “Now we’ve a single platform that not solely covers conventional information loss prevention (DLP) and insider threat administration however really understands how individuals use information throughout our complete group.” 

Doshi defined that, whereas conventional approaches have centered on sample matching — figuring out community and information patterns to detect anomalies and vulnerabilities — Cyberhaven performs content material and context inspection. That’s, its platform examines information and offers context round it primarily based on lineage traces. 

“So for those who obtain one thing, you ship it to me, I ship it to a different 5 individuals, they ship it to a different 5 individuals — that’s lineage,” Doshi defined. 

How Cyberhaven protects enterprises’ most beneficial information with AI

Cyberhaven’s providing is powered by frontier AI fashions and a transformer neural community structure. It makes use of a multi-stage retrieval-augmented era (RAG) engine to fine-tune its LLiM to research an enterprise’s most beneficial information and “get to the needle within the haystack,” stated Doshi. 

The platform performs clever screenshot evaluation, which has been a “persistent blind spot” in information safety, stated Aaron Arkeen, senior safety engineer at earned wage entry platform DailyPay.

So, as an illustration, say a safety workforce desires to forestall screenshots from leaving the corporate — there may very well be hundreds, and so they need to undergo each to find out whether or not it’s a innocent cat meme or a screenshot containing product schematics. 

“It’s onerous to detect, not to mention forestall, the exfiltration of engineering designs, AI fashions, analysis information, product roadmaps,” stated Arkeen.

Maintaining tabs on customers

Cyberhaven is now taking cybersecurity a step past detection with its new autonomous, AI-powered Let Linea Resolve characteristic that sifts via information and person logs to assist safety groups perceive incident severity. The platform understands screenshots, PDFs, supply code and different digital supplies and may present context primarily based on information lineage, Doshi defined. It could possibly then discern whether or not a particular incident must be checked out by human analysts.

“We’re attempting to foretell the following motion primarily based on all of the historic data that we’ve acquired: That is an anomalous occasion, or this can be a benign occasion,” stated Doshi. “We name that information comprehension, since you actually are wanting on the information and understanding that information in-depth.” 

Arkeen defined that with regards to insider threat, safety groups carry out enhanced monitoring to create flows of details about particular customers which have been flagged as heightened threat (primarily based on any variety of elements).  

“Let’s say I put enhancement on you, you have been busy at the present time, 150 occasions have been generated,” he stated. “I must undergo every a type of manually, decide ‘That is enterprise as normal.’ ‘This one seems somewhat suspicious.’ ‘This one seems actually suspicious.’ And I nonetheless produce other ones to undergo after that. What Linea AI is ready to do is select those which might be of suspicious nature or require additional evaluation, and I’m capable of save all that point.”

As an example, the platform has been capable of detect customers sending information to their private OneDrive accounts or syncing delicate recordsdata to iCloud, stated Doshi. A malicious step past that’s workers leaving an organization and making an attempt to take delicate information with them. 

“We will in actual time forestall customers or a set of customers from importing delicate information to those public LLMs,” stated Doshi. “We will warn them and in addition educate them” once they’re doing one thing inadvertently or naively. 

DailyPay, for its half, has been capable of cut back MTTR by 65% as a result of Linea offers a digestible AI abstract, stated Arkeen. Typical information loss prevention (DLP) instruments require quite a lot of personnel sources to achieve that type of visibility. 

He appeared into different DLP suppliers together with NetSkope, Dtex Techniques and Subsequent DLP, however finally settled on Cyberhaven due to its information lineage technique. It was not like something he’d seen within the {industry}, he stated. 

“It saves us quite a lot of time on escalation and triaging and in addition prevention,” stated Arkeen. “Linea AI constantly identifies nuanced dangers that conventional programs will completely miss.”