Skip to main content

Platform FAQs

Where is Cyberhaven hosted?

Google Cloud Platform. Each customer instance resides in a dedicated Google Cloud Platform (GCP) project using Google Kubernetes Engine (GKE).

Can content inspection be customer-hosted?

Yes, this component can optionally be isolated from Cyberhaven SaaS.

How is Cyberhaven secured?

Cyberhaven leverages all the agility and security that comes with a cloud generation created solution. Please see Kubernetes Security Concepts and Google Cloud Platform Certifications. Cyberhaven also uses StackRox for container intrusion detection and vulnerability scanning. Additional documentation about security & privacy policies, architecture, Cloud Security Alliance CAIQ, penetration test reports and SOC-2 Type II compliance are available upon request.

What technologies are used in Cyberhaven?

Kubernetes, ElasticSearch, Kibana are some of the open-source, highly scalable solutions that Cyberhaven's solution leverages, allowing Cyberhaven to tie together multiple data flows from disparate systems.

Is there a BC/DR plan in place for Cyberhaven?

Yes. Cyberhaven leverages horizontally and vertically redundant systems and can be scaled to effectively eliminate outages, based on the financial investment from the purchasing company.

Is my company's data commingled with other clients using Cyberhaven?

No. Each customer deployment resides in isolated projects in Google Cloud Platform (GCP).

Does my company's data get stored in Cyberhaven?

No. Cyberhaven stores metadata about the content attributes, NOT the actual content itself.

Does Cyberhaven encrypt data in transit and at rest on the cloud servers?

Yes. Using the Google Cloud Platform Disk and Data encryption. Communication with endpoints takes place using TLS.

Is it possible to backup data captured to my company's infrastructure?

Yes. Cyberhaven can schedule regular backups of the raw data indices and can export them via an API connection to the ElasticSearch backend.

What is the resource consumption of Cyberhaven on an endpoint?

Installation Package Size:

  • ~41 MB for Windows MSI
  • ~127 MB for macOS PKG

Disk Usage:

  • 1 MB/user/day on average.
  • Up to 600 MB of file system storage used for logging at the highest level of logging on endpoint sensor log directories.

CPU/Network/Memory: In a PCMark benchmark that simulates the worst-case scenario for Cyberhaven Lightbeam, we measured the average CPU usage of 1.9% and memory usage of 530 MB. The endpoint sensor produces two types of traffic -

  • Event Inspection: estimated at ~100-200 events of 10 KB per day per user.
  • Content Inspection: 200 MB per day per user. This is an estimate as this depends on how much data a user is emailing/downloading/uploading as each newly observed file is scanned for content.

How does an agent authenticate to the backend?

To authenticate a new agent to the Cyberhaven backend service, a JSON Web Token (JWT) is used upon first installation. When an agent first registers with the Cyberhaven service using the installation token, a secondary JWT is generated that is uniquely associated with the new agent.

Cyberhaven uses the machine-specific token to associate data transmitted to the backend service with the system the JWT was issued to using a TLS session. This also restricts the attack surface of forged data being sent to the Cyberhaven platform to only devices which may have had their JWT compromised to attackers.

When and how does Cyberhaven calculate a hash value?

A hash value is calculated using MD5 when a file is downloaded, uploaded, on One drive client events (uploads / downloads from sync client) and Outlook email events (adding and saving an attachment). For performance reasons Cyberhaven does not calculate a hash on local file moves, Office edits or network share uploads / downloads.

How are policies prioritized?

Blocking policies take priority over warning policies.

What's the difference between a User and an Admin role?

The user doesn't have an access to the : cloud sensors page, endpoint sensors page and settings page (which includes user management, beta features, content inspection and auth provider).