Startup Cyberhaven Inc. has raised $88 million to widen the adoption of its namesake cybersecurity platform, which helps companies detect and block misuse of their business data.

The round, a Series C investment, was announced this morning. Cyberhaven says that Adams Street Partners and Khosla Ventures were the lead investors. The round also drew contributions from about a dozen other backers including former engineering executives at CrowdStrike Holdings Inc., Cisco Systems Inc. and Google LLC.

Cyberhaven offers a platform that helps companies track how their internal data is used by employees. The software can, for example, spot cases where a worker copies sensitive customer records from Salesforce to a different, less secure cloud application. Cyberhaven can likewise uncover attempts to download business data onto employee devices.

Some data transfers are more difficult to track than others. There are situations where users don’t move entire business records but rather extract those records’ contents, place the extracted information in a new file and then move that file instead of the original. Data copied in this manner is difficult to track using traditional cybersecurity methods.  

Cyberhaven says that its platform can detect such data transfers. Moreover, the software is capable of tracking files that are encrypted and compressed before they’re transferred between systems. Companies often can’t scan such files to determine if they contain sensitive information, which makes identifying cybersecurity issues more difficult.

Cyberhaven’s platform automatically takes action in response to data transfer attempts that breach cybersecurity policies. According to the software maker, its platform offers a choice between outright blocking unusual data movements and asking users to provide an explanation before they proceed. In cases where the records being moved aren’t particularly sensitive, administrators can have Cyberhaven display information on their company’s cybersecurity policies.

The platform uses a custom artificial intelligence to detect certain types of unauthorized activity. When determining whether a data transfer attempt might be malicious, Cyberhaven’s algorithms take into account not only whether the request is unusual but also the sensitivity of the information being moved. An unusually large file download, for example, might not trigger an alert if it contains publicly-available help desk articles.

“AI introduces new data security risks, from the dangers of ‘shadow AI’ where employees input confidential data into prompts for AI services, to the generation of malicious or inaccurate AI content used in business-critical areas,” said Khosla Ventures partner Ethan Choi. “Cyberhaven’s technology addresses these new threat vectors.”

Cyberhaven says that its bookings tripled in the year that preceded the Series C round announced today. Snowflake Inc., SurveyMonkey Inc. and Motorola Mobility LLC are among the companies that have adopted the company’s platform. Cyberhaven will use the proceeds from the round to grow its installed base and expand its feature set. 

Image: Cyberhaven