Artificial Intelligence & Machine Learning
,
Data Security
,
Data Security Posture Management
Integrated Tools Across Generative AI Security, DSPM, DDR Key to Growth Strategy
A data protection startup led by an ex-Nutanix and Palo Alto Networks executive raised $100 million to expand into data security posture management and generative AI security.
Cyberhaven said its Series D funding round will help the San Jose, Calif.-based company move beyond its core strength in data detection and response and get full visibility and control over data in motion and at rest. The money will help Cyberhaven address risks from prompt-based data exposure as well as access control issues posted by AI copilots and search tools such as Microsoft Copilot and Glean.
“We think data security is going to consolidate rapidly,” CEO Howard Ting told Information Security Media Group. “It’s going to become more of a platform play. You can’t be a single product company in this market to really be successful, you’ve really got to deliver a portfolio of products in an integrated platform to address all of the use cases that customers are looking for.”
Cyberhaven, founded in 2015, employs nearly 200 people and has raised $250 million, with the company closing a $88 million Series C funding round in June 2024 led by Adams Street and Khosla Ventures. Before joining Cyberhaven in June 2020, Ting spent five years on Nutanix’s marketing team, nearly four years on Palo Alto Networks’ marketing team and 18 months as a Cisco product manager (see: Cyberhaven Secures $88M to Strengthen Data Security Platform)
Customers are demanding broader solutions from a single provider, Ting said. By owning both the data-in-motion and data-at-rest layers, Ting said Cyberhaven aims to build a unified platform that secures data across all states and surfaces. Cyberhaven’s goal is to own the data security platform layer, making it easier for customers to unify their controls and response mechanisms across diverse data contexts.
“Customers are asking us to help them with DSPM and Gen AI security,” Ting said. “So we’re investing aggressively on both of those fronts. We’re both building internally and evaluating companies that we could acquire in the market on those fronts.”
How Cyberhaven Stacks Up Against the Competition
Ting sees two core challenges in Gen AI security: preventing users from exposing sensitive data to public LLMs such as ChatGPT and controlling access to internal data indexed by AI-powered copilots such as Microsoft Copilot or Glean. Cyberhaven has addressed the first issue with its expertise monitoring data in motion, with tools in development to control AI-generated responses based on indexed unstructured data.
“DDR is really about understanding movement of data and then being able to use that understanding to be able to classify and then protect it,” Ting said. “So, we’re really good on the data in motion, and then DSPMs are really good at data at rest. Putting these two solutions together will create a pretty powerful platform.”
Cyberhaven competes against traditional data loss prevention vendors including Symantec and Forcepoint, modern infrastructure companies such as CrowdStrike and Zscaler and emerging data security startups and pure-plays such as Cyera. Modern incumbents are the toughest competition because they bundle products and offer “good enough” solutions for free, but Ting said good enough technology isn’t acceptable.
“The buyers generally that I talk with, they don’t believe that data security is an area that you should buy a good-enough product,” Ting said. “One mistake can be catastrophic for your company. You let the wrong intellectual property out into the world, you have a whistleblower, you lose a lot of intellectual property during an acquisition.”
Cyberhaven historically worked with technology, pharmaceuticals or advanced manufacturing firms with sensitive intellectual property, Ting said. As Cyberhaven matures, the company is moving upmarket to larger enterprises and seeing increased traction in other sectors such as energy, healthcare, banking and retail. Serving more regulated and complex sectors opens up a broader addressable market.
“We are broadening out. We’re getting pulled into more and more of the broader verticals,” Ting said. “And then we’re also going upmarket. Historically, we probably were more in the mid-market and smaller enterprises was their sweet spot. But now, we’re getting a lot more in the larger enterprises. That’s how it’s evolved over the past couple of years.”