While Gen AI tools are useful conduits for creativity, security teams know that they’re not without risk. At worst, employees will leak sensitive company data in prompts to chatbots like ChatGPT. At best, attack surfaces will expand, requiring more security resources in a time when businesses are already looking to consolidate. How are security teams planning to tackle the daunting workload? According to a recent Morgan Stanley report, top CIOs and CISOs are also turning to AI.
Enter: Nightfall AI. For over five years, Nightfall has leveraged the advantages of machine learning to create a convenient, cloud-native solution for data sprawl. Read on to discover five ways that Nightfall uses AI for market-leading data detection and workflow automation.
1. Real-Time Monitoring
According to IBM, businesses that use AI for data leak prevention are “able to identify and contain a breach 28 days faster than those that [don’t].” How do AI platforms empower security teams to react so quickly? In Nightfall’s case, one of those reasons is 24/7 cloud visibility.
For security teams that rely on traditional data loss prevention (DLP) approaches, many SaaS apps have become critical blind spots. “Old-school” methods like network DLP and endpoint DLP can only monitor data by decrypting it in transit or investigating it in endpoint disks—meaning there’s no visibility into the cloud. Nightfall’s AI-fueled cloud DLP “engine,” on the other hand, provides a nimble solution to this issue by seamlessly integrating with SaaS apps to scan hundreds of file and image types from within the cloud itself. And the best part? It’s all in real time.
2. Industry-Leading Detection
ChatGPT and other GenAI chatbots surged to fame because of their ability to understand nuanced conversations. As a neural network, ChatGPT draws on robust data sets to analyze the context of each prompt before formulating a response.
Similar to ChatGPT, Nightfall’s AI-powered detectors use neural network embeddings to identify PII, PCI, and PHI as well as secrets and credentials, all with “Possible,” “Likely,” or “Very Likely” confidence levels.
For example, say a patient submits their social security number (SSN) on a ticket to a healthcare company help desk. Nightfall's specialized SSN detector will scan that ticket to determine if any of the content matches the precise format of an SSN. At the bare minimum, any number that matches the SSN format will be classified as having a "Possible" confidence, even without any additional context. However, if the format matches and the patient includes context around that SSN (such as phrases like "My social is" or "I applied for an insurance policy with my SSN"), then Nightfall will classify the SSN violation as "Likely" or "Very Likely." All in all, these context clues sharpen the accuracy of Nightfall's detectors—and help security teams cut down on false positive alerts in the process.
Curious to learn more about how we build our detectors? This article provides an end-to-end example.
3. Long-Term Evolution
Nightfall has two features in place to hone our detection engine: An option for users to provide feedback about alerts, and an opportunity for users to extend existing Nightfall detectors with tenant-specific rules.
To illustrate the feedback option, let’s go back to our SSN example. If a healthcare company’s security team receives an alert for an SSN-related violation in their Nightfall console, they’d be able to mark the alert as either a “True Positive” or a false positive (whether it’s “Not an SSN” or “Not a violation"). From there, the voluntary feedback is fed into Nightfall's machine learning models. The more feedback that a team submits, the more accurate their detectors become over time.
But what if that same security team wants a quicker solution? Nightfall will guide them through the process of extending an existing detector by creating their own detection rules. The team might choose to raise their detector’s “Minimum Confidence” level to “Very Likely,” and their “Minimum Number of Findings” to five. In that case, the team would only receive an alert if a message or file detects five or more "Very Likely" SSNs. Detection rules can be adjusted to fit any security team's unique goals and risk tolerance. They're also an effective way to streamline workflows and combat "alert fatigue."
4. Automated Workflows
After users customize their detection rules, Nightfall can automate two kinds of responses to violations: Webhook alerts to SIEMs, and end-user remediations to employees who leak sensitive data. Both of of these automated responses serve to minimize overhead, either by consolidating alerts or by educating employees about policy violations in real time. The latter is especially important to consider, given that 74% of data breaches are caused by human error.
5. Low Operational Costs
Generally, AI-powered DLP platforms are much cheaper to install and maintain than traditional DLP methods. From the get-go, Nightfall cuts down on operational costs with an agentless five-minute install. Once customers have settled in, Nightfall streamlines their workflows in a single intuitive console. This console gathers detailed context and metadata surrounding each policy violation, and offers options to remediate those policy violations without having to switch to another platform. In the long term, this not only saves countless hours of work, but also frees up time for security teams to investigate high-priority data leaks before they become costly breaches.
Looking to review projected savings for your business? Nightfall’s free ROI calculator is the place to go.
As Nightfall smoothes over automated workflows and adds more SaaS integrations for tools like Notion, O365, and Teams, we’re looking to take our security solution even further by:
- Adapting transformer models for more powerful and context-specific PII detection
- Researching modality-specific models to better detect code, logs, tabular data, and natural language
Our bottom line? To make our customers’ workflows easier and more secure, wherever they are in the cloud.