- The customer’s platform is built on a complex, yet modern technology stack. Utilizing a combination of custom apps, third-party services, and an observability layer managed through applications like Datadog and Sentry. This cloud native approach means endpoint or network security would not effectively protect their organization.
- Processing billions of dollars of transactions everyday that often contain PII means there is significant risk of PII or Secrets and keys leaking into scan logs and stack traces if they are left unredacted.
- Using just a few lines of code, this company significantly reduced its security liability by automating the inspection and redaction of PII from logs and stack traces.
The CISO who we work with has more than 30 years of experience leading and scaling best of breed security teams and programs. Having worked at a number of leading financial firms including card processors, he has witnessed first-hand how difficult it is to build scalable and robust security programs.
The customer’s platform is built on a complex, yet modern technology stack. The company has a combination of custom apps, third-party services, and an observability layer managed through applications like Datadog and Sentry. This cloud-first approach places API connectivity at the core of all its applications and services. However, this approach also presents challenges when it comes to security, with a large volume of log data flowing into Datadog and Sentry. The CISO is chiefly concerned with the risk of sensitive information in logs and stack traces.
This is certainly not a unique problem; in the course of application development developers may accidentally encode sensitive information inside logs and stack traces. This can result in the leakage of PII and secrets. If an external party ever gets access to these logs (such as in the Solana Slope Wallet Breach) it can result in a breach. Such data can remain undetected in logs for years, which is what happened at Facebook. Part of maturing an engineering org involves developing systems to reliably remove sensitive data at scale, because as the risk of sensitive data leakage can grow proportionately with the amount of data being processed. As one of the largest fintech loan platforms, trust is a core aspect of our customer’s brand, making it vital that it take a proactive approach on this issue. This led the company’s security team to adopt the Nightfall Developer Platform to scan logs and stack traces for PII, API keys, and more.
Why the company adopted Nightfall?
Building & hosting highly accurate, ML based sensitive data classification algorithms is no simple feat, especially at terabyte scale. Our customer realized early on that they needed something API-based that could abstract this away and seamlessly integrate with their applications. Nightfall’s fully cloud-native data leak prevention solution was the perfect solution.
Initially, our customer used the native security features of Sentry and Datadog, but found the basic regular expression (regex) capabilities lacking. These solutions led to a high rate of false positives, adding substantial work for the security team. “Sentry and Datadog have some basic features, but it is regex-based. Any system that is just purely regex based has a high number of false positives,” the CISO says.
How are they using Nightfall?
Our customer leverages the Nightfall Developer Platform to create workflows that check for sensitive data at multiple stages in their data processing, including within logs, stack traces, and data stores. With the ability to scan over one million logs a day, Nightfall sits between our customer’s applications and service layer and its SIEM, playing a critical part in the company’s DevSecOps workflow. Any sensitive data in the company’s logs is automatically redacted before being logged into Sentry. Simultaneously, this code is pushed back to developers for re-review, so that any code generating leaking logs or stack traces is removed.
Based on the customer’s success with Nightfall, they have now removed many of the native controls their tools have in place, and replaced them with Nightfall. The company has achieved robust protection and the elimination of manual work.
With Nightfall, the company has moved beyond a checkbox security approach to a proactive security posture, which has ultimately led to a reduction in financial and breach risk. This was achieved by leveraging the versatility of the Nightfall platform. They have found that the platform’s high accuracy in detecting sensitive information, as well as its ability to automate the removal of sensitive data saves substantial time for the security team.Nightfall’s ability to scan a wide variety of content from text, files, images, and more also offers a complete solution, helping our customer consolidate security vendors.This makes Nightfall a trusted partner when it comes to checking data across the company’s infrastructure, providing a significant peace of mind. For the company, proving the ROI of Nightfall has been easy because of how quickly he was able to integrate it into our customer’s workflow and see immediate results.