Maintain and automate
SOC 2 compliance

Nightfall helps automate ongoing SOC 2 compliance so you can improve your security posture, drive revenue, and build customer trust.

Get a demo

What is SOC 2?

SOC 2 is the most commonly requested security framework from clients for rapidly growing service organizations in sectors such as finance, healthcare, technology, and education. Certification demonstrates your organization's internal controls over data and systems, helping prove that you will properly safeguard the privacy and security of data.

Why you need cloud-native DLP for SOC 2

DLP should be deployed in order to stay SOC 2 compliant. Nightfall supports these requirements through its monitoring, notification, and automated remediation for the following sections of SOC 2:

CC6.7 requires restricted transmission, movement, and removal of information to authorized internal and external users and processes. DLP is specifically mentioned, with Nightfall meeting the standard to restrict the transmission and movement of data.

CC6.6 requires the implementation of access security measures. Cloud-native DLP provides coverage of BYOD device access for cloud apps, which agent-based approaches often cannot cover, making it a Boundary Protection System. Nightfall further supports this requirement by detecting and removing identification and authentication credentials that could be accessed to enable system boundaries to be compromised.

CC6.1 requires the implementation of logical access security software over protected information assets to protect them from security events to meet the entity's objectives. DLP identifies and protects sensitive data such as PII or API keys.

CC2.2 requires employees to be trained and informed of their objectives and responsibilities under SOC 2. Nightfall’s automated responses to end users provide real-time security awareness training that is specific to the violation identified.

Pain free audit readiness and compliance reporting

Scan and assess the risk across all your cloud applications to ensure you stay compliant and avoid potential fines or data breaches.

Report on compliance in a consolidated view

Reduce the burden of completing annual audits with continuous data monitoring, and move your organization from a point-in-time to a continuous security and compliance model.

Centralized security management

Leverage Nightfall's built-in dashboard or out-of-the-box SIEM integrations to manage all your cloud data protection and data classification in one place.

Use Automation to reduce ongoing compliance costs

Reduce the time your security team spends managing violations and alerts. With Nightfall's market-leading detection accuracy, automation, and easy-to-use dashboard, you can take the pain out of ongoing compliance.

Reduce false positives with machine learning (ML) detection

High-accuracy ML detectors with an out-of-the-box PHI template to highlight the highest-risk data items, reducing the time spent triaging security alerts

Automate compliance tasks

Automate the remediation for security alerts to reduce manual work and dramatically reduce time of data exposure. Manage all of the security tasks in your SIEM or Nightfall dashboard

Educate and train
employees

Scale your operations by educating users and encouraging security best practices - aiding ongoing compliance with your contractual obligations.

Reduce your teams ongoing security training workload

Leverage automatic training notification to train employees, making your organization well trained on compliance. This also reduces the workload on your security team and allows them to remain focused on high-priority and strategic work.

No end-user impact

With Nightfall's agentless deployment there is no blocking of network traffic or device latency, helping empower and educate users - ensuring productivity is not impacted.

How CapitalRx uses Nightfall to maintain SOC 2 compliance

Capital Rx processes pharmacy benefits claims and provides clinical oversight to employers, unions, municipalities, and health plans.

Challenge

Capital Rx must maintain compliance when handling data in the cloud, specifically protecting the confidentiality of PHI to maintain SOC 2 and HIPAA compliance. With hundreds of users on Slack, the Capital Rx technology team needed a way to ensure that PHI would not be exposed when messages and files were sent via Slack.

Solution

During one 30-minute onboarding call CapitalRx added Nightfall to Slack, allowing them to discover and remediate sensitive PHI. Deployment of Nightfall also did not block users, allowing the team to share PHI and other sensitive data in a secure and sanctioned way. The security team also got a boost in productivity with inbuilt automation.

Quote

“We're able to get ahead of very expensive data exposure incidents that could violate HIPAA requirements, which can run easily to thousands of dollars per member record affected.”
Ryan Kelly
CTO