Nightfall Product Updates & News: April 2025

Managing endpoint security just got easier with Nightfall. Our latest updates enhance device management for endpoint security and expand data protection to give security and IT teams greater control with less overhead.

Here’s the latest updates and features from Nightfall at a glance:

• Simplified device management—Remove disconnected devices while maintaining security.
• Stealth mode for macOS—Deploy Nightfall discreetly without disrupting users.
• Clipboard paste monitoring—Detect and prevent data leaks from copied content.
• Smarter API key and password detection—Automated learning improves accuracy and reduces false positives.

Read more on how these updates help keep your security posture strong while minimizing distractions and unnecessary alerts. 

Update: Disconnected Devices Can Now Be Removed

Clean up monitored device lists by removing devices that are no longer in use. Manage device inventory more efficiently, especially when devices are re-assigned, decommissioned, or sent back to storage. This update brings more streamlined device management experience, reducing clutter while maintaining full visibility.

What’s new:

• Declutter endpoint management: Remove inactive or reassigned devices from the monitored list to ensure a more organized console.
• Prevent unnecessary investigations: Reduce false alerts from dormant, stored, or seasonal-use devices, minimizing investigation overhead in long disconnection periods.
• Maintain security without uninstalling agents: Allow devices to resume monitoring when reactivated, ensuring continuous protection.

How to manage reassigned or loaner devices without losing security controls

• A company frequently reassigns laptops to different employees, and some devices go unused for weeks or months before being redeployed.
• The security team works with IT to remove inactive devices from the monitored list but keeps the Nightfall agent installed so that devices automatically resume monitoring when they are reassigned and come back online.
• Provides seamless security coverage while keeping the monitored device list relevant and up-to-date.

Update: Stealth Deployment Mode for macOS Endpoints

This update for macOS endpoints allows customers to silently deploy the Nightfall agent without any visible UI elements. Configure the Nightfall macOS agent to run discreetly, ensuring seamless monitoring without user distraction in the macOS UI. 

What’s new:

• Enable hidden deployment on macOS endpoints.
• Completely hide the Nightfall UI from end users, with no icon in the macOS status bar and no application visibility in the applications folder when viewed in Finder.
• Support silent deployment for manual or MDM installations.

How to ensure continuous endpoint monitoring without employee disruptions

• A company wants to enforce data security policies but also wants to minimize user distractions and concerns about monitoring.
• Silent deployment allows IT and security teams to monitor data movement without employees seeing or interacting with the Nightfall agent.
• Nightfall maintains a balance between security enforcement and user experience, reducing unnecessary friction.

Update: Clipboard Paste Support for macOS Is Now Available For Early Access

Clipboard paste monitoring extends Nightfall’s insider risk protections to cover pasted content in unsanctioned destinations. Users now have expanded visibility and control into clipboard paste events.

What’s new:

• Monitor paste events to unsanctioned browser destinations: Detect when users paste content into unapproved web domains, providing critical visibility into potential data leaks.
• Leverage Nightfall’s industry-leading detection engine: Identify sensitive data in pasted content using the same advanced detection capabilities available across our platform.
  
  • Detect PII, PCI, PHI, secrets, credentials, and custom document types before they are exposed.
• Scope monitoring for greater precision: Define policies based on:
  
  • Web domain source and destination such as pasting from an internal site to an unsanctioned external service.
  • Content type such as only monitor pastes containing sensitive data.
  • User groups such as applying stricter policies for high-risk employees.

How to enforce custom policies based on data type sensitivity

• A financial firm only wants to monitor clipboard pastes involving PCI or PHI but allow other data types.
• Content-aware detection scopes policies to trigger events only when regulated data types are copied and pasted to external destinations.
• Reduce alert noise while focusing enforcement on high-impact data risks.

Update: Automated Supervised Learning for API Key and Password Detection

Nightfall’s Automated Supervised Learning (ASL) automates model retraining based on real-time customer feedback, enhancing detection accuracy and scaling our support across all customers.

What’s new:

• Enhanced detection accuracy: Continuous updates improve precision and recall, increasing trust in automated remediation.
• Scalable feedback-driven improvements: ASL implements feedback across the entire customer base, enabling faster, broader detection improvements.
• Boosted operational efficiency: Automation reduces manual work, freeing data science and tech support resources for strategic initiatives.

Determining genuine alerts from benign anomalies for fine tuned results

• Detecting password sharing poses a unique challenge, as users may employ shortened or coded words that can be easily confused with legitimate data. For instance, an event company might share a day pass number like "your event day pass 345dw35" in an innocuous context, whereas an insecure password sharing instance might appear as "Bob, your account pass is 345dw35." By learning these contextual nuances from user feedback, the Nightfall model can distinguish between acceptable data sharing and risky password disclosures, reducing false alarms and improving detection accuracy.
• The Nightfall ID Number model may initially interpret several eventIDs in company logs as SWIFT bank codes—both being high entropy words. When a user flags these alerts as false positives, the model learns to recognize the contextual differences and stops triggering on those patterns.
• The Nightfall Computer Vision model once confused Brazil ID cards with AMEX cards due to similar layouts and green textured backgrounds. After users marked these detections as false positives, the model adjusted its parameters, reducing incorrect triggers and enhancing overall accuracy.

Nightfall reduces alert noise and minimizes the need for constant manual intervention by incorporating real-world feedback. Each of our customers can fine tune their scans to fit the needs of their unique challenges and distinct data sets without the need for manual regex tuning.

Stay up to date with Nightfall

We’re continuously adding new features and updates to Nightfall in our quest to make endpoint security and data protection more efficient, seamless, and intelligent. From decluttering device management to enhancing detection capabilities, these improvements help security and IT teams stay ahead of threats while minimizing friction.

Stay tuned for more new and exciting updates coming soon!