Introduction
The Deepwatch team of over 400 experts offers round-the-clock threat detection and response to enterprise customers. As a leader in managed security, Deepwatch turns to Nightfall AI for 360-degree cloud coverage, visibility into generative AI tools like ChatGPT, and seamless security workflows.
Challenges
Deepwatch, the leading managed security platform for the cyber resilient enterprise, chose Nightfall AI to accomplish three main goals:
- Improve cloud visibility to SaaS apps and generative AI (GenAI) tools like ChatGPT
- Streamline workflows and minimize false positive alerts
- Mitigate insider risk through education of security policies
Deepwatch provides managed detection and response, and actively works as an extension of other enterprise security teams. Nightfall AI helped Deepwatch achieve their goals and improve their own rigorous security posture.
Solutions
Improving visibility across the cloud
As a cloud-based security platform that spans several highly regulated industries, Deepwatch needed to detect a wide range of data, from PII and PHI to secrets and keys. However, Deepwatch’s past cloud DLP solution didn’t provide satisfactory visibility or remediation options for SaaS apps and GenAI tools like Slack, Jira, Salesforce, Confluence, Google Drive, or ChatGPT.
“The switch to SaaS apps leaves a very large hole that not a lot of solutions can fill… But I can say from my experience that Nightfall AI has brought us a solution at every corner.”
“We solved for the cloud [visibility] piece by plugging Nightfall into our APIs,” explains Mason Goshorn, Deepwatch’s Information Security Engineer. “We turned on every single detector, and got such good visibility that we then were able to scope down and use built-in metrics to determine which detectors we cared about the most.”
“Nightfall catches scenarios that we wouldn’t have thought of.”
Nightfall’s real-time visibility and remediation came in particularly handy with the recent rise of GenAI. When Nightfall reached out with news about the Nightfall for ChatGPT extension, Goshorn had already been thinking about how Deepwatch could protect against ChatGPT: “I didn’t need to develop that custom level solution because Nightfall, as an industry leader, was already thinking about it.”
Creating accurate, automated workflows
Deepwatch’s previous cloud DLP solution relied on regexes for sensitive data detection. They also had a lengthy remediation process that stole valuable response time. When looking for a new solution, Deepwatch prioritized detector accuracy as well as lower operational costs. They turned to Nightfall with those two “must-haves” in mind.
“[Nightfall] provides sub-second responses to policy violations.”
Unlike many competitors that rely on regex-based detection, Nightfall deploys neural network embeddings to understand the context surrounding possible violations. The result? Significantly increased accuracy and fewer false positive alerts. As an added bonus, each of Nightfall’s detectors can also be fine-tuned according to customers’ specific policies and risk tolerances. “Nightfall has the best true positive rate out of any other tool I’ve used,” says Goshorn. “Now, when [an alert] comes in, it’s guaranteed to be something that needs immediate eyes on it.”
“I don’t think there’s any tool that beats [Nightfall] on timed remediation.”
However, the benefits of AI-powered DLP go far beyond accuracy. Deepwatch leverages Nightfall’s AI capabilities to automate alerts and remediate violations from Slack. This significantly reduces not only the cost of monitoring, but also the time it takes to respond to a violation. Goshorn weighs in: “From an admin perspective, [alerting and remediation] over Slack is super useful. From a security perspective, the fact that I can set automated response actions in my policies that instantly redact or quarantine [makes] workflows super smooth.”
“I don’t recall any other product that fits what Nightfall does, and that has the same workflow and priorities… Since onboarding Nightfall, [getting alerts via Slack] has allowed us to be more streamlined and fluid.”
Mitigating insider risk
Nightfall has “Next-level maturity when it comes to insider risk or data loss prevention in cloud apps,” says Goshorn. This is, in part, due to Nightfall’s end-user remediation feature, which serves a twofold purpose: First, it provides an opportunity for end-users to learn about company policies in highly specific situations, thereby reducing insider risk. Second, it significantly reduces security team workloads by encouraging employees to remediate sensitive data themselves.
“It’s nice to know that we’re covered from that [insider risk] scenario. It gives us peace of mind.”
Conclusion
Overall, Deepwatch improved their cloud visibility, streamlined their security workflows, and mitigated insider risk, all with the help of Nightfall AI's innovative and efficient platform. “Accuracy and speed are the main reasons I’d recommend Nightfall,” summarizes Goshorn. “Now I have no doubt that if someone puts something in Google Drive or Slack, I’m going to know about it and respond [quickly] to it.”
However, Goshorn went on to say that there’s more to a good security solution than just the product itself. “I have a very high level of confidence in what the Nightfall product does and what their people do. That’s not always the case for security tools. You might be confident in the product, but not in the people. Having both sides makes Nightfall a great holistic offering.”