Challenges
Though Exabeam had a previous data leak prevention (DLP) solution in place, the solution didn’t offer the visibility or remediation options that Exabeam was looking for.
First and foremost, Exabeam wanted more comprehensive protection for their secrets and unstructured intellectual property (IP) in SaaS apps like ChatGPT, GitHub, and Jira, just to name a few. “Our team had tools to do this, but those tools only worked in specific environments and pipelines,” says Alexander Koshlich, Director of Information Security. “We wanted wider visibility.”
However, visibility was only one component of Exabeam’s goal to prevent sensitive data exposure; they also wanted to empower their employees to have better security hygiene. With these two core goals in mind, Exabeam turned to Nightfall to improve their scrupulous security posture, as well as to ensure continuous compliance with leading standards like SOC 2 and ISO 27001.
Solutions
360-degree visibility
Nightfall offers over a dozen native integrations, each of which plugs in seamlessly to SaaS and GenAI apps via APIs. These integrations are also powered by Nightfall’s AI-powered detection engine, which has 2x the precision and 4x fewer false positives than the competition. With these advantages in performance, Nightfall was able to upgrade Exabeam’s visibility across their integrations.
“Nightfall opened up additional coverage for us. We saw value in extending that coverage.”
“Before Nightfall, we had a lot of noise because we were dealing with a wide variety of logs and data sources,” explains Koshlich. However, with Nightfall, Exabeam saw a drastic 60% reduction in noise, paired with a true positive rate over 90% for detecting secrets, like passwords. “It’s a whole different level of detecting things we care about.”
Stronger culture of security
Following their increased visibility, Exabeam was able to pinpoint and remediate more passwords and API keys in code, logs, and other data sources. There are two components to this: Nightfall’s automated remediation feature, as well as our Human Firewall feature. Both of these features come together in Nightfall’s user-friendly UI, which allows security teams to get all the information they need about a given violation within a single glance.
“Nightfall’s UI allows security teams to investigate more quickly, starting right from the first alert… From our platform, we have a wide view of security practices by our users, and any anomalies in user behavior. This component is very valuable. For instance, if a user is departing, and we get a DLP alert, that’s a big deal.”
Along with Nightfall’s enhanced detection accuracy comes the opportunity to fully automate remediation processes—without causing any blockages in the business. Automated remediation not only helps security teams to respond to policy violations more quickly, but also to save hours on monitoring and remediation workflows each week. “Before, it would take weeks to remediate a violation. Now it takes hours,” says Koshlich.
Nightfall’s Human Firewall feature also helps to offset security team workloads by notifying employees when they violate a security policy, and encouraging employees to remediate violations themselves. “Now, we’re able to push work left to individuals,” Koshlich explains. "We let Nightfall handle the conversation [with employees]. Nightfall notifies employees when they share data that they shouldn’t. Then, as part of the notification, Nightfall helps us provide them with ‘best practice’ guidance for remediating their own policy violations.”
Furthermore, Nightfall also keeps track of employees who tend to violate security policies often, and who might need extra guidance. “These insights help us to create more targeted best practices and guides to improve our security culture over time,” Koshlich adds.
Conclusion
At Nightfall, our ultimate goal is to help companies like Exabeam to improve their overarching security posture by providing unmatched visibility and granular remediation options, as well as by aiding them in empowering employees to have a stake in their company security. “With Nightfall, we’re more confident that our secrets are being handled correctly,” says Koshlich. “We’re able to seamlessly align Nightfall’s security capabilities to our best practices.”