Challenges
With its growing employee base and adoption of a hybrid work model, SimpliSafe was looking for a better way to secure PII, PCI, and other sensitive information in their internal chat messaging environment in order to remain compliant with leading standards like PCI-DSS and CCPA.
“We wanted to have a better oversight of content that’s posted on Slack that may contain sensitive information,” explains Christopher Zaino, Information Security Engineer II at SimpliSafe. “We care about securing our customers, and in order to best secure them, we need to secure ourselves first.”
In addition to enhancing its visibility across internal messaging channels and files, SimpliSafe also aimed to increase its data leak prevention (DLP) coverage while automating processes and decreasing its operational costs in switching from its previous solution. With an AI-powered DLP solution like Nightfall, SimpliSafe also endeavored to create more lasting change: to educate users, minimize sensitive data sharing, and, ultimately, shift their security culture over time.
Solutions
Hi-res visibility in Slack
After onboarding Nightfall, SimpliSafe noticed enhanced detection for API keys, passwords in code, credit card numbers, and other specific data types. SimpliSafe also commended Nightfall’s detection of images, describing how it can “analyze images and extract PII from it.”
“Having that visibility was huge. Our first historical scan gave us some insight into what data sprawl already existed, and offered a clear path to remediation."
Nightfall’s industry-leading detection engine is powered by top-of-the-line AI, including Convolutional Neural Networks (CNNs), transformer models, Large Language Models (LLMs), and image classification models. These models, which include over a hundred million parameters, contribute to Nightfall’s advanced detection of PII, PCI, and other sensitive information. Compared to the competition, Nightfall’s sensitive data detection is 2x more precise, leading to 4x fewer false positive alerts and a 4x reduction in costs, not including additional time savings from workflow automation.
“Nightfall gives us peace of mind. I can rest assured knowing that if someone shares something they shouldn’t in Slack, then Nightfall will be there to remove it.”
Automated security workflows
“With Nightfall, our workflows went from ‘ad-hoc’ to ‘streamlined,’” Zaino says. In part, this streamlining effect is thanks to Nightfall’s fine-tuning options as well as its automated remediation and coaching features.
While legacy DLP solutions are static and don’t learn over time, AI-powered DLP solutions like Nightfall empower users to flag findings as false positives and provide business justifications so that detectors can learn and adapt to specific business use cases over time.
“After fine-tuning our detection engine, we could streamline our security workflows by letting Nightfall run in the background.”
Furthermore, Nightfall also offers automated remediation such as redaction, deletion, quarantine, and more—all from within notifications that are sent directly to Slack. In addition to sending alerts to SimpliSafe’s security team so issues can be quickly remediated, Nightfall also sends automated notifications to employees when they violate SimpliSafe’s security policies.
“Nightfall makes communication with the organization easier,” Zaino explains. “When people share sensitive information, we can flag it and let employees know to use more secure means.”
Conclusion
At Nightfall, our mission is to help organizations like SimpliSafe to strengthen their security posture by providing enhanced visibility across business-critical SaaS apps like Slack, along with automated remediation and coaching workflows to lessen security team workloads. For the past three years, these core features have empowered SimpliSafe’s rapidly growing employee base to learn more about security policies, data sharing best practices, and more.
“Nightfall helps us apply best practices with our employees and ensure any sensitive data is kept secure,” says Zaino. “We’re committed to protecting our customers’ privacy just as vigilantly as we protect their homes. Nightfall is a key partner in helping us deliver on this promise.”