Nightfall’s Detection Engine Makes Creating Custom DLP Workflows Easy
We’re excited to announce a new feature of the Nightfall platform: the Nightfall detection engine. With the detection engine, security teams can now more granularly customize when and how PII, PHI, secrets/credentials, and other business-critical data are detected within their cloud environments. Read on to learn more about the detection engine and how you can make the most of it.
Discover, classify, and protect data on your terms
As the Nightfall platform continues to evolve, we’re implementing more ways for organizations to have direct control over tailoring the platform to their specific needs. The detection engine does just that, giving users more granular control over what Nightfall detects when it triggers a detection, and what actions are taken as a result. This added layer of granularity helps teams better protect data based on their specific needs and further increases the accuracy rate of Nightfall alerts.
For example, let’s say you are only interested in detecting email addresses when there are 10 or more findings, all with very high likelihoods, while also detecting Social Security numbers at any likelihood and frequency. Or, let’s say that any Social Security number preceded by “Sample SSN” in the prior 20 characters is known to be a dummy SSN, and thus a false positive if detected. These examples are both the exact type of nuance you can now capture with the detection engine.
How does the Nightfall detection engine work?
Nightfall customers will find the detection engine in their Nightfall dashboard and can use it to set policies for the Nightfall integrations they are using.
When editing a policy, you can set a number of conditions that must be met by a specific Nightfall machine learning detector type in order for an alert to be triggered. These conditions include parameters such as confidence thresholds (e.g. “likely and above matches”) and minimum finding counts (e.g. “at least 5 matches”) that can be altered on a detector by detector basis.
As a part of this update, the detector menu has changed as well. Now, you have the ability to modify and customize out of the box Nightfall detectors. You can customize our machine learning detectors by creating context rules and exclusion rules. Context rules are additional “hot” words that define when an item flagged by a detector is more or less likely to be an accurate finding. Exclusion rules define specific scenarios when an item typically flagged by a detector should be excluded from the list of findings. These configuration options combine the power of our highly accurate machine learning based detectors that we provide out of the box, with your business-specific context, in order to yield high-relevance detection.
Key features of Nightfall’s detection engine include:
- Use minimum confidence thresholds and minimum finding counts on detectors to reduce the chance of false positives.
- Specify context rules and exclusion rules on detectors to fine-tune their accuracy to better suit your use cases.
- Choose which detectors are triggered for each policy.
- Modify and build upon our existing machine learning detectors from the Detectors tab to create your own custom detectors that trigger based on preconditions you set.
- Name and build custom DLP workflows (e.g. automated deletion, quarantines, notification, etc.) for all of your Nightfall machine learning and custom detectors.
If you want to learn more about how you can use the detection engine to tailor Nightfall to your specific cloud DLP use case, you can schedule a demo with us below or contact us at firstname.lastname@example.org.
Nightfall is the industry’s first cloud-native data loss prevention solution, designed to address the issue of sensitive data spread across SaaS and IaaS environments like Slack, Jira, AWS, and many more.