Nightfall raises cash for its AI that detects sensitive data across apps – TechCrunch

  • 4 min read
  • Aug 11, 2022

Nightfall raises cash for its AI that detects sensitive data across apps – TechCrunch

Nightfall AI, a cloud data loss prevention startup, today announced $40 million in Series B funding from investors including WestBridge Capital, Venrock, Bain Capital Ventures and — for some reason — athletes and celebrities including Paul Rudd, Drew Brees and Josh Childress. CEO Isaac Medan says the proceeds will go toward doubling Nightfall’s 60-person workforce, expanding the platform to more customers and markets, and expanding Nightfall’s partner ecosystem.

Madden founded Nightfall in 2018 alongside CTO Rohan Sathe. Isaac was previously a VC investor at Venrock where he focused on early stage investments in Software as a Service, Security and Machine Learning. Rohan was one of the founding engineers at Uber Eats, where he designed and built software to grow the platform’s footprint.

Madden says he and Sathe were inspired to launch Nightfall by Sathe’s personal experiences with data breaches caused by poor “data security hygiene.” Sathe was at Uber in 2016 when a developer committed credit to a private code repository on GitHub, leading a hacker to mine Uber rider and driver data into a public storage service.

“This breach made it clear that attackers will eventually find ways to break into private applications, so ensuring strong data security hygiene is essential to minimize risk once a bad actor gets in,” Madden told TechCrunch in an emailed Q&A. . “Digital transformation and the shift to a hybrid workplace has disrupted the traditional enterprise environment, as employees are no longer guaranteed to be on managed devices and networks. “This has led to the proliferation of cloud applications that host data that is completely opaque to security teams, increasing the attack surface.”

Nightfall AI

Image credit: Nightfall AI

The Nightfall platform captures input and output data from applications such as Slack, Salesforce, Google Drive, Confluence, and Jira that their machine learning algorithms classify as sensitive, personally identifiable (PII), non-compliant (with regulations such as HIPAA and GDPR), or safe to share. they do, he supervises. . From the dashboard, administrators can set up automated workflows for quarantine, deletion and more, or view metrics such as real-time and historical PII counts by type.

Nightfall offers pre-configured PII detectors that can detect things like compromising keys in GitHub repositories, credit card numbers, names, locations, phone numbers, social security numbers, and even cryptocurrency wallet addresses. Exposed via an API and a software development kit, Medan claims that Nightfall’s data classification technology can be applied to almost any application or service.

“[We’ve] “We launched partnerships with Snyk, Cribl, Virtru, Hanzo and more to expand our partner capabilities by embedding Nightfall detection capabilities into their offerings,” Madan said. Organizations today manage large volumes of sensitive data, ubiquitous credentials and passwords, PII, protected health information, and much more. [With Nightfall, they can] Take action on sensitive data at a granular level, get the full context of a breach, and perform automated response, guiding end users to troubleshoot or self-remediate.

Potential Nightfall customers may be put off by the platform’s data policy, which allows Nightfall to use its data for “continuous improvement”. [its] Data classification algorithms. Meanwhile, employees may be concerned about the potential for surveillance. One of the use cases that Nightfall advertises on its website is scanning chat tools (eg Slack) for unauthorized content.

The company suggests that its platform can limit toxicity and profanity, but algorithms have historically not done a good job of this. More problematically, Nightfall promotes “insider threat” prevention features that could, in theory, be used to target whistleblowers.

During the pandemic, various forms of workplace monitoring became more widely used – made possible by the move to remote and hybrid work settings. One market research firm estimates that 60 percent of large companies now have some kind of tool to track remote workers. However, employees have pushed back. According to a 2021 ExpressVPN survey, nearly a majority believe that surveillance software — which is mostly legal in the United States — is a breach of trust and would leave a company that uses it.

Nightfall AI

Image credit: Nightfall AI

Madden did not directly respond to a question about employee privacy. But he claims companies have a choice not to share any data with Nightfall. Those who do can request that their data be deleted.

“Given the massive amount of data and the rapid growth in the number of cloud applications in the enterprise, data proliferation is becoming more pervasive and worse,” Madden said. The shift to a hybrid workplace has disrupted the traditional environment, and organizations must focus on the applications and services in their environment that house sensitive data.

While Nightfall competes in the multibillion-dollar data loss prevention market with well-funded startups including Netskope, Very Good Security, and Bitglass, the company has since its founding acquired customers including Klaviyo, UserTesting, and Rightway. It has become “hundreds” more. The private sector makes up all of Nightfall’s current customer base, but Madden said it is “open” to government and military customers in the future — reflecting the money made from cybersecurity in the defense industry.

When reached for comment by email, Bain Capital Ventures partner and Nightfall board member Enrique Salem said, “Data security is quickly becoming the most critical and vulnerable layer of an organization’s security stack. Nightfall is the leader. Emerging cloud DLP protects organizations from costly data leaks and enables data security hygiene without blocking business users.

To date, Nightfall — which is based in San Francisco — has raised $60 million in funding and scanned more than 40 million “sensitive data finds,” Madan added.

Related Post :

Leave a Reply

Your email address will not be published.