Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How Should Startups Build Their Tech Stack?

At the beginning of every startup’s journey, the question plaguing every technical founder and their team is how to build their tech stack. A lot of thought must go into this question because it informs how the startup will adapt to the demands of business growth and any necessary adjustments or pivots of the business. In a recent webinar, we discussed this question in detail with Jim Walker of Cockroach Labs.

Nightfall and Cribl Partner to Enable Data Loss Prevention in Observability Platforms

We’re excited to announce Nightfall’s partnership with Cribl, the high scale, data processing and observability platform. Cribl’s platform gives companies greater value out of their data by serving as the core plumbing connecting all of your data platforms, allowing users to set up workflows and extract essential data for processing, analysis, or storage.

What is ePHI? A Guide to electronic Protected Health Information (ePHI)

ePHI stands for electronic protected health information. Electronic protected health information is protected under the Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA. ePHI security is governed by the HIPAA Security Rule. With the rise of telehealth, covered entities need to understand the requirements for safely transmitting, storing, and using ePHI to be compliant with the Security Rule and to protect a patient’s privacy.

What is the HIPAA Security Rule?

Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has two key provisions: the Privacy Rule and the HIPAA Security Rule. The Privacy Rule establishes standards for protecting certain health information, or PHI. The Privacy Rule requires those organizations that are governed by HIPAA (covered entities) to implement safeguards to protect the privacy of PHI, and gives individuals the right to access and share their health records.

Two Concerning Security Trends Highlighted by Recent Breaches

Another day, another data breach has become a common refrain, in a world saturated with data breaches and other types of data exposures. But over the past few years, a subtle change in the nature of breaches has taken place. We documented some of this change in our analysis of the 100 largest breaches in the 21st century, highlighting that breaches were getting larger and more likely the result of misconfigurations.

Addressing 3 Critical E-Discovery Challenges Upstream through Data Governance

Today, for enterprises and even SMB companies, IT is a sprawling but interconnected universe of applications, devices, and services all running in tandem to maintain the lifeblood of these organizations—data. Navigating the complexities of this arrangement is not just a challenge for security teams (something which Nightfall customers have attested to, before adopting our platform), it’s a genuine challenge for anyone who must manage and use information.

A Quick Guide To Information Security Programs

Broadly speaking, an information security program is a set of activities and initiatives that support a company’s information technology while protecting the security of business data and enabling the company to accomplish its business objectives. An information security program safeguards the proprietary information of the business and its customers. The Gramm-Leach-Bliley Act (GLBA) has a more specific definition of what a security information program should entail.

GitHub Supply Chain Attacks Highlight the Urgency of Zero Trust SaaS Data Security

In early April, the tech industry witnessed a major GitHub security incident targeting GitHub organizations using Heroku and Travis CI. GitHub was made aware of this threat via an attack leveraging AWS API keys to GitHub’s own npm production infrastructure. As upstream security risks within SaaS platforms become more common, organizations that leverage these platforms are relying on tools like Nightfall to protect themselves.

Understanding the GLBA Safeguards Rule

The Gramm-Leach-Bliley Act (GLBA) aims to protect consumer financial privacy with three provisions: the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Provisions. In our previous post, we covered the GLBA Financial Privacy Rule and what financial institutions, as defined by the GLBA, need to know to be compliant.