Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Nightfall DLP Google Chrome extension is Nightfall's browser extension for Google Chrome. This extension is required to encrypt your emails and also add various encryption settings in gmail. This extension can be installed in two ways.
Installation on Individual Devices: In this method, an individual user installs the Nightfall DLP on their single device.
Installation across Organization: In this method, a Nightfall admin installs the Nightfall DLP across entire organization.
Nightfall Data Encryption offers a groundbreaking, Artifical Intelligence (AI) -powered approach to email encryption. Unlike legacy gateway-based encryption or tools that rely on cumbersome third-party portals, Nightfall’s innovative platform provides seamless, client-side protection that integrates directly into your existing email workflows. Nightfall’s Data Encryption solution leverages AI to automatically detect and secure sensitive information within your emails and attachments. This context-aware intelligence allows Nightfall to apply robust, military-grade encryption tailored to the specific data being shared - no manual intervention is required.
Nightfall provides best-in-class AI-driven data loss prevention (DLP) and automatic, context-aware email encryption, keeping Gmail messages and attachments private and compliant throughout collaboration workflows. Embedded directly within the native Gmail interface via a Chrome extension, Nightfall enables client-side encryption before emails reach Google's servers, preventing unauthorized access by Google or other parties.
With a simple toggle, senders can encrypt message bodies and attachments, set expiration dates, disable forwarding, and revoke access at any time. Persistent file protection ensures attachments remain secure even when shared beyond email, allowing recipients to download and collaborate on files across desktops, network drives, Google Drive, and other cloud platforms, while the sender maintains control.
Nightfall's seamless integration into Gmail reduces support costs for IT and security teams. Automated, context-aware encryption based on detection of sensitive data empowers security teams and eliminate reliance on end-users to do the right thing. IT and security teams can also provide end-users the control by allowing flexible, end-user self-management of outgoing emails via protection options in the Chrome plugin. External recipients can access secure emails without creating new accounts or managing additional passwords, simply authenticating with their existing accounts using a one-time login code. Admins and senders retain persistent visibility and control over protected messages and attachments, with encryption and sharing activity available natively in Gmail and within the Nightfall console. The sharing activity is available in logs which can be ingested in SIEM tools for enhanced threat response.
Nightfall uses AES with Galois/Counter Mode (AES-GCM) 256-bit encryption to encrypt data - email body and attachments. Data is encrypted using a dynamic, randomly generated cipher key. The encrypted content is then stored in a cloud object storage protected with IAM policies ensuring the principle of least privileges with AES 256 bit encryption enabled at rest. This ensures all customer emails are double encrypted by Nightfall.
Nightfall maintains a reference to the encrypted content, the tenant UUID, the S3 bucket and the randomly generated cipher key which is encrypted using AWS Key Management Service (KMS).
This ensures no one at Nightfall has access to the encrypted data and only the authorized recipients can decrypt and access data. Additionally, Nightfall supports bring your own key (BYOK) workflow with AWS KMS and customers can provide their own KMS key to encrypt this data.
Nightfall secure reader is a feature that ensures only the intended recipients who can authorize successfully can decrypt and view secure emails.
Secure reader verifies the identity of the intended recipients of a secure email by validating the recipients copied on the email. Nightfall prompts the recipient to verify their identity by authenticating into their Gmail account via OAuth or sending a login code to their email. The recipient can then enter the login code to access the encrypted email. Any user who was not copied on the original email cannot access the encrypted email. Recipients do not have the option to forward, copy, print, or download the secure email.
Nightfall sends emails to recipients in two instances - authenticate the intended recipients by sending a login code to the specified email address and allowing recipients to respond to encrypted emails from the secure reader. In both these instances, emails are sent from a no-response Nightfall AI email address to the respective users.
Nightfall utilizes a secure email service to send emails in these instances and has setup the below policies to protect against phishing or getting marked as spam.
Sender Policy Framework (SPF) authenticates the sender IP’s and verifies whether it is authorized to send emails on behalf of the identified domain.
DomainKeys Identified Mail (DKIM) protocol is used by Nightfall’s inline DLP solution to verify email content is unchanged with a signature and helps identify and thwart any spoofing attacks. With Nightfall’s Data Encryption solution, Nightfall signs the email content with dedicated domain keys for email service provider to verify the email’s authenticity.
A Domain-based Message Authentication, Reporting and Conformance (DMARC) record is a DNS TXT record published in a domain’s DNS database that tells receiving mail servers what to do with messages that don’t align or authenticate with SPF and DKIM. The DMARC record enables reports to be sent back to the domain owner about which messages are authenticating and why. Nightfall sets up a DMARC record on its email service to determine the steps to take in case of failures in DKIM or SPF.
By default, the temporary login code sent to recipient mailboxes is valid for a maximum of 15 minutes.
In such cases, if sensitive data is found in the email and if you have enabled the Block automated action and the end-user chooses to encrypt the email, the email is blocked. The error message is displayed as shown in the following image.
Account Verification
Ensure that you are logged into the Chrome plugin using the same email account you use to send emails.
Confirm this email is associated with the Chrome profile you're currently using.
OAuth Permissions
Verify that you have granted the necessary OAuth permissions to your mailbox to use email encryption with Gmail.
Chrome Plugin Permissions
Check if sufficient permissions are granted to Nightfall's Chrome plugin: a. Navigate to the Google Admin Console. b. Go to: Security -> Access and data control -> API controls -> MANAGE THIRD-PARTY APP ACCESS. c. Click "Change Access" for Nightfall DLP. d. Under "Access to Google Data", select "Limited" or "Specific Google data". e. Save your changes. f. Please follow the above steps if there are two Nightfall DLP apps listed there. One app is used to login and authorize access to Gmail and the other app is authorized to send emails on your behalf.
Domain Configuration
If you are blocked on the compose window without any ability to send emails, it means encryption is likely not enabled in your account. Reach out to Nightfall Support or CS team to verify that your domain has been enabled for the encryption capabilities from Nightfall.
What if I'm still experiencing issues after checking these items? If you have verified all the above and are still encountering problems, please contact the Nightfall support team for further assistance.
The advanced settings page allows you to configure the Admin alerting and Plug-in defaults section.
The admin alert settings are the same for Gmail DLP and Gmail encryption protection. You can refer to the admin alerting section for details on configuration. Data encryption policies support alerting to Slack, Email and Webhooks.
The Encryption Settings section consists of automated actions. Automated actions are automatically applied on emails before they reach the recipient's email. You must first enable the toggle switch and then select the check box for the required action to be applied in the policy. Nightfall supports the following automated actions.
With this action, recipients cannot forward the email to any other user or user group. Once enabled, the forward button is hidden for senders within Gmail. By default, recipients cannot forward any emails or add additional recipients when replying to emails via the Secure Reader
With this action, the recipients cannot download or copy the contents of attachments included in the email. Attachments with persistent protection enabled can only be accessed via the secure reader.
This action allows you to set an expiration time on the email. With this action, the encrypted email has an expiration time after which the recipients cannot access the email.
While Nightfall administrators set default encryption settings in policies, users have some flexibility to modify these settings when composing emails. Here's how each setting can be overridden:
Users can enable forwarding even if it's disabled by default in the policy.
Users can enable persistent protection on attachments even if it's disabled by default.
Users can enable expiration even if it's disabled by default. If both admin and user set an expiration time, the shorter time period is applied.
Key Points:
User actions in the Gmail compose window can override default policy settings.
This flexibility allows for case-by-case adjustments to encryption settings.
For expiration times, the most restrictive (shortest) time is always used.
This approach balances organizational security policies with user discretion, allowing for adaptability in specific communication scenarios while maintaining overall security standards.
The settings configured by the Nightfall admin are applied by default to all the user/user groups who are included in the policy . However, in some cases, the default settings configured by Nightfall admin are overridden. The following section describes the scenarios in which each of the encryption settings can be overridden.
In this final stage, you assign a name to the policy, verify your configurations, and create the policy.
Enter a name for the policy.
(Optional) Enter a description for the policy.
Click Next.
Verify if all the policy configurations are set up as per your requirements.
(Optional) Click back or click on any specific stage to modify any of the policy configurations.
Click Save Changes.
A data encryption event is created every time a sender sends an encrypted email.
This document explains where you can find event notifications on policy violations and what actions can be taken.
To view the encryption events in Nightfall:
Click Data Encryption from the left menu.
(Optional) Click the time filter and configure the required time period to view historic encryption events. By default, the time filter is set to Last 7 Days.
The list of encryption events is displayed. For more details on the encryption events, see Encryption Events Page document.
If you have enabled #admin-alerting , Nightfall admins receive a notification through one of the configured channels. The email notification consists of a set of actions that the admin can take and looks as follows.
If Slack notifications are enabled, the admin receives a Slack notification as follows.
When Nightfall admin takes an action either from Slack or Email notification, the status of the event is automatically updated in the #nightfall-events-page.
The Scope section allows you to limit the policy's scope to specific users or groups, ensuring targeted application of encryption settings and also the default configuration for the encryption settings.
Data encryption policies supports filtering based on users and user groups. These options provide flexible, granular control over who can use encryption features. The "Include all, except" options are particularly useful for creating broad policies with specific exceptions. Combining user and group options allows for complex, layered access control.
When both user and group options are used, they typically work additively (i.e., a user gets access if they meet either the user or group criteria). These settings determine who sees the encryption options in Gmail's compose window and who receives the default encryption settings. All the users, user groups are auto-populated from your identity provider and can be selected with prefix search capabilities. The different options and the behaviour of each option is as described below:
Filtering by Users
Monitor all: Only selected users will have access to encryption options in the Gmail compose window.
Monitor specific: Every user in the organization can access encryption options in the Gmail compose window.
Monitor all, except (or Exclude users): All users have access to encryption options in the Gmail compose window, except those specifically selected.
Filtering by User Groups
Monitor all: Only users in the selected groups will have access to encryption options in the Gmail compose window.
Monitor specific: Users in any group within the organization can access encryption options in the Gmail compose window.
Monitor all, except (or Exclude groups): Users in all groups have access to encryption options in the Gmail compose window, except those in specifically excluded groups.
Note:
Even with restrictive settings in the policy scope, included users can still modify encryption options when composing emails. Refer to the section to learn more about it.
The Nightfall DLP for browsers can be installed as an extension in the Google Chrome browser on individual devices.
For automated encryption to work in a policy, compliance rules for Gmail DLP must be set up in Gmail so that emails with sensitive content are encrypted.
To install Nightfall encryption extension:
Navigate to the Chrome webstore.
Search the term Nightfall in the search bar.
Select Nightfall DLP for Browsers.
Click Add to Chrome.
Click Add extension.
Once the installation is complete, you can view the Nightfall logo on the top right corner of your browser and a message to confirm the successful installation.
Click the Nightfall logo and select one of the login methods to log in to the encryption.
If you select Continue with Google, the Google login page is displayed. You must enter your Google account credentials to login. Once you login, the Gmail permission pop up window is displayed. Click Continue.
If you select Continue with Microsoft, the Microsoft login page is displayed. If you are already logged in to your Microsoft account you will see a pop up window asking for permission.
If you select Continue with SSO, you must enter your organization email on which SSO is enabled.
Once you complete the login process, you are navigated to gmail. In Gmail, you must compose a new email. You can now view the Nightfall email encryption toggle switch.
Once you enable the Nightfall encryption, you can see that the encryption options are now active.
You can now navigate to the Nightfall Encryption - Sender Experience to learn more about how to use these options.
This document explains how to use the Gmail encryption feature in Nightfall to send encrypted emails. This document explains all the options available to the sender.
To use Nightfall Gmail encryption to send emails:
Login to your Gmail account from the same browser on which the Nightfall extension is enabled.
Click Compose to start a new email.
You can see that the Nightfall encryption toggle switch called Encrypt with Nightfall AI is now available. You must enable this toggle switch to activate the Gmail encryption feature.
Once you enable this toggle switch, you can view the encryption options which are explained in the following section.
This section describes the various email encryption options provided by Nightfall.
With this option, recipients can only read your emails. They cannot forward the emails further if you enable this option before sending the email. However, recipients can reply to the email. while replying to the email, recipients cannot add additional recipients to their response, if they do not have the Nightfall DLP Browser extension. When an Email is sent to multiple users with the Disable Forwarding option enabled, each recipient can choose to either just Reply to the email or Reply all.
To view the sender experience, click the #disable-forwarding-when-nightfall-dlp-is-not-installed or #disable-forwarding-when-nightfall-dlp-is-installed documents.
You can use this option to set an expiration period for the email. The email expires after the set period and is inaccessible to the recipient. You can set the expiration period in Hours, Weeks, Days, or months. Nightfall displays the exact date and time when you set the expiration time. After the set period the recipient cannot access the email.
Once you set the expiration timeline, Nightfall calculates and displays the exact date and time after which the email cannot be accessed by the recipient. You can modify the expiration period, if required.
Once the email expires, the sender can choose to extend the expiration of the email. In this case, the recipient can view the email again until the next expiration date. The sender can also choose to disable the expiration feature totally. In this case, the recipient always has the access to the email, unless the sender enables the expiration feature again and sets an expiry date.
To view the recipient experience, refer to the #email-expiry-when-nightfall-dlp-is-installed or the #email-expiry-when-nightfall-dlp-is-not-installed documents.
The persistent protection feature allows you to protect the attachments sent in an email which is encrypted by Nightfall. With persistent protection, Nightfall disables the options to download, copy, or forward attachments included in an email which is securely encrypted by Nightfall. Recipients can only view the contents of the attachments through a secure reader.
Currently, Persistent protection works with attachments with the following extensions. pdf, jpg, jpeg, png, tiff, heic, gif, webp, svg, tga, eps, doc, docx, xls, xlsx, ppt, pps, pptx, ppsx, rtf, odt, and html.
The maximum file size can be 25 MB.
You can use this option to notify the recipient that this is an encrypted email. The content drafted in the Introduction section is not encrypted. To enable the Introduction section, click Introduction.
Only the content below the horizontal line is encrypted.
Once you send an encrypted email, you can view it from the Sent section of your Gmail. The email looks as shown in the following image.
In today's digital universe, cloud-based productivity suites are ruling the roost when it comes to internal office communications tools. Google Workspace is one such trusted suite which is largely used by organisations. One of the significant solutions provided by Google Workspace is Gmail; a tool predominantly used to exchange emails. The popularity of Gmail can be realised from the fact that it holds .
With cloud migration gaining traction, organisations benefit enormously by promoting immaculate information sharing. However, this migration brings in a security and compliance issues too. Email has emerged as one of the principal target, attacked by cyber criminals; so much so that Verizon, in one of its 2024 data breach investigation reports, named Email as the most sought after cloud tool used for cyber attack. Additionally, many organisations handle and store sensitive personal information of employees and clients. The usage or storage of such data is regulated by strict government policies like HIPAA, PCI DSS, GDPR and so on.
Organisations that fail to comply with these regulations end-up paying heavy financial fines. Also, the organization's reputation goes for a toss in such scenarios, often resulting in total chaos. Security regulations are evolving, leaving organisations to quickly adapt and come to terms with the new regulations.
The need of the hour is an efficacious email protection solution that can safeguard the sensitive data shared through emails.
Nightfall provides you with a disruptive, AI-powered email encryption. Nightfall's email encryption solution, unlike its legacy counterparts that rely on clumsy third-party portals, integrates directly into your existing email workflows.
Some of the salient features of Nightfall Email encryption solution are as follows.
The Nightfall email encryption solution is AI driven and can automatically detect and secure sensitive data from emails and attachments. This solution also boasts the context-aware feature. The context-aware features empowers Nightfall to apply robust military-grade encryption, that is tailored to specific kind of data being shared. With Nightfall's AI-powered encryption solution, you can effortlessly secure your sensitive data sent over emails. Additionally, Nightfall also provides you the flexibility to automate encryption for different types of sensitive data or provide controls to end-users to enable or disable encryption while composing the email - all this from without missing out on the Gmail native experience.
One of the impeccable features of the Nightfall encryption solution is that it facilitates a smooth transition so much so that the end-users hardly notice anything new. You need not create new accounts, navigate to some third-party portals, or spend time training your employees. All you need to do is just install the Nightfall Chromium extension and enable the encryption toggle switch while composing the emails in Gmail. Recipients just need to authenticate themselves with a one time code and access the secure mail.
Nightfall email encryption solution relieves you from the efforts put in to maintain compliance regulations like HIPAA, PCI DSS, GDPR, and so on. This AI-powered solution ensures that you remain compliant, giving you the power to revoke emails, set expiration dates, and disable email forwarding. Additionally, the persistent email protection feature ensures that attachments are only viewed within the secure Nightfall reader. Nightfall uses the AES with Galois/Counter Mode (AES-GCM) 256-bit encryption to encrypt email body and attachments. Data is encrypted using a dynamic, randomly generated cipher key.
The Nightfall email encryption email provides you with exceptional levels of visibility. The Nightfall centralised admin console displays key data like encrypted emails read by recipients, attachments download, sender actions like disable forwarding and revocation of access. With this data, you can quickly check if there was any data breach through emails. You can use notification channels like Slack, email, SIEM to notify users if sensitive data is found. Additionally, you can use end-user remediation or human firewall feature to allow end-users to take action on sensitive data.
Nightfall's AI-native, context-aware data protection solution for Gmail is considered a security best practice, enabling organisations to leverage Gmail's productivity features while ensuring end-to-end encryption of messages and attachments, wherever they're shared. Nightfall also provides best-in-class AI-driven data loss prevention (DLP) apart from context-aware AI-driven email solution.
Users just need to enable a toggle switch to empower encryption on their emails sent from gmail. Apart from email encryption users can also choose to apply features like persistent protection, disable forwarding, and access revoke on their emails.
To learn more about how to use the Nightfall encryption solution, you can refer to the following documents.
In this stage, you select what type of policy you want to create. In this case, you can select the Data Encryption policy and select Gmail in the next step
Click Policies from the left menu.
Click + New Policy.
Select Encryption.
Select the Gmail integration.
Encryption policies allow Nightfall administrators to precisely control data encryption options for outgoing emails in Gmail. These policies offer granular control over who can access encryption features and what default settings are applied.
Key Features:
Tailored policies:
Administrators can limit the policy's scope to specific users or groups, ensuring targeted application of encryption settings.
Sync users and groups from Google Directory, Okta, or Microsoft Entra ID for seamless integration.
Default Encryption Settings: Once configured, policies automatically apply the specified encryption settings to outgoing emails for the selected users/groups.
Disable Forwarding: Hides the Forward button in Gmail for encrypted emails.
Prevents forwarding or adding recipients in Nightfall Secure Reader.
Set Expiration Date: Automatically sets a date after which the email becomes inaccessible to recipients.
Persistent Protection on Attachments: Ensures attachments are only accessible via the secure reader, preventing downloads.
Sender Flexibility:
While default settings can be applied, senders retain the ability to modify these settings when composing emails.
This enhanced encryption policy system allows organizations to enforce robust security measures while maintaining user flexibility, ensuring that sensitive communications are protected according to specific organizational needs and compliance requirements.
Install Google Chrome Extension: Nightfall admins must install the Nightfall DLP for Browser extension from the Chrome webstore. You can refer to this document to learn more about installing the Nightfall Chrome extension.
Setup directory sync with Google Directory, Entra ID or Okta as per your organization's identity provider. You can refer to the identity provider installation instructions here to learn more about setting this up.
The process of creating a policy consists of the following steps.
Remediation for Data Encryption
The Revoke Emails List field contains the email IDs of the users whose access is revoked. You must click the Permission to View action on the Event detail view. The list of recipients is displayed. You must select the check box for the recipients to whom you wish to restore the access. Once the access is restored the Unrevoke Emails List field displays the email IDs of the users to whom you restored the access.
When the expiration time is different in the Nightfall policy and the email sent, Nightfall picks the shortest time period. In this case, the end-user has set a time-period of 1 hour in the Email (which is a shorter time period than 2 hours). Hence the email expires after 1 hour.
The Nightfall admin has revoked access to the recipient from the Nightfall encryption event. Contact your Nightfall admin to restore the access.
Your Nightfall admin has configured Encryption settings in an encryption policy. So, even if you have not configured any encryption settings, the policy automatically implements the encryption settings enforced by your Nightfall admin.
You can restore access to a sent email which is expired. Just go to your sent emails list. Open the required email, and set a new expiry date for the email. The recipients can now access the email until the new expiry date is reached. You can also disable expiration totally. In the case, this recipients can view the Email forever, until you enable expiration again.
This document explains the Nightfall encryption process from a recipient's perspective. The recipient can learn how to work with emails that are encrypted with Nightfall.
The recipient experience varies for users who have the Nightfall DLP chrome extension installed and for those who have not installed it. Basically, recipients who have not installed the Nightfall DLP chrome extension can only view the contents of an encrypted email via a secure reader. This reader opens in a new tab. However, recipients who have the Nightfall DLP chrome extension installed, can view the contents on an encrypted email directly without any secure reader. The secured reader is required for these recipients only when viewing the contents of an email attachment on which persistent protection is enabled.
When the recipient opens an email that is encrypted by Nightfall, initially they can only view the content added under the introduction section. To view the actual content of the email, the recipients must click the Unlock Message button. Clicking this button decrypts the message for the recipient.
Once the recipient clicks the Unlock Message button, a new tab is opened. This is the Nightfall Secure Reader tab. The recipient is asked to complete login to their gmail again. Once the login process completes, Nightfall decrypts the contents of the email and displays the same in another tab.
Once the recipient completes the login process, the content of the email is decrypted and they can view it.
If the sender has enabled the Disable Forwarding, Set Expiration, and Persistent Protection options, the recipient can view the respective labels for these features at the top of the page as shown in the following image.
When an email expires and the recipient attempts to open it, they receive an email expired message as shown in the following image. The email label also changes to Expired
to indicate that the email is now expired.
Once the email expires, the sender can choose to extend the expiration of the email. In this case, the recipient can view the email again until the next expiration date. The sender can also choose to disable the expiration feature totally. In this case, the recipient always has the access to the email, unless the sender enables the expiration feature again and sets an expiry date.
When the recipient views an encrypted email on which forwarding is disabled, they can see the Forwarding Disabled label.
Recipients can reply to the email on which forwarding is disabled. If the email was sent to multiple recipients, any recipient can choose to reply all. However, when using the reply all (or even reply option) option, recipients cannot add any new recipients or remove any of the existing recipients.
While replying to emails, recipients can use the Set Expiration and Disable Forwarding options. These options are available only when the reply is sent through the secure reader.
The Forward option is available even on emails sent with Disable Forwarding enabled. However, if a recipient attempts to forward such an email, the email is forwarded but the new recipient cannot view the contents of the email. They get an Access Denied message.
If the sender has enabled Persistent protection, recipients cannot download attachments, copy attachments, or forward emails that have an attachment. Recipients can only view the contents of the attachment in the secure reader.
To view the attachments of an email on which Persistent Protection is enabled, recipients must click the view icon on the attachment.
When the recipient opens an email, they can directly view the contents of the email. They need not go to a secure reader to view the email contents, since Nightfall DLP extension is installed. A secure reader is needed only to view the contents of an email.
This section describes the recipient experience when encryption options are enabled by the sender.
When an email has been sent with an expiry date, the email displays the expiry date and time on top of the email.
When an email expires and the recipient attempts to open it, they receive an email expired message as shown in the following image.
Once the email expires, the sender can choose to extend the expiration of the email. In this case, the recipient can view the email again until the next expiration date. The sender can also choose to disable the expiration feature totally. In this case, the recipient always has the access to the email, unless the sender enables the expiration feature again and sets an expiry date.
When the recipient views an encrypted email on which forwarding is disabled, they can see that the Forward option is not available in the email options.
If the sender has enabled Persistent protection, recipients cannot download attachments, copy attachments, or forward emails that have an attachment. Recipients can only view the contents of the attachment in the secure reader.
To view the attachments of an email on which Persistent Protection is enabled, recipients must click the view icon on the attachment.
If the sender has included an Introduction section, recipients can see the contents of the Introduction section and the contents of the actual email as shown in the following image.
The Encryption events page displays all the encryption events registered by Gmail. An event is triggered when an encryption policy is violated. To learn more about configuring encryption policies, refer to the document.
Important
An encryption event is generated only when both of the following conditions are met.
Nightfall admin creates one or more encryption policies.
An end-user (who matches the scope for at least one of the policies) sends an email with encryption enabled.
To navigate to the encryption events page in Nightfall, click Data Encryption from the left menu.
Once you land on the Encryption page, Nightfall displays the encryption events for the last 7 days. You can view that the date filter also displays Last 7 Days.
To view the historic encryption events, click the date filter, set the required time period and click Apply.
The encryption events page consists of the following columns.
The Events encryption page provides a search bar. You can use the search operators to search a specific event. Nightfall provides multiple operators to search. When you click the search bar, five operators are displayed. You can click the View all operators button to view all the available search operators.
For example, you can use the user_email search operator to search for events that were generated as a result of emails sent by a specific sender. In the following image the user_email operator is used to search for events generated by a user whose mail ID is max@starwoodhealth.com.
The complete list of search operators provided by Nightfall are as follows.
This operator allows you to search events that belong to a specific integration. For example Gmail.
This operator allows you to search events based on the user name of the sender.
This operator allows you to search events based on their status.
This operator allows you to search events that were generated as a result of emails sent from a specific email ID.
This operator allows you to search events that were generated as a result of emails sent by including a specific mail ID in the BCC field.
This operator allows you to search events that were generated as a result of emails sent from a specific email ID.
This operator allows you to search events that were generated as a result of emails sent to a specific email ID.
This operator allows you to search events that were generated as a result of emails sent by including a specific mail ID in the CC field.
This operator allows you to search events that were generated as a result of emails sent by including a specific subject in the Subject field of the email.
This operator allows you to search events based on the gmail user name of the sender.
The actions menu allows you to take appropriate actions on the events. When you initiate an action on an event, the status of the event changes accordingly. For instance, if you apply the encrypt action, the email that triggered the event is encrypted and the status of the event changes to Encrypted.
You can apply an action from the ellipsis menu on the Events page
The actions that you can perform on an encryption Event are as follows.
This action allows you to set an expiration date for the email Recipients cannot view the email after the set expiration period. If an expiration period is already set by the end-user or through automated actions, you can still override the expiration period and set a new expiration period.
This action disables the recipient's ability to forward emails.
This action prevents end-users from downloading any attachments or copying the contents of the attachments.
This action resolves the Event. You must apply this action when a suitable remediation action has been implemented.
The Event detail view page displays various details of a specific event. You must click the required event to open the detail view window. The Event detail view displays the following details.
The event history section is a log book for the Events. It displays the series of actions that were taken. By default, the first log message recorded is the Event creation and the second log message displays that the email was encrypted by the sender.
Once the recipient decrypts the Email and view it, a new log message is displayed as follows.
As you perform various actions on the Email or the Event, the log message is recorded for each action as follows.
At the end of the event section, Nightfall provides a text box. You can add comments in the text box and save them for future use. You can add a maximum of 300 characters in the text box.
Alternatively, you can also apply an action from the page.
Name
The subject line of the email that triggered the event. If the email was sent without a subject, this column name will also remain blank.
Source
The email ID from which the email was sent.
Destination
The email ID(s) to which the email was sent.
When
The time elapsed since the email was sent.
Status
The current status of the email. The status depends on the #actions taken on the email. The status is automatically updated in another case too. If a Nightfall admin takes an action from Email or Slack#notificaitons , the status is automatically updated.
Send Date
The date and time when the Email was sent.
Subject
The subject of the Email. If no subject was added, this field is blank.
From
The email ID of the user who sent the Email.
To
The email ID(s) of the recipients.
Cc
The email ID(s) of the users who were included in the Cc field. If no user was added to the Cc field, this field displays n/a.
Bcc
The email Id(s) of the users who were included in the Bcc field. f no user was added to the Bcc field, this field displays n/a.
Attachments
The name of the attachments added to the email. If no attachments were added to the email, this field displays n/a.
Disable Forwarding
This field displays No if Email forwarding is disabled. If Email forwarding is enabled, it displays Yes.
Persistence Protection
This field displays No if Persistence protection is disabled. If Persistence protection is enabled, it displays Yes.
Expiration Time
If expiration is set, the expiration date and time is displayed. If expiration is not set, this field displays a hyphen.
Revoke all recipients
This field displays No if access is not revoked for all the users.
Revoke Emails List
This field displays the email ID(s) of the users to whom the access is revoked. This field displays n/a if access is not revoked for any of the users.
Unrevoke Emails List
This field displays the email ID(s) of the users to whom the access is restored after being revoked previously. This field displays n/a if access is not restored for any of the users.
Data Encryption for Gmail
The steps in this document can only be performed by a Nightfall admin installation process can only be performed by a Google Workspace admin and the plugin is installed on all the user devices that are part of the Google Workspace. Google Workspace admins can install the plugin in two ways which are described as follows.
Google Workspace administrators can use an MDM solution to rollout the extension across the chromium browsers.
To rollout Chrome plugin using Chrome management:
Log in to your Google Workspace admin console.
Navigate to Devices > Chrome > Apps & extensions.
Click the Users & browsers tab.
Select the OU on which you wish to install the Nightfall DLP for browsers. By default, the top most level OU is selected.
Hover the mouse on the + icon and select the Add from Chrome Web Store option.
Search the term Nightfall
in the search console and select Nightfall DLP for Browsers.
Click Select.
Click the Installation policy drop-down menu (by default, the Allow install option is selected in this drop-down menu).
Select the Force install option. (you can also select the Fore install + pin to browser toolbar option).
Click SAVE.
Once you have installed the Nightfall DLP browser, you can notify your organization of the benefits it can get them. You can educate them about the importance of encrypting emails before sending them. You must also train users on how to encrypt emails with Nightfall. You can redirect the users to Nightfall documentation for Nightfall Encryption - Sender Experience and Nightfall Encryption - Recipient Experience.
If you wish to exchange encrypted emails between your organization and an external entity, you can ask them to install the Nightfall Browser DLP on their devices. You can ask them to refer to this doc which talks about installing the Nightfall Browser DLP on individual devices.