Links

Data Protection

Organizations may need to protect specific data types either by contractual obligation or to protect intellectual property. These are the recommended configurations to protect these data types.
Data Protection
Configuration
Considerations
Protected Health Data
  • Depending on the type of healthcare organization, disclosure of personal information may disclose health status (e.g., a sufficiently uniquely named person going to a health provider like an AIDS clinic would likely disclose the person’s PHI).
Secrets & Credentials
  • Enable all Secrets detectors:
    • API key
    • Cryptographic key
    • Database Connection String
    • GCP credentials
    • Password in code
  • Set Minimum Confidence level to Likely
  • Set alert to trigger on Any Detectors
Banking / Financial Transactions
  • Select applicable Financial detectors
  • Set Minimum Confidence level to Likely
  • Set alert to trigger on Any Detectors
Other detectors that exist are not recommended for use for the above compliance frameworks.
See Creating Detection Rules for general information on creating and tuning detection rules.
For all use cases, Nightfall recommends:
  • Scoping should cover all locations where the sensitive data should not be disclosed
  • Tune and amend rules over time in accordance with your violations and data.
  • Use Context and Exclusion Rules to reduce false positives and fine-tune alerts.
  • Upgrade your rules from Basic to Advanced as needed.
  • Please report any false positives to [email protected]. We will use your reports to improve our ML models.
If you have compliance requirements not covered above, please contact [email protected].