One of the first things you’ll do to get started with Nightfall is to choose which detectors you want to use. Ultimately, you will organize your chosen Detectors into Detection Rules in order to apply them to your cloud applications and infrastructure - but beforehand, we recommend that you carefully assess your needs and goals for sensitive data detection. Below, we suggest a few questions to ask yourself as you determine which detectors to leverage.
What data do you want to detect?
As discussed above, there is always a tradeoff between sensitivity and specificity. You want to plan your Detection Rules carefully to strike the right balance of accuracy without too much noise. The main question to ask yourself at this stage is what data you want to look for.
Do you have a specific concern around a particular type of data (e.g. from a previous DLP issue)? In this case, you may be able to target a limited set of detectors.
Do you want to implement a very broad DLP process, and don’t have a sense of which data might be problematic? Doing so will require more detectors, and thus means you may find a higher number of violations and/or noise.
Try to limit your detectors to data that you know or suspect are tracked or shared at your organization. For example, if you never discuss or store Vehicle Identification Numbers, then you likely do not need to set up a detector for that type of data.
How severe are the consequences of data leakage?
Some detectors will give more false positives due to their nature (e.g. widely occurring data types such as Dates, or less structured data types such as Names). In order to avoid excessive noise, you should weigh the relative risk of data exposure. For example, it may be problematic for your organization to leak Credit Card Numbers, but not Dates.
How much does the data’s context matter?
Another way to eliminate noise is to create specific Detection Rules that scan for combinations of data types. For example, it may be problematic for your organization to have Dates appearing alongside Names, but not for Dates to appear alone.
Organizations may need to protect specific data types either by contractual obligation or to protect intellectual property. These are the recommended configurations to protect these data types.
Protected Health Data
Use the detector
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
Depending on the type of healthcare organization, disclosure of personal information may disclose health status (e.g., a sufficiently uniquely named person going to a health provider like an AIDS clinic would likely disclose the person’s PHI).
Secrets & Credentials
Enable all :
API key
Cryptographic key
Database Connection String
GCP credentials
Password in code
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
Banking / Financial Transactions
Select applicable
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
Organizational compliance is one of the leading drivers that require DLP tooling such as Nightfall. These are the recommended configurations for each compliance framework.
HIPAA Compliance
Use the detector
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
Depending on the type of healthcare organization, disclosure of personal information may disclose PHI (e.g., a sufficiently uniquely named person going to a health provider like an AIDS clinic would likely disclose the person’s PHI).
PCI Compliance - Text
Use the Credit Card Number
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per:
PCI/PII Compliance - Images
Use the Drivers License Image, Passport Image, US Social Security Image, Credit Card Image detectors
Set Minimum Confidence level to Very Likely
Set alert to trigger on Any Detectors
These detectors analyze the layout and formatting of content within images, accurately identifying government-issued ID documents from any nation and payment cards from any institution.
ACH Compliance
Use the US Bank Routing and Person Name detectors
Set Minimum Confidence level to Likely
Set alert to trigger on All Detectors
GLBA Compliance
Use the SWIFT and US Bank Routing detectors
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
ISO 27001 Compliance for v2022
Enable all detectors:
API key
Cryptographic key
Database Connection String
GCP credentials
Password in code
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors
Other detectors that exist are not recommended for use for the above compliance frameworks. For all use cases, Nightfall further recommends:
Tune and amend Minimum Confidence over time in accordance with your violations and data set
Scoping should cover all locations where the sensitive data should not be disclosed
Using Exclusion Rules to reduce false positives and fine-tune alerts
Reporting false positives for machine learning training to support@nightfall.ai
This document lists all the out-of-the-box detectors provided by Nightfall.
DATE_OF_BIRTH
Detects a date associated with a person's birth.
EMAIL_ADDRESS
Detects valid e-mail addresses.
PERSON_NAME
Detects a person's name, including first, middle, and last names.
PHONE_NUMBER
Detects a phone number. The number can include an area code and country code.
STREET_ADDRESS
Detects street address, address number, street, city, state, and zip code.
BRAZIL_CPF_NUMBER
Detects a Brazilian Natural Person Registry number (CPF number), an 11-digit number with format 000.000.000-00.
CANADA_BANK_ACCOUNT
Detects a Canadian bank account number, typically a 15-20 digit number.
CANADA_BC_PHN
Detects British Columbia personal health numbers. The 10-digit personal health number is assigned to individuals to receive health services in the British Columbia province. This token must pass the checksum validation.
CANADA_DRIVERS_LICENSE_NUMBER
Detects Canadian driver's license numbers.
CANADA_GOVERNMENT_ID
Detects Canada government ID numbers. This number is provided to all residents that do not have a driver’s license, used for general identification purposes.
CANADA_OHIP
Detects an Ontario health insurance plan number. This 10-digit personal health number is assigned to individuals for health services in Ontario province.
CANADA_PASSPORT
Detects a Canadian passport number, an 8-character alphanumeric identifier.
CANADA_PERMANENT_RESIDENT_NUMBER
Detects a Canada permanent resident number, a 9-12 alphanumeric token assigned to permanent residents in Canada who are not Canadian citizens.
CANADA_QUEBEC_HIN
Detects Quebec health insurance numbers. This 12 alphanumeric token is a personal health number assigned to individuals to receive health services in Quebec province.
CANADA_SOCIAL_INSURANCE_NUMBER
Detects a Canadian Social Insurance number (SIN). This number is required for accessing government benefits and for employment verification.
US_DRIVERS_LICENSE_NUMBER
Detects US driver's license number, an alphanumeric string varying in a format unique to the issuing state.
US_INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER
Detects a US individual taxpayer identification number (ITIN)
US_PASSPORT
Detects a US passport number, typically a 6-9 character alphanumeric string.
US_SOCIAL_SECURITY_NUMBER
Detects US social security number (SSN), a 9-digit numeric string often used as a unique identification number for United States citizens and residents.
US_VEHICLE_IDENTIFICATION_NUMBER
Detects US vehicle identification number, a 17-character alphanumeric string used to identify a motor vehicle uniquely.
AUSTRALIA_DRIVERS_LICENSE_NUMBER
Detects an Australian driver''s license number: A 8-, 9-, or 10-digit number, or a 6-digit alphanumeric pattern depending on the issuing state or territory.
AUSTRALIA_MEDICARE_NUMBER
Detects an Australian Medicare number: A 10- or 11-digit alphanumeric code with a specific format and check algorithm used to uniquely identify individuals eligible for healthcare services under the Australian Medicare system. The 11th digit is the Individual Reference Number (IRN) and it’s optional.
AUSTRALIA_PASSPORT
Detects an Australian passport number, an 8- to 10-character alphanumeric string. Begins with one of these single letters (N,E,D,F,A,C,U,X) or one of these 2 letter combinations (RA,PA,PB,PC,PD,PE,PF,PU,PW,PX,PZ).
AUSTRALIA_TAX_FILE_NUMBER
Detects an Australian tax file number (TFN), a 9-digit numeric string with a specific format and check algorithm issued to identify individuals for AU tax purposes uniquely.
FRANCE_CNI
Detects a French CNI (carte nationale d’identité) number. A CNI is a national identifier frequently used when opening a bank account.
FRANCE_INSEE
Detects a France INSEE (National Institute of Statistics and Economic Studies) number, also known as the National Identification Number. An INSEE is composed of 13 digits + a two-digit key.
FRANCE_PASSPORT
Detects a France passport number, typically a 9-character alphanumeric string.
GERMANY_IDENTITY_NUMBER
Detects a Germany ID number. The German identity card, Personalausweis, is used as a national identifier.
GERMANY_PASSPORT
Detects a German passport number, typically a 9-character alphanumeric string.
INDIA_AADHAAR_INDIVIDUAL
Detects an India Aadhaar card number, 12 digit number issued to all Indian residents that include an individual's biometric and demographic data.
INDIA_PAN_INDIVIDUAL
Detects an Indian Permanent Account Number (PAN), a 10-character alphanumeric token.
IRELAND_PASSPORT
Detects an Ireland passport number, typically a 10-character alphanumeric string.
IRELAND_PPSN
Detects an Ireland Personal Public Service Number (PPSN), an 8-9 alphanumeric code.
SCOTLAND_COMMUNITY_HEALTH_INDEX_NUMBER
Scotland Community Health Index (CHI) number, a 10-digit number used for identification in Scotland's National Health Service (NHS).
UK_DRIVERS_LICENSE_NUMBER
Detects a UK driver's license number..
UK_ELECTORAL_ROLL_NUMBER
Detects a UK electoral roll number.
UK_NATIONAL_HEALTH_SERVICE_NUMBER
Detects a UK National Health Service number, a 10-digit number used for identification in the British National Health Service (NHS).
UK_NATIONAL_INSURANCE_NUMBER
Detects a UK National Insurance Number (NINO), a 9-character alphanumeric string. A NINO may also be used for tax purposes or other identification.
UK_PASSPORT
Detects a UK passport, a 9-digit number.
UK_TAXPAYER_REFERENCE
Detects a unique taxpayer reference (UTR) for individuals and entities paying taxes in the United Kingdom, typically a 10-digit number.
AMERICAN_BANKERS_CUSIP_ID
Detects CUSIP (American Bankers Committee on Uniform Security Identification Procedures) codes, 9-character numeric or alphanumeric codes for identifying North American financial security.
CREDIT_CARD_NUMBER
Detects credit card numbers, 12-19 digit number used for payments and other monetary transactions.
IBAN_CODE
Detects International Bank Account Number (IBAN) codes defined under the ISO 13616:2007 standard used to identify an individual’s account.
SWIFT_CODE
Detects SWIFT (Society for Worldwide Interbank Financial Telecommunication) codes. A SWIFT code is an 8 or 11 alphanumeric identification code for banks used for financial transactions and other communications between banks. It is synonymous with a Bank Identifier Code (BIC).
US_BANK_ROUTING_MICR
Detects bank routing numbers, a 9-digit code used to identify a financial institution in monetary transactions. MICR stands for magnetic ink character recognition.
US_EMPLOYER_IDENTIFICATION_NUMBER
Detects a US employer identification number (EIN), also known as a Federal Tax ID number. An EIN is a unique identifier for US business entities.
PROTECTED_HEALTH_INFORMATION
FDA_NATIONAL_DRUG_NAME
Detects brand and non-proprietary FDA drug names.
ICD10_CODE
Detects ICD10 codes (International Classification of Diseases, Tenth Revision). ICD10 is a series of codes used by medical practitioners to identify diagnoses and procedures.
ICD10_DIAGNOSIS_DESCRIPTION
Detects ICD10 diagnoses or procedures.
US_HEALTH_INSURANCE_CLAIM_NUMBER
Detects a US healthcare national provider identifiers (NPI), a 10-digit identifier for US Medicare providers, individuals (physicians, dentists, pharmacists, etc.) and organizations (hospitals, clinics, pharmacies, etc.).
US_HEALTHCARE_NPI
Detects US health insurance claim number (HCIN), used as a Medicare identifier.
US_MEDICARE_BENEFICIARY_IDENTIFIER
Detects a US Medicare Beneficiary Identifier (MBI), an 11-character alphanumeric string given to all Medicare recipients and used in Medicare transactions.
IMEI_HARDWARE_ID
Detects an International Mobile Equipment Identity (IMEI) ID, a unique identification number programmed into GSM and UMTS mobile devices.
IP_ADDRESS
Detects an internet protocol (IP) network address. An IP address is a numerical label used to identify a device connected to a network. This detector supports both IPv4 and IPv6 addresses.
MAC_ADDRESS
Detects a MAC address, a 12-digit hexadecimal value used to identify a network adapter. MAC stands for Media Access Control.
API_KEY
Detects API keys, credentials needed to authenticate and authorize a cloud provider’s API request. Findings will include the vendor name and active key validation for the most popular services. See Detecting Secrets
CRYPTOGRAPHIC_KEY
Detects private cryptographic keys. A cryptographic key is a data string used to lock or unlock cryptographic functions, including authentication, authorization, and encryption.
DATABASE_CONNECTION_STRING
Detects a database connection string, an expression that contains the parameters required for the applications to connect to a database server. Supports most popular databases.
PASSWORD_IN_CODE
Detects passwords written in code and has been extended to include passwords shared in natural language contexts such as messages, sentences, and paragraphs. This detector targets user access or login access to a system
CREDIT_CARD_IMAGE
Detects an image of a credit, debit, or gift card from any institution.
DRIVERS_LICENSE_IMAGE
Detects an image of a driver's license and government-issued identification card from any nation.
PASSPORT_IMAGE
Detects an image of a passport or visa from any nation.
US_SOCIAL_SECURITY_CARD_IMAGE
Detects an image of a US social security card.
Detects protected health information (PHI). as data that uniquely identifies an individual plus a diagnostic indicator such as medication, diagnosis, and procedure.