Help centerLog inStart for free

FAQs

Suggest Edits

What can I do with Nightfall?

Functionally, with Nightfall you can scan text & files to identify sensitive data. With text, you can also protect sensitive data by redacting it - more specifically, you can mask, substitute, or encrypt it. This functionality unlocks a broad array of potential use cases. Review common Use Cases to spark your imagination.

Is Nightfall secure?

Nightfall is secure by design. All data sent to Nightfall for classification is encrypted in transit via TLS 1.2+ and at rest via AES 256. Nightfall is SOC 2 Type 2 compliant. To review our security practices in more detail, please visit nightfall.ai/security. To review Nightfall’s SOC report, please contact us at [email protected].

What file types are supported?

Nightfall scans a broad set of file types and performs machine learning based optical character recognition (OCR) to extract text. The most common file types include:
• Archives: .zip, .tar, .rar, .gzip, .bzip2, others
• Documents: .docx, .pptx, .xlsx, .pdf, others
• Text: .html, .xml, .csv, .json, others
• Images: .jpg, .png, others

How does pricing work?

Get started for $0 on the Free Tier, and when you’re ready, you can upgrade to the Enterprise Tier to pay as you go. If you’d like to take advantage of Enterprise pricing, please reach out to [email protected].

Pricing is based on data volume (GB) processed by Nightfall per month. Learn more about pricing plans here.

How is the Developer Platform deployed?

The Developer Platform is a fully managed cloud hosted service. The service is composed of a set of easy to use APIs. There currently aren’t options to self-host the service, but if you have specific requirements, please reach out to [email protected] for a discussion.

How does Nightfall support custom data types?

In two ways:

  • Nightfall’s out of the box detectors can be modified with context rules and exclusion rules.
  • Nightfall also supports inputting custom regular expressions or word lists (i.e. dictionaries) as detectors in the RE2 standard as documented here.

How does Nightfall differ from other solutions?

The Nightfall Developer Platform differs from other solutions like Google DLP and Amazon Macie, as well as open source solutions like truffleHog, on a number of dimensions summarized below.

Accuracy

  • While solutions like Google DLP have a broad set of detectors, many of them are rules or regex based, which means many of the detectors are not usable in practice. Likewise, detection has been found to be inconsistent in some cases, perhaps due to internal A/B testing.
  • Because of the limitations of regex-based rules, instead of leveraging machine learning based detectors, OSS detection solutions tend to have a much higher rate of false positives compared to Nightfall.
  • Detector configurability and ability to provide metrics at the token level makes Nightfall accurate and actionable to engineering & security teams.

Convenience

  • Want to leave the last 4 digits of a credit card number visible, securely encrypt emails, and completely remove SSNs from your data? The Nightfall platform allows you to redact/replace, substitute, and/or encrypt sensitive data findings in the same API call as your inspection request.

Ease of use

  • All inspection configuration in Google DLP is done as code, which makes it challenging to easily update, visualize, and modify detection rules and configuration. Nightfall allows for configuration as code, as well as the Nightfall Dashboard for creating and updating detection rules, which makes it easier to collaborate.
  • OSS secret detection tools tend to rely heavily on manual creation of regex-based detection compared to an ability to programmatically scan text and file inputs using 150+ detectors in Nightfall – e.g. truffleHog only enables you to scan for secrets like passwords and private keys whereas Nightfall scans for not only secrets and credentials, but also allows you to use our vast detector library to scan for PII, PCI, and PHI.

File parsing

  • To parse files with Google DLP and Macie, each requires that they be in their respective cloud storage (Google Cloud Storage or S3, respectively). With the Nightfall Developer Platform, we take care of storage requirements for you. Uploaded assets are stored encrypted at rest with minimal access permissions, and are automatically deleted after 24 hours.
  • Amazon’s file parsers are limited to around 20 file types. Most notably, Macie does not support images. Text extraction via machine-learning based OCR for images is a core component of Nightfall’s file scanning endpoint.
  • Open source secrets detection solutions are limited in their detection capabilities. Namely, these projects do not support scanning binary files. Nightfall supports binary files and the ability to scan diff files.

Platform agnostic

  • Each cloud provider's DLP products are geared towards protecting their own cloud services. For example, Google DLP’s native integrations are limited to Google Cloud offerings such as BigQuery. Similarly, Macie is primarily designed around scanning AWS S3 buckets. The interface is largely geared towards exploring sensitive data across S3 buckets. To scan content outside of S3, Amazon’s recommendation is to move or replicate the data into S3 to scan, which is impractical.
  • OSS solutions are primarily designed around git repositories.
  • Nightfall has native integrations with many cloud applications like Slack, Atlassian, GitHub, Google Drive, as well a broad set of tutorials and open source code so you can build integrations into any data silo with ease. For example, this includes services like Snowflake, Airtable, and more.

Support and documentation

  • Google DLP and Macie are loosely supported products and with many cloud offerings, support is hard to come by. Nightfall is laser-focused on best-of-breed content inspection and we are ready to address your questions and use cases.
  • Nightfall also has extensive documentation including SDKs for multiple languages including Python, Java, NodeJS, and Go - with more under consistent development.

Cost and scale

  • Costs can balloon quickly with commercial services. They also have rate limits that don’t suit high data volumes.
  • Open source solutions have high hidden costs in the form of TCO, maintenance, and opportunity cost.
  • Nightfall offers a custom enterprise tier that can help you scale pricing based on your anticipated usage as well as custom rate limits.

How do I get help?

To reach support you can email us at [email protected]. We also host Nightfall Developer Office Hours on Wednesday's at 12pm PT to help answer any questions, talk through any ideas, or just generally chat about data security, we would love to see you there!

Updated almost 2 years ago