Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

ICYM: 4 lessons for securing codebases from secrets exfiltration

Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.

Preventing data loss in data warehouses with the Nightfall Developer Platform

Data warehouses power your data analysis and business intelligence operations so you can level up your knowledge and progress toward bigger business goals. Like any key component of your tech stack, using data warehouses effectively also requires care and caution — especially when uploading and sharing sensitive information.

The NIST Cybersecurity Framework: Security Checklist And Best Practices

The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries.

Prevent secrets, credentials, and PII leaking in application logs with the Nightfall Developer Platform

Infosec leaders have a lot of corners to cover in their cybersecurity strategy. When crafting the tactics and onboarding the platforms that will protect sensitive information, the checklist of requirements could be missing a very important vector for attack, compliance risk or data loss: application logs.

GLBA Compliance Checklist: Keeping Financial Data Safe And Secure

GLBA compliance isn’t something to take lightly. These measures are strictly enforced by the Federal Trade Commission (FTC). In 2018, for instance, Venmo and its parent company PayPal reached a settlement after complaints about the company’s handling of privacy disclosures. The peer-to-peer payment app had 150 days to adhere to GLBA compliance, or it faced fines of up $41,484 per violation.

The Basics of PCI Compliance: Merchant Levels and Requirements

PCI compliance isn’t just good for customers; it’s also good for business. Merchants that fall short of PCI compliance standards not only put their customer data at risk, they also may face hefty fines. The PCI Compliance Guide reports that fines and penalties can range from $5,000 to $100,000 per month for the merchant.

Is Dropbox HIPAA Complinant?

Dropbox is known for being a convenient file sharing and storage tool. For over a decade, Dropbox has allowed teams to collaborate cross- functionally by providing a single source of truth. With files being managed and synced to a central location, teams can work together without issues of version control. Even in a post- Google Drive and OneDrive era, Dropbox remains important, as not everyone uses the same productivity suites.

Is Google Drive HIPAA Compliant?

Google Drive is one of the oldest and most well known cloud storage and productivity suites. Although Google Drive launched in 2012, Google’s productivity platform dates back to 2006, when Google Docs and Google Sheets first launched. Over the years, Google would more closely integrate these services before moving them under the Google Drive and Google Suite brand. Today, Google Drive and Google’s entire suite of collaborative tools are referred to as Google Workspace.

PII Compliance Checklist & Best Practices

Research from Gartner suggests that, by 2023, more than 60% of the world’s population will be covered by some form of personal data protection legislation. From GDPR to CalPRA, privacy regulations are on the rise. These compliance regimes aim to protect a user’s rights to their data — which, in practice, means that businesses need to implement more effective approaches to security.

Open source data loss prevention for helpdesk ticketing systems

When your customers want help, ticketing systems provide the first line of communication between your company and your customers. Solving a problem or resolving an issue for your customers often requires collecting a lot of information and context throughout the support interaction. Especially today, these interactions can be captured through a myriad of channels including but not limited to messaging apps, SMS, social media, help centers, forums, bots, video conferencing, and more.