Nightfall AI, a startup that provides cloud data loss prevention services, announced today that it has raised $40 million in Series B funding from investors including Westbridge Capital, Venrock, Bain Capital Ventures and — for some reason — athletes and celebrities Paul Rudd, Drew Brees, and more. Josh Childress. CEO Isaac Madan said the proceeds will be used to double NightFall’s 60-person headcount, expand the platform to more customers and markets, and expand NightFall’s partner ecosystem.
Madan co-founded Nightfall in 2018 with CTO Rohan Sathe. Isaac was previously a VC investor at Venrock, which focused on early stage software such as services, security and machine learning. Rohan is one of Uber Eats’ founding engineers and has designed and built software to grow the platform’s footprint.
Rescue He and Sate were inspired to start Nightfall because of Sate’s personal experience with data breaches stemming from poor “data security hygiene”. Sathe was at Uber in 2016 when a developer hacked a private code repository on GitHub, causing the hacker to dump Uber drivers and driver data into a public repository service.
“This breach has made it clear that attackers can eventually gain access to private applications, so ensuring strong data security is critical to mitigate risk once a bad actor gets in,” Madan told TechCrunch in an email Q&A. “Digital transformation and the shift to the hybrid workplace has eroded the traditional corporate perimeter as employees are no longer guaranteed access to managed devices and networks. This has led to the proliferation of cloud applications that store data completely opaque to security teams and increase the attack surface.
Nightfall platforms like Slack, Salesforce, Google Drive, Confluence, and Jira track incoming and outgoing data, using machine learning algorithms to determine which are sensitive, personally identifiable (PII), non-compliant (regulations like HIPAA and GDPR), or safe to share. . From the dashboard, administrators can set up automated workflows for retention, deletion, and more, or view data such as real-time and historical PII counts.
Nightfall provides out-of-the-box customized PII detectors that can identify tampering keys, credit card numbers, names, locations, phone numbers, social security numbers, and even cryptocurrency wallet addresses in GitHub repositories. Exposed Rescue Nightfall data classification technology through APIs and software enhancement kits can be applied only with respect to an application or service.
“[We’ve] Nightfall has launched partnerships with Snyk, Cribl, Virtru, Hanzo and others to expand our partner capabilities by incorporating detection capabilities into their offerings,” said Madan. “Organizations today manage large amounts of sensitive data, extensive credentials and passwords, PII, protected health information, and more… [With Nightfall, they can] Act on sensitive data, get full context about breaches and automate response, train end users to fix problems or fix themselves.
Nightfall customers may opt-out of the platform’s data policy, allowing Nightfall to continually update their data. [its] Data Classification Algorithms. Meanwhile, employees may be concerned about monitoring capabilities; One of the use cases that Nightfall advertises on its website is to scan chat tools (eg Slack) for unauthorized content.
The company suggests that its platform can limit toxicity and profanity, but algorithms have historically not done a good job at this. More problematically, Nightfall encourages “insider threat” defense features that could theoretically be used to attack hackers.
During the pandemic, various forms of workplace monitoring have been widely used – enabling a shift to remote and hybrid work configurations. One market research firm estimates that 60% of large organizations have tools to monitor employees remotely. But the workers pushed back. In the year According to a 2021 survey by ExpressVPN, most people in the United States believe that regulating software that’s legal—a breach of trust—and would consider terminating the company that used it.
Madan did not directly respond to questions about employee privacy. But it says companies have a choice not to share any information with Nightfall; They can request that their data be deleted.
“With the rapid growth of data volumes and cloud applications in the enterprise, data fragility is rampant and will only get worse,” Madan said. “The shift to the hybrid workplace has eroded the traditional perimeter, and organizations must focus on the applications and services that keep sensitive data in their environment – the crown jewels.
While Nightfall competes in the multibillion-dollar data loss prevention market with well-funded startups including Netscope, Optimum Security and BitGlass, the company has managed to attract clients since its inception, including Clavio, UserTest and Rightway, among “hundreds” of others. The private sector accounts for most of Nightfall’s customer base, but Salvage is open to government and military customers in the future — reflecting the money coming from cybersecurity in the defense industry, he said.
When reached for comment via email, Bain Capital Ventures partner and Nightfall board member Enrique Salem said: “Data security is quickly becoming the most critical and vulnerable part of an organization’s security stack. Nightfall is an emerging leader in Cloud DLP, protecting organizations from costly data breaches and enabling robust data security hygiene without restricting business users.
To date, Nightfall – which is based in San Francisco – has raised $60 million in funding and has saved more than 40 million “sensitive data finds.”