The primary shift to focus on data is not a surprise to anyone as data, especially in a new hybrid, multi-cloud reality we all live in, is the primary target for attackers. By focusing on data, we at Normalyze empower security teams to filter through the firehose of noise and prioritize their actions to safeguard what matters most to their organization.
Data Security Trends
Key trends are driving security initiatives for CISOs and support the focus on data:
Generative AI: Security risks around generative AI made headlines all year. Generative AI enables hackers to scale and improve the effectiveness of their attacks. At the same time, security teams use generative AI to scale their protections and address the security skills gap that many organizations face. In addition, organizations must ensure their sensitive data isn’t fed into LLMs, creating exposure risk even when safeguards are in place.
Hybrid Cloud: While cloud deployments continue to grow, led by Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP), organizations also store data in PaaS platforms like Snowflake and on premises. A significant volume of sensitive data resides in SaaS platforms like Microsoft Office 365 and Google Drive.
SEC Incident Disclosure Rules: The Final Rule on Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure by Public Companies increases CISO visibility at the board level. Material cybersecurity incidents are now treated the same as any other material issues that must be disclosed under existing SEC mandates, and public companies need to report annually on security posture. Not surprisingly, the first incident disclosure under the new final rule involved data theft.
The Ransomware Juggernaut: As ransomware becomes more sophisticated and prevalent, teams need to improve their people, processes, and technology to keep up. Mergers and acquisitions also put a target on your back, and security teams need to be agile and automated to keep systems secure.
The Growth of the Normalyze Cloud Platform to Address Customers’ DSPM Requirements
With these trends and the inflow of customers’ inquiries in mind, Normalyze expanded its Data Security Posture Management platform in 2023 for more precise visibility into data across the full array of platforms and to help teams prioritize security issues based on their impact on the organization. We remain a product-centric organization that is focused on understanding customers’ needs and providing solutions to help manage their data sprawl and get full visibility around looming data risks.
Prioritize Risk for Effective Security
With the first-ever data security patent, U.S. Patent # 11,575,696, Normalyze identifies and highlights attack paths to sensitive data. By identifying risks in network resources that have access to sensitive data, Normalyze gives security teams visibility into potential attacks on otherwise properly secured data. Walk through examples of how Normalyze detects attack paths and how to remediate issues identified.
The new monetary value of data calculation highlights your most critical sensitive data so you can secure it first and more easily communicate risk to executives in a language they can easily understand.
Normalyze risk signatures now include tags for the STRIDE and MITRE frameworks, showing how data risks align with the leading threat models for data security.
Scale Teams with Generative AI
Normalyze leverages AI to create prescriptive guidance for security teams to address issues and help address the skills gap. Keeping a better handle on your sensitive data helps ensure that your LLMs are ingesting only the data you intend.
Protect Data in Motion
As Isaac Newton observed, objects at rest remain at rest unless acted on by a net external force. It seems data is constantly acted upon by external forces, so you need to track its movement. Normalyze Cloud Platform 2.0, released in April 2023, addresses data in motion with data flow diagrams, data lineage tracking, data access graphs, anomaly detection, and one-click remediation of data access issues.
All Your Data, Wherever it Resides
Expanded infrastructure support means you can manage the data security posture of your hybrid environments, including leading on-premises databases and SaaS applications as well as IaaS and PaaS applications, from a single platform for a complete understanding of your data attack surface.
Get automatic protection, recovery, and defense against detected data risks and ransomware with the Normalyze / Cohesity integration. Cohesity users see which data Normalyze has identified and classified as sensitive, and Normalyze users see which sensitive data is backed up and protected by Cohesity.
We’re improving user experience to provide faster onboarding and a full documentation library. Our new monthly release cycle with detailed new feature updates helps customers get the full value of the product.
Recognition & Conferences
This has been a year of talking to CISOs and security teams to help lead the discussion on strategy and tactics for data security.
Here are a few highlights of our participation in the community:
- NYSE interview Black Hat USA, September 2023
- Dark Reading interview, September 2023
- Data Security Action Lab, May-June 2023
- CISO Top Challenges vs. Priorities, April 2023
Moving Into 2024
Normalyze continues to collaborate with CISOs and security teams to help them identify and protect their sensitive data. The security teams we work with across an array of organizations are instrumental in driving how we build our DSPM platform, and we wouldn’t be where we are today without a collective effort.
2024 is the year for DSPM, and the whole team at Normalyze is excited to expand our capabilities and enhance data protection for companies of all sizes.