What is DSPM?


Gartner® Innovation Insight: Data Security Posture Management
Get Report

Reduce Data Access Risks

Enforce Data Governance
Eliminate Abandoned Data

Secure PaaS Data

Enable Use of AI

DSPM for Snowflake


The Normalyze Platform
Supported Environments
Platform Benefits


DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
DSPM for Dummies:

Your guide to Data Security Posture Management

Get Your Copy


CYBER 60: The fastest-growing startups in cybersecurity
Get Report

2024 is the Year of Data Security

January 4, 2024
The year 2023 was marked by dynamic shifts in data security. We witnessed significant innovation in this space, and Normalyze was at the helm of it.

The primary shift to focus on data is not a surprise to anyone as data, especially in a new hybrid, multi-cloud reality we all live in, is the primary target for attackers. By focusing on data, we at Normalyze empower security teams to filter through the firehose of noise and prioritize their actions to safeguard what matters most to their organization.

Data Security Trends

Key trends are driving security initiatives for CISOs and support the focus on data:

Generative AI: Security risks around generative AI made headlines all year. Generative AI enables hackers to scale and improve the effectiveness of their attacks. At the same time, security teams use generative AI to scale their protections and address the security skills gap that many organizations face. In addition, organizations must ensure their sensitive data isn’t fed into LLMs, creating exposure risk even when safeguards are in place.

Hybrid Cloud: While cloud deployments continue to grow, led by Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP), organizations also store data in PaaS platforms like Snowflake and on premises. A significant volume of sensitive data resides in SaaS platforms like Microsoft Office 365 and Google Drive.

SEC Incident Disclosure Rules: The Final Rule on Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure by Public Companies increases CISO visibility at the board level. Material cybersecurity incidents are now treated the same as any other material issues that must be disclosed under existing SEC mandates, and public companies need to report annually on security posture. Not surprisingly, the first incident disclosure under the new final rule involved data theft.

The Ransomware Juggernaut: As ransomware becomes more sophisticated and prevalent, teams need to improve their people, processes, and technology to keep up. Mergers and acquisitions also put a target on your back, and security teams need to be agile and automated to keep systems secure.

The Growth of the Normalyze Cloud Platform to Address Customers’ DSPM Requirements

With these trends and the inflow of customers’ inquiries in mind, Normalyze expanded its Data Security Posture Management platform in 2023 for more precise visibility into data across the full array of platforms and to help teams prioritize security issues based on their impact on the organization. We remain a product-centric organization that is focused on understanding customers’ needs and providing solutions to help manage their data sprawl and get full visibility around looming data risks.

Prioritize Risk for Effective Security

With the first-ever data security patent, U.S. Patent # 11,575,696, Normalyze identifies and highlights attack paths to sensitive data. By identifying risks in network resources that have access to sensitive data, Normalyze gives security teams visibility into potential attacks on otherwise properly secured data. Walk through examples of how Normalyze detects attack paths and how to remediate issues identified.

The new monetary value of data calculation highlights your most critical sensitive data so you can secure it first and more easily communicate risk to executives in a language they can easily understand.

Normalyze risk signatures now include tags for the STRIDE and MITRE frameworks, showing how data risks align with the leading threat models for data security.

Scale Teams with Generative AI

Normalyze leverages AI to create prescriptive guidance for security teams to address issues and help address the skills gap. Keeping a better handle on your sensitive data helps ensure that your LLMs are ingesting only the data you intend.

Protect Data in Motion

As Isaac Newton observed, objects at rest remain at rest unless acted on by a net external force. It seems data is constantly acted upon by external forces, so you need to track its movement. Normalyze Cloud Platform 2.0, released in April 2023, addresses data in motion with data flow diagrams, data lineage tracking, data access graphs, anomaly detection, and one-click remediation of data access issues.

All Your Data, Wherever it Resides

Expanded infrastructure support means you can manage the data security posture of your hybrid environments, including leading on-premises databases and SaaS applications as well as IaaS and PaaS applications, from a single platform for a complete understanding of your data attack surface.

Availability through AWS marketplace and Snowflake Data Cloud makes it easy to start protecting your SaaS and PaaS environments.

Ransomware Protection

Get automatic protection, recovery, and defense against detected data risks and ransomware with the Normalyze / Cohesity integration. Cohesity users see which data Normalyze has identified and classified as sensitive, and Normalyze users see which sensitive data is backed up and protected by Cohesity.


We’re improving user experience to provide faster onboarding and a full documentation library. Our new monthly release cycle with detailed new feature updates helps customers get the full value of the product.

Recognition & Conferences

To cap off the year, we’re pleased to announce that Normalyze was named to Cyber60, a new annual listing of the top venture-backed companies in cybersecurity.

This has been a year of talking to CISOs and security teams to help lead the discussion on strategy and tactics for data security.

Here are a few highlights of our participation in the community:

Moving Into 2024

Normalyze continues to collaborate with CISOs and security teams to help them identify and protect their sensitive data. The security teams we work with across an array of organizations are instrumental in driving how we build our DSPM platform, and we wouldn’t be where we are today without a collective effort.

2024 is the year for DSPM, and the whole team at Normalyze is excited to expand our capabilities and enhance data protection for companies of all sizes.

GigaOm Radar for DSPM 2024

GigaOm Radar for DSPM 2024

Data is the most valuable asset for a modern enterprise, and its proliferation everywhere makes DSPM an essential tool for visibility into where sensitive data is, who has access to it, and how it is being used.


Normalyze is a pioneering provider of cloud data security solutions helping customers secure their data, applications, identities, and infrastructure across public clouds. With Normalyze, organizations can discover and visualize their cloud data attack surface within minutes and get real-time visibility and control into their security posture, including access, configurations, and sensitive data to secure cloud infrastructures at scale.