Data risk detection is a key capability where Normalyze has made significant investments. We have built a patented proprietary risk detection mechanism that identifies open attack paths to data and alerts to the increased data breach risk associated with those attack paths. This unique mechanism works by correlating resource configuration, access policies and privilege grants, and sensitive data classification.
Two additional features underscore Normalyze’s category-leading data risk detection capabilities: suspicious data movement detection and compliance framework and control tags.
Detect suspicious data movement
When LastPass suffered a significant breach in August 2022, the attacker made snapshots of sensitive data, copied the snapshots, and then moved them out to an external account. This is a clear example of why Normalyze’s stance has always been that data security cannot rely on simply evaluating data in isolation.
Normalyze already discovers all data stores, including backups and point-in-time snapshots of data stores, and helps security teams identify abandoned backups.
Now, we have added the capability to track activity around these sensitive backups/snapshots as well to detect and alert when:
- copies are made of the snapshots with sensitive data,
- snapshots/copies are moved across accounts, and
- snapshots/copies are moved across regions.
Normalyze detects data movement by reading and analyzing the cloud service provider cloud activity logs which record the creation, copying, and movement of snapshots.
As with other detections, customers can create automation rules based on these new types of risk. Options include notification via email/slack or creating tickets via an ITOps tool such as JIRA to automatically trigger existing remediation workflows with incident response and DevOps teams.
Prioritize risks with context of compliance frameworks and controls
Every enterprise security team is inundated with a flood of alerts from various tools. Normalyze has a variety of mechanisms already, such as risk rating, risk type tagging, and data store classification by risk to help data security teams focus on the right alerts to investigate and remediate.
We’ve also added compliance framework and control tags for every risk detected within Normalyze. Security teams can now easily understand which best practice benchmark or compliance framework they’re not adhering to. Beyond just the framework, security teams can also see the context of which exact control they’re failing within that framework, so they can investigate and take appropriate action.
Benchmarks supported as of today include: NIST 800-53, NIST 800-171, SOC2, GDPR, AWS CIS, GCP CIS, and Azure CIS. We will continue to enhance this list to include more benchmarks in the future.
Try Normalyze in Your Environment!
If category-leading risk detection capabilities are what you need, we invite you to try Normalyze for free in your own environment. Sign up for our Freemium. Setup takes just 10 minutes, after which you can see for yourself how the power of Normalyze will provide your security teams with 100 percent visibility and control of cloud-resident sensitive data.