Proofpoint completes acquisition of Normalyze. Read more.
What is DSPM?

FEATURED

Gartner® Innovation Insight: Data Security Posture Management
Get Report
PLATFORM
The Normalyze Platform
Supported Environments
Platform Benefits
Solution Differentiators
Data Handling for DSPM
USE CASES

Reduce Data Access Risks

Enforce Data Governance
Eliminate Abandoned Data

Secure PaaS Data

Enable Use of AI

DSPM for Snowflake

MARKETS

Healthcare
Retail
Technology
Media
M&A

FEATURED

DSPM Buyer's Guide: Report
DSPM Buyer's Guide

A toolkit to help gather internal DSPM requirements and evaluate vendors

Get Your Copy

FEATURED

CYBER 60: The fastest-growing startups in cybersecurity
Get Report

Data Risk Detection with Visibility and Context

Gautam Kanaparthi

February 9, 2023

Data risk detection is a key capability where Normalyze has made significant investments. We have built a patented proprietary risk detection mechanism that identifies open attack paths to data and alerts to the increased data breach risk associated with those attack paths. This unique mechanism works by correlating resource configuration, access policies and privilege grants, and sensitive data classification. 

Two additional features underscore Normalyze’s category-leading data risk detection capabilities: suspicious data movement detection and compliance framework and control tags.

 

Detect suspicious data movement

When LastPass suffered a significant breach in August 2022, the attacker made snapshots of sensitive data, copied the snapshots, and then moved them out to an external account. This is a clear example of why Normalyze’s stance has always been that data security cannot rely on simply evaluating data in isolation. 

Normalyze already discovers all data stores, including backups and point-in-time snapshots of data stores, and helps security teams identify abandoned backups.

Now, we have added the capability to track activity around these sensitive backups/snapshots as well to detect and alert when:

  • copies are made of the snapshots with sensitive data,
  • snapshots/copies are moved across accounts, and 
  • snapshots/copies are moved across regions.

Normalyze detects data movement by reading and analyzing the cloud service provider cloud activity logs which record the creation, copying, and movement of snapshots.

As with other detections, customers can create automation rules based on these new types of risk. Options include notification via email/slack or creating tickets via an ITOps tool such as JIRA to automatically trigger existing remediation workflows with incident response and DevOps teams. 

 

Prioritize risks with context of compliance frameworks and controls

Every enterprise security team is inundated with a flood of alerts from various tools. Normalyze has a variety of mechanisms already, such as risk rating, risk type tagging, and data store classification by risk to help data security teams focus on the right alerts to investigate and remediate. 

We’ve also added compliance framework and control tags for every risk detected within Normalyze. Security teams can now easily understand which best practice benchmark or compliance framework they’re not adhering to. Beyond just the framework, security teams can also see the context of which exact control they’re failing within that framework, so they can investigate and take appropriate action. 

 

 

Benchmarks supported as of today include: NIST 800-53, NIST 800-171, SOC2, GDPR, AWS CIS, GCP CIS, and Azure CIS. We will continue to enhance this list to include more benchmarks in the future. 

 

Try Normalyze in Your Environment!

If category-leading risk detection capabilities are what you need, we invite you to try Normalyze for free in your own environment. Sign up for our Freemium. Setup takes just 10 minutes, after which you can see for yourself how the power of Normalyze will provide your security teams with 100 percent visibility and control of cloud-resident sensitive data.

Gautam Kanaparthi

Gautam is the Head of Product at Normalyze. He is passionate about building and scaling market-changing cybersecurity products. At Netskope, Gautam built multiple products from the ground up to help the company address new customer problems, including Nextgen Secure Web Gateway, Advanced Analytics, and Malware Scanning. Before Netskope, he was the principal product manager for Symantec Endpoint Security.