May 6 – 9, 2024

rsa logo
Free EXPO Pass
Code: 52ENORMALZXP

FEATURED

DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
Improve Cloud Security:
Dark Reading Interviews Ravi Ithal

FEATURED

CYBER 60: The fastest-growing startups in cybersecurity

FEATURED

Gartner® Innovation Insight: Data Security Posture Management

Our mission

Help enterprises protect all the data they run in the cloud

The reality is that data discovery and data classification have been significant challenges for years and remain the top problem enterprise security teams face to this day. And this problem is exacerbated in cloud environments where data sprawl is happening at an accelerated pace. Yet, if security teams don’t know where their data resides or its value, how successful can they be in avoiding data breaches? However, traditionally, the security profession has largely focused on protecting assets, not data. With Normalyze, we will change that and finally put data security at the center of information security where it belongs.
Normalyze, through its agentless assessments, data discovery, AI-driven risk prioritization, and comprehensive and actionable remediation insights, helps enterprises understand the full range of risks present against their cloud data.
That includes everything needed to be discovered and understood surrounding the cloud data including applications, infrastructure, configurations, vulnerabilities, and the identities and permissions associated with access. Everything is provided within the graph and connects all factors necessary to identify sensitive data, correlate risks and provide corrective actions.

The rise of cloud computing has increased the complexity of the enterprise attack surface. Modern development pipelines deliver continuously, while the move to “infrastructure as code,” as well as microservices, makes it all too easy to misconfigure workloads and cloud services as configurations change, identities and their privileges evolve, and data stores become increasingly intricate.

Meet Our Company

Normalyze is solving one of information security’s biggest challenges: cloud data security.

The reality is that data discovery and data classification have been significant challenges for years and remain the top problem enterprise security teams face to this day. Yet, if security teams don’t know where their data resides or its value, how successful can they be in avoiding data breaches? The very job, “information security,” has information embedded in its title. However, traditionally, the security profession has largely focused on protecting assets, not data. With Normalyze, we will change that and finally put data security at the center of information security where it belongs.

Why Normalyze, and why now?

We are often asked why we founded Normalyze. That’s an interesting and straightforward story. When Ravi was looking for the next problem to solve after Netskope, a company he helped found after nearly six years as a founding engineer at Palo Alto Networks, he started speaking with working CISOs and questioned them about their most pressing challenges and what concerns keep them up at night. Three themes continually arose: data governance, data access and authorization, and cloud data security. The reality is unmistakable. Data security is growing more challenging over time, not less.

Ravi continued his discussions with CISOs, and eventually potential investors about developing a cloud data security platform that would connect to enterprise cloud accounts and provide a comprehensive view of all an organization’s data stores, and then prioritize the value of that data, detail who has access to that data, the associated system vulnerabilities surrounding that data, and more. Unsurprisingly, that idea resonated very well with both investors and CISOs.

It was during this time Amer and Ravi were introduced. Like Ravi, Amer has decades of experience in enterprise information security, most notably 17 years at Qualys, one of the first security companies to deliver their software as a service, as chief marketing officer, VP of corporate development and strategic alliances, and chief commercial officer. The two of us hit it off immediately. Professionally, we are very complementary, as Amer is an expert in enterprise security products and outbound communication, and Ravi’s focus is product development and inbound communications. Our partnership, and friendship, grew over time and across multiple meetings.
We continued to meet with customers and refine how to solve the cloud data security challenge. Soon, we decided to combine forces to address this cloud data security challenge and solve it at scale. And we didn’t just want to solve this problem, we wanted to do so in a way that made our ultimate solution as ubiquitously available as possible.

Normalyze: placing data at the center of information security

While data is central to information security, the rise of cloud computing has also brought more complexity and increased the enterprise attack surface. Thanks to the cloud, enterprises can do more complex things with technology, but cloud computing has also increased the size and complexity of the enterprise attack surface. Enterprise software development pipelines are continuous now, and microservices make it easy for data to move and change in the blink of an eye. This is fine if those data sources are under the purview of security. After all, CISOs are still responsible for securing their enterprise’s data; they need to know where the data resides.

In addition to the proliferation of enterprise clouds and the data they store, the amount of enterprise data is also increasing because AI/ML systems have a deep thirst for data. And because of digital transformation, AI/ML workloads are increasing dramatically. These workloads typically involve data copied from production and transferred to another cloud. All this cloud and AI/ML-driven data sprawl means it will become increasingly more challenging for security teams to discover, classify, and protect their data.

This is the set of challenges Normalyze solves. Normalyze first identifies the organization’s cloud systems and then discovers the most sensitive structured and unstructured data within those systems. Normalyze determines who has access to that data and their level of access. Normalyze also discovers the microservices in use and identifies their vulnerabilities and misconfigurations that place data at risk. With Normalyze, security teams, CISOs, GRC professionals, and DevOps teams.

Can view their entire cloud infrastructure. They can see in one concise place where their most essential data reside and prioritize securing that data based on risk. This way, enterprises always know that their most important data is secured.

Normalyze then coalesces all this data security into a comprehensive graph that connects every factor necessary to identify enterprise cloud data, correlate risks, and provide the information necessary for prioritized remediation. Remediation efforts can be dispatched to a service management platform, or other automated measures can be taken. Specific groups or individuals can be alerted to remedy the vulnerability, or steps can be taken to remove access.

We’re also building a company based on exceptional culture and values. That includes bringing these exceptional data security capabilities to as many organizations as possible. Traditionally, many security companies focus their efforts toward either the mid-market or the enterprise, but not both. Normalyze has an opportunity to help improve security for both mid and large companies. This is because, too often, smaller companies have not had access to best-of-breed technologies, and as their organizations grow, they grow out of them. We are trying to make cloud data security accessible to everyone. One also doesn’t have to be a data scientist to get immediate value from Normalyze.

Finally, we are not only building an exceptional technology that will bring cloud data security back to the center of information security again, but we are also building a great company with an exceptional culture that is global, diverse, remote, transparent, and decidedly collaborative. And we are already working with major enterprises. We have openings for those who seek a great opportunity and have a passion for changing the information security status quo. Please feel free to visit the website and apply. Securing the data has long been one of the biggest challenges with security, and thanks to Normalyze, it doesn’t have to stay that way. We believe we are building something special for our customers and our employees. And we believe in this mission to place data security at the center of cybersecurity, where it has always belonged.