Security professionals are used to vendors tooting company horns about their products and services. It’s part of what you expect vendors to do! But one event stands above all others in showing technical leadership: earning the grant of a patent from the United States Patent and Trademark Office. Normalyze has received a grant of U.S. Patent # 11,575,696 for Cloud Data Attack Path Detection Based on Cloud Security Posture and Resource Network Path Tracing.
The patent’s name is quite a mouthful, but in plain English, it represents the industry’s very first patent that brings to life the promised benefits of Data Security Posture Management. Its technology connects the risks to sensitive data in customer cloud environments, allowing them to focus on what matters most instead of chasing thousands of alerts generated by other siloed products.
Getting the first and most important patent for DSPM is a big deal for Normalyze – and for enterprises that want to take a modern, effective approach to secure cloud-resident sensitive data. Consider there are currently at least ten different vendors in the DSPM space. Each tells a similar message, but it’s Normalyze that has shown its thought leadership by inventing the core technology underpinning DSPM.
I want to thank patent co-inventors, Yang Zhang and Mummoorthy Murugesan for their enlightening collaboration as we conceived and proved the concept. And I’m proud of the Normalyze technical team’s accomplishment of helping to articulate this vision with the Normalyze platform. Thank you, team!
You can read our 66-page patent here. As a special treat, I’m quoting the abstract below. For non-engineers, everything is explained clearly here on our website. Meanwhile, stay tuned for more innovations in the next few months.
U.S. Patent # 11,575,696
CLOUD DATA ATTACK DETECTION BASED ON CLOUD SECURITY POSTURE AND RESOURCE NETWORK PATH TRACING
The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to accessing permissions data and access control data for pairs of compute resources and storage resources in the cloud environment, tracing network communication paths between the pairs of the compute resources and the storage resources based on the permissions data and the access control data, accessing sensitivity classification data for objects in the storage resources, qualifying a subset of the pairs of the compute resources and the storage resources as vulnerable to breach attack based on an evaluation of the permissions data, the access control data, and the sensitivity classification data against a set risk criterion, and generating a representation of propagation of the breach attack along the network communication paths, the representation of identifying relationships between the subset of the pairs of the compute resources and the storage resources.