Normalyze is a company that solves some of the most painful problems enterprise IT security teams face in the cloud and data security space. Pulse 2.0 interviewed Normalyze founder and Chief Technology Officer (CTO) Ravi Ithal to learn more.
Ravi Ithal’s Background
Ithal loves solving problems and learning about new approaches to solve problems. And Ithal said:
“That makes me a technologist at heart. I realized early in my career that I wanted to solve interesting, real and big problems and that if the problems were big enough, I couldn’t do it alone. Not only did I have to create an ongoing way to meet similar-minded people, but I also needed to look at technology as a tool to solve business problems and raise money to develop it — that’s how I became an entrepreneur.”
Formation Of Normalyze
How did the idea for Normalyze come together? Ithal shared:
“I was fortunate enough to be an early engineer at Palo Alto Networks, where we built a new way to manage network security by bringing app awareness into firewalls. Towards the early 2010s, as SaaS apps proliferated, data security for those SaaS apps became a big challenge, which led to what we built at Netskope. I was fortunate to find really competent, like-minded people to work with to solve this problem for everybody at Netskope. Towards the end of the 2010s, IaaS providers took off in a big way. With cloud technology and the increased rate of SaaS developments to make businesses more efficient, data was constantly being moved across and stored in different environments. I spoke with CISOs who saw the same problem. The way applications are developed in the cloud changed from monoliths to microservices, each with its own data store. Building these microservices and maintaining their own data helps their business become more efficient, but at the cost of now having 100 more places where customer data or intellectual property reside. CISOs and security teams are not only losing track of where their data is, they also don’t know who has access to it or what the risks are for each data store.
Then I met Amer Deeba, an industry veteran known for his passion for security, impressive go-to-market track record, and empathy for customers’ struggles with the evolving security landscape, and it became clear what we needed to do. Amer and I founded Normalyze not only to address these pervasive data security challenges but to develop a holistic platform that compiles all of this security information into one place.”
Favorite Memory
What has been your favorite memory working for Normalyze so far? Ithal reflected:
“This might sound a bit controversial, but I believe the only way to be the best at something is to go all-in and obsess about it. If not, you need to believe you and your team are so much smarter at this one thing than anyone else in the world, and that, to me, sounds bombastic. So where does that leave us? My favorite memories are always those moments when you realize your obsession and going all-in is paying off in terms of solving what you set out to solve. In the context of a team, it’s seeing that others are completely aligned with you and obsess as much or more about the same things you obsess about. I remember a day when I was just waking up and someone sent me a message saying they stayed up all night to solve something we discussed at 11pm the previous night – and neither of us had any expectation whatsoever that it would be solved by that morning. I have a few of those memories, and they all center around a team member going at it on their own volition.”
Challenges Faced
What are some of the challenges Ithal faced in building the company? Ithal acknowledged:
“Normalyze was founded in 2020. Finding exceptional talent was not easy; there was a lot of competition for the best and the brightest. However, we have been fortunate to attract people who share the same values, energy, and passion for solving technical problems. It’s not easy to this day – as technical expertise only goes so far – but the talent we bring on board is mission-oriented and ready to go all-in to innovate and solve our customers’ problems. “
Core Products
What are Normalyze’s core products and features? Ithal explained:
“Data is at the heart of our platform and features. To identify security risks, Normalyze uses machine learning algorithms, like our Single Pass Scanner, and patented technology to analyze data from cloud providers, SaaS applications, and on-premises data stores. Our cloud platform supports all native cloud data stores across all major clouds. Our security assessment capability allows security teams to conduct comprehensive security assessments quickly and easily without the need for agents.”
“Normalyze helps security operators collaborate with DevOps and cloud engineering teams to fix problems quickly by integrating with 3rd party ticketing, notification, and automation platforms.”
“We provide a unique risk prioritization capability, popular with customers: risks are ranked according to the monetary value of the business impact should a breach happen. We prioritize risks and provide automated or guided remediation; now, security teams focus on addressing risks that, if exploited, would cost the organization the most – instead of drowning in alerts that do not shed light on which risks can cause the most monetary and reputational damage to the organization. This also helps CISOs assure their Boards and shareholders that the most sensitive – and costly – data is protected.”
Evolution of Normalyze’s Technology
How has Normalyze’s technology evolved since launching? Ithal noted:
“I have seen a number of founders struggle with widespread adaptability of their product or solution after launching. This usually results from overestimating the pain/problem and/or the solution. Fortunately, in my last two start-ups as well as at Normalyze, our horizon has been expanding as we make progress. In other words, this opportunity is bigger than any of us thought it would be. We have found higher resonance to the initial cloud data proliferation problem, and we have been asked about how we can help with tackling the same problem in PaaS, SaaS, on-premises, and more. Many infosec teams are blind to the core of what they are trying to protect: their data. What’s missing today is a single dashboard that shows where their data exists, who has access to it, who needs access to it, and what the risks around those accesses – regardless of the location of the data. It’s a tall mountain, but we are climbing it.”
Customer Success Stories
Upon asking Ithal about customer success stories, he commented:
“We discovered that a domain takeover had taken over the public cloud storage of one of our customers. In order to save them hundreds of hours of work, we built a feature that allows them to discover all of their data stores at once without having to sift through each one individually. The most valuable outcome was that it made the security posture much better.”
“Another customer had us scan their Snowflake instance with a half million columns, which is arguably impossible for a human to review for data security issues. And we found not only that they had unencrypted sensitive data in some of the columns but also that a large percentage of those columns were duplicated. They were able to trace this issue to a few teams and start the remediation. In their own words, our detection was ‘shockingly accurate and opened their eyes’.”
“Our customers have been using us to prioritize all their efforts. Several of our adopters complained that they would have hundreds or thousands of alerts if they used any other cloud security product. As I mentioned, our prioritization capability allows them to focus on things that are important, such as risks, alerts, and everything that is connected to the monetary value of the data they have. Addressing customer issues quickly by prioritizing their needs, saving them time, and having our engineering team dig deeper into their problems is a major factor in our success.”
Funding
When I asked Ithal about funding and the company’s revenue model, he revealed:
“To date, we’ve raised over $26 million in funding across seed and series A. We feel very fortunate to have two really strong, world-class investors, Arif Janmohamed and Dharmesh Thakker, who have funded some of the most successful data and security companies, such as Databricks and Netskope.”
“At Normalyze, we generate revenue by charging an annual subscription for our product at a rate that depends on the amount of data scanned. ” This simple model allows customers to scale quickly.
Total Addressable Market
What total addressable market (TAM) size is Normalyze pursuing? Ithal assessed:
“Let’s first observe an emerging truth: ‘Data security is the future of cybersecurity.’ With that as the backdrop, public cloud spending is $180 billion annually, and I’d imagine about 10% of that is spent on cloud security as a whole. Since Normalyze covers data security in the public cloud, PaaS, SaaS, and on-prem, our TAM has expanded even further. The exact number today is a bit nebulous since the approach is new, but this gives you an idea of the opportunity that lies ahead.”
Differentiation From The Competition
What differentiates Normalyze from its competition? Ithal affirmed:
“I think the single biggest thing that distinguishes us from the competition is our stamina to pursue our mission. Our mission of making the world’s data more secure. Making data breaches a thing of the past by enabling infosec teams to always keep their eyes on the prize instead of flying blind. It’s a long journey to get there, and we are committed. There’s a number of technical differentiators, too.”
“Our seasoned and passionate team brings a wealth of expertise in data security to the table. Having successfully tackled data security challenges in their previous work, at companies known for their innovation and industry disruption, they possess an in-depth understanding of the complexities faced by data security practitioners and leaders. This invaluable experience positions us as a trusted partner capable of addressing the most pressing data security concerns with confidence and precision.”
“Additionally, our future-proof architecture stands as a testament to our strategic vision. Recognizing that data security extends beyond a single surface area, we have built a platform designed to secure data everywhere. By anticipating the trajectory of the data security landscape, we’ve architected a solution that can seamlessly adapt and protect against evolving threats. This approach not only future-proofs our offerings but also positions us as industry pioneers at the forefront of data security innovation.”
“Our portfolio is fortified by patented technologies that give us a significant competitive advantage. Our groundbreaking advancements, including the data attack path and the single-pass scanner, empower us to deliver efficiency and efficacy in safeguarding against data breaches. These innovative technologies streamline our security processes, enabling us to detect and mitigate threats swiftly and effectively. By leveraging our patented solutions, we cement our position as a market leader, constantly pushing the boundaries of what is possible in data security.”
Future Company Goals
What are some of Normalyze’s future company goals? Ithal concluded:
“Normalyze helps organizations keep what matters most— their data— safe from breaches by detecting security and privacy risks for data at rest and in motion. Using patented technology, Normalyze provides real-time visibility and control into data security posture, including data discovery and classification, access governance, configurations, and compliance across cloud environments.”
“We want to give CISOs the proof that their company’s data is safe, proof that is at their fingertips at all times in a single dashboard, which highlights risks that have the biggest impact on the entire business. Our goal is straightforward: give CISOs and their security teams peace of mind that their data, wherever it resides, is protected from breaches.”
“We will give you the truth about data so informed decisions can be made. We want customers to trust Normalyze to give them a full picture of their data – and how to protect it – across multi-cloud, PaaS, SaaS, and on-prem environments.”
