Frequently Asked Questions

What is Normalyze?

Normalyze is an agentless scanning platform that continuously discovers sensitive data and access paths to it from other resources across all your cloud environments. Normalyze provides security teams the ability to analyze, prioritize and respond to data threats, and prevent sensitive data leakage efficiently.

Why do I need Normalyze?

Existing cloud security solutions focus on securing the infrastructure or the workloads that make up your cloud environment. This helps you shield your cloud infrastructure from attackers getting in but you still need to protect your most valuable assets (data) especially if it contains sensitive information. Normalyze puts data at the center of your cloud security program so you can get the full picture of your data stores, applications, identities, infrastructure and how they all connect across all cloud service providers (CSPs). You can discover, classify, and visualize any sensitive data at risk of compromise across all clouds, who has access to it and what you need to do to secure it or achieve compliance with various regulatory standards.

How are you different from CNAPP/CSPM/CWPP/CIEM? How are you different from data discovery solutions?

These solutions either focus on infrastructure security a la misconfigurations(CSPM), vulnerabilities (CWPP) or access issues (CIEM). Normalyze focuses on identifying sensitive data in your environment first and connects all the dots around it to determine the likelihood of risk – misconfigurations, elevated access and permissions across accounts, vulnerabilities, etc. – that could lead to compromise of sensitive data. Without the data insights you end up with a high number of alerts from various tools that are not actionable and will be difficult to prioritize. 


Data discovery solutions are focused mainly on scanning data to categorize it against certain regulatory frameworks such as PCI, HIPAA and GDPR. They act as recommendation engines rather than enforcement as they don’t bring any context about the environment where the sensitive data resides, who has access to it and what type of access, config or vulns is associated with it. Normalyze is a technology platform that brings it all together so you can discover and classify data then enforce remediation based on risk and attack paths that can lead to sensitive data. If you have built data catalogs in other tools, Normalyze can import these data catalogs and use them while scanning cloud data stores to help you classify sensitive data based on these custom catalogs.


In short,

Normalyze = Data discovery + Data classification + CIEM + CSPM + CNAPP

Normalyze works out of the box and provides a better alternative to doing it yourselves by integrating multiple capabilities instead of amalgamating a solution by multiple vendors.

How does Normalyze work?

Behind the scenes, Normalyze operates in 3 phases:

  1. Discovery and Analysis: Normalyze builds an intelligent graph with deep context and transitive trust relationships that represents all the data stores as well as, compute elements, permissions, apps, etc that connect to it.

The Normalyze data scanner will then do a deep scan of the data and determine what data stores house sensitive information and will automatically map it to specific profiles such as PCI, HIPAA and GDPR. 


  1. Detection and Prioritization: Normalyze prioritization engine will identify risk paths discovered through the graph (likelihood of compromise) and prioritize them based on sensitivity of the data at risk (impact of the attack).


  1. Remediation and Prevention: Normalyze lets you integrate with a variety of external tools for notification, ticket creation, workflow triggering etc so that you can take remediation steps when relevant issues are found. You can automate the remediation based on types of accounts, risks, resources, severity etc. As a security engineer, your automation rules can be thought of as your policy and any violations result in actions.

Normalyze also offers all its functionality via REST APIs which can be used to set up rules that prevent risks from ever making it to production.

What does Normalyze not cover?

While our backend is architected to ingest data from any source, currently, Normalyze does not cover data in SaaS apps such as Microsoft 365, Google Docs, Salesforce, etc. or data on-premises file stores.

How do I onboard my cloud accounts to Normalyze?

Normalyze offers a simple process for onboarding of cloud accounts via CloudFormation (AWS), Onboard script (GCP) or Terraform. Onboarding cloud accounts to Normalyze is  typically completed in a few minutes. 


Normalyze only seeks the minimum permissions required in your cloud accounts and creates modular roles that minimize scope of permissions to specific product capabilities being enabled. 

I have an organization with hundreds of accounts. Can Normalyze onboard multiple accounts in one go?

Yes, you can onboard multiple accounts – no upper limit – at once. When you want Normalyze to secure multiple accounts, instead of onboarding each account individually, you can onboard the management account. The process of onboarding a management account is similar to onboarding a standalone account and is completed within minutes. Normalyze automatically discovers all the child accounts under the onboarded account.


You also have the flexibility to pick and choose which accounts under the organization they would like to be monitored. Normalyze provides a URL to create a StackSet in the AWS console and you can select particular OUs or individual accounts under the root account that need to be onboarded. 

What is unique about the Normalyze graph?

The Normalyze graph displays a graph of access and trust relationships that includes deep context with fine-grained process names, data store fingerprints, IAM roles and policies in real-time. It quickly helps you to locate all data stores containing sensitive data, find all access paths, and score potential breach paths based on sensitivity, volume, and permissions to show all breaches waiting to happen.

How does Normalyze access my data?

Normalyze deploys lambdas in your cloud environment to do the discovery and scanning of data. Using patent-pending One-pass data scan technology, it scans the data, both structured and unstructured, within the your environment and only collects metadata to add to the graph. No sensitive data is collected at any point during scanning. Normalyze deploys the lambdas to the cloud regions where scanned data reside, thus eliminating high egress charges and preserving data residency.

What is unique about Normalyze data scan architecture?

  1. High data privacy as no data will leave your environment – whether sensitive or not.
  2. Supports both structured and unstructured data stores.
  3. Data sampling rate can be tuned giving you the flexibility to save time/cost when scanning large data stores
  4. It’s the most cost effective scanning solution compared to any other solution – typically 20x cheaper than native CSP scanning.
  5. Has the ability to detect individual sensitive entities such as name, SSN, CCN, etc. and to combine entities via profiles to check for proximity of these entities hence reducing false-positives when identifying sensitive data especially within unstructured datastores.

What does it cost me to run Normalyze data scanners in my cloud accounts?

    We calculated that scanning 1TB should cost about $50. 

    In real customer environments, we’d expect sampling as well as scanning on a less frequent basis which should result in much lower costs. 

    What is unique about Normalyze One-pass data scanners?

      Normalyze data scanners use our patent-pending One-pass architecture. With One-pass all sensitive data entities and profiles can be detected in a single pass through the text of the data, regardless of how many entities we are looking for.

      This has a few benefits:

      1. Zero upfront configuration: You don’t need any upfront configuration to figure out what type of sensitive data exists where. We simply look for everything with One-pass, achieving lower time-to-value. Compare this to typical scanners which require a lot of technical training before you get value from the product.
      2. High performance: Scan times are much lower. Compute efficiency is much higher, saving money and time. You can iterate faster during incident response. 

      Normalyze scanners also allow customization – custom entities, custom profiles – if you choose to do so. Custom entity and profile detection will then become part of the One-pass data scans across all data stores discovered and monitored by Normalyze.

      What are some typical use cases Normalyze cover?

      Normalyze discovers all cloud native data stores structured and unstructured. For sensitive data scanning these are the currently supported datastores and we will keep adding new ones based on customer demand.

      Unstructured data: S3, GCS, Azure Blob, EBS

      Structured data: Amazon RDS (MySQL, Postgres, Aurora, MariaDB), Amazon Redshift, Google CloudSQL (MySQL, Postgres), Azure MySQL, Azure Postgres, MongoDB, DocumentDB

      How can you scale your data scanning connectors to cover all data sources/types?

      Normalyze’s common data scanner framework allows the creation of new datastore connectors quickly. The framework connects to the various data stores and brings the data into a common format that can be easily parsed and scanned in the same way across all data types.

      I have multiple terabytes of data in my cloud account. Can Normalyze efficiently provide visibility into it?

      This is a common scenario for our customers. The sampling process allows Normalyze to get very good visibility into the datastores regardless of the size. Normalyze platform can be scaled horizontally in an automated way to support your large data volumes.

      I already have product X. How does Normalyze integrate with it?

      Normalyze is built on open APIs and it can be easily integrated with 3rd party solutions to bring their data in and integrate it into the Normalyze graph. Any data you see on the UI is also accessible via APIs. Also outbound integrations with ticketing and notification solutions can be easily achieved via webhooks that are available out-of-the-box. If you have specific requests for integrations, let us know and we’ll be happy to build a connector for you.

      I have a custom data element that I’d like to identify in my datastores. Can Normalyze help me do that?

      Entity definitions and profile definitions are fully customizable from within the UI and the APIs. Let us know if you need help with a specific entity and we can help you create one.

      Can I integrate my data catalog with Normalyze?

      Normalyze can import data catalogs from other data management tools and integrate it into its entity/profiling technique so you can maintain the format of sensitive data the same as their existing data catalogs. If you need help on how to do it with the APIs, let us know and we can help you

      I have a custom query that finds an attack path in the graph. How do I add this check on Normalyze?

      The Normalyze query builder is built for this purpose so you can easily create your own “signatures” from specific attack paths in your cloud environment. You can use the query builder interface to create and test this attack path. You can then promote it to the library of signatures that are run each time the graph changes.

      What is unique about the Normalyze platform?

      1. Only cloud security solution that brings data, access, misconfigs, vulns and compliance into one holistic platform focused on data security.
      2. Normalyze one-pass scanner with both pattern matching and NLP capabilities
      3. Lowest cost of data scanning compared to other similar solutions
      4. Common data framework that allows us to add support to any datastore in a short period of time
      5. Visualize the cloud architecture in real time
      6. Ability to traverse the Normalyze graph and build signatures on the fly to identify any attack path

      What are some typical use cases you support?

      1. Data Discovery for Compliance: Discovering data stores with sensitive data and classifying the data with PCI, GDPR, HIPAA, etc. that can be used as evidence for compliance  – CISO, GRC, Data Officer
      2. Data Access Governance for Compliance: Discovering users/resources with access to sensitive data that can be used as evidence for compliance – CISO and DevSecOps
      3. Data Security: Discovering risk on sensitive data, public exposure, achieving least privileged access and prioritizing security work for devops achieving most ROI  – prioritized by impact and likelihood – Security Ops.
      4. Incident Response: Use historic view of the graph as well as ad-hoc queries to analyze your cloud environments – Devops, Security Ops.
      5. Cloud Architecture diagram for Compliance: Export the graph view to satisfy typical compliance requirements that require an architecture diagram to be made available at any time – DevOps, Cloud Engineering
      6. Access Reviews for Compliance: Export data via reports to help your quarterly/annual access reviews for data assets or any resource within your cloud. Or get ahead of the game and do a continuous access review – CISO
      7. Reduce Cloud Security TCO: consolidate multiple cloud security products by eliminating platform costs, man hours, outages – CISO, CIO


      Gartner® Innovation Insight: Data Security Posture Management


      DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
      Improve Cloud Security: Dark Reading Interviews Ravi Ithal