We recently spoke with Amer Deeba, CEO, Normalyze, about the core challenges that businesses face when it comes to the cloud, data classification, and data discovery, and how organizations can overcome those hurdles now and in the future.
What is the company's mission?
Normalyze is a cloud data security platform that continuously discovers sensitive data and access paths to it from other resources across your cloud environments. Normalyze provides security teams the ability to analyze, prioritize and respond to data threats, and prevent sensitive data leakage efficiently.
What threats are you combatting at Normalyze?
Existing cloud security solutions focus on securing the infrastructure or the workloads that make up your cloud environment. This helps you shield your cloud infrastructure from attackers getting in but you still need to protect your most valuable assets (data) especially if it contains sensitive information.
Normalyze puts data at the center of your cloud security program so you can get the full picture of your data stores, applications, identities, infrastructure and how they all connect across all cloud service providers (CSPs). You can discover, classify, and visualize any sensitive data at risk of compromise across all clouds, who has access to it and what you need to do to secure it or achieve compliance with various regulatory standards.
What is the gap in current solutions that you are looking to fill?
It’s a crowded market for CNAPP, CSMP, CWPP, and CIEM providers.These solutions either focus on infrastructure security a la misconfigurations(CSPM), vulnerabilities (CWPP) or access issues (CIEM). Normalyze focuses on identifying sensitive data in your environment first and connects all the dots around it to determine the likelihood of risk – misconfigurations, elevated access and permissions across accounts, vulnerabilities, etc. – that could lead to compromise of sensitive data. Without the data insights you end up with a high number of alerts from various tools that are not actionable and will be difficult to prioritize.
Data discovery solutions are focused mainly on scanning data to categorize it against certain regulatory frameworks such as PCI, HIPAA and GDPR. They act as recommendation engines rather than enforcement as they don’t bring any context about the environment where the sensitive data resides, who has access to it and what type of access, config or vulns is associated with it. Normalyze is a technology platform that brings it all together so you can discover and classify data then enforce remediation based on risk and attack paths that can lead to sensitive data. If you have built data catalogs in other tools, Normalyze can import these data catalogs and use them while scanning cloud data stores to help you classify sensitive data based on these custom catalogs.
Normalyze works out of the box and provides a better alternative to doing it yourselves by integrating multiple capabilities instead of amalgamating a solution by multiple vendors.
Ultimately, Normalyze is different in the following 6 ways:
Only cloud security solution that brings data, access, misconfigs, vulns and compliance into one holistic platform focused on data security.
Normalyze one-pass scanner with both pattern matching and NLP capabilities
Lowest cost of data scanning compared to other similar solutions
Common data framework that allows us to add support to any datastore in a short period of time
Visualize the cloud architecture in real time
Ability to traverse the Normalyze graph and build signatures on the fly to identify any attack path
Congrats on the funding. How will you use these resources?
With more than 40 patent claims (4 patents filed), Normalyze has more than 25 employees across the United States and India. The round of funding will be used to expand the engineering and DevOps teams across all geographies, and build out the company’s go-to-market and sales strategies.
What security or compliance trends do you think we'll see more of in the coming year?
In the next few years, cloud security tools will evolve and make data be at the center of it. Such tools will enable CISOs to visualize the data across their cloud environments and understand how the data is used and for what purpose. This will also help avoid data compliance fines, such as the recent Twitter incident where the company got fined $150M for wrongly using consumer’s phone numbers for ad targeting.
In addition, data provenance and usage will become an important part of privacy regulations and new tools will emerge that will certify correct usage of data based on provenance.
Lastly, compliance programs will start using these tools on a continuous basis to provide ongoing monitoring and assurance in order to avoid violating privacy regulations and to secure data at rest and in motion.
How do you anticipate Normalyze evolving with organizations' needs?
The reality is that data discovery and data classification have been significant challenges for years and remain the top problem enterprise security teams face to this day especially in the cloud environments where data proliferation is becoming a major concern. Yet, if security teams don't know where their data resides or its value, how successful can they be in avoiding data breaches? The very job, "information security," has information embedded in its title. However, traditionally, the security profession has largely focused on protecting assets, not data. With Normalyze, we will change that and finally put data security at the center of information security where it belongs.
That's our mission, and why we are announcing Normalyze: to help enterprises protect all the data they run in the cloud.