Normalyze announced it is coming out of stealth with $22.2M in Series A funding, co-led by Lightspeed Venture Partners and Battery Ventures.
This round brings the company’s total funding to $26.6M to date. Normalyze is an agentless platform that helps organizations better manage sensitive data—and attack paths to it —in today’s complex, multi-cloud environments, protecting customers from large and damaging data breaches.
Normalyze’s graph-powered platform provides security teams the ability to continuously analyze, prioritize, and respond to cloud data threats and prevent sensitive data loss.
The rise of cloud computing has increased the complexity of the enterprise attack surface. A recent survey from IDC found that 98% of organizations queried reported at least one cloud data breach in the past 18 months. Data security in the modern digital enterprise has become overly complex due to a variety of trends, including the proliferation of data, an explosion of microservices, rapid cloud adoption, hybrid work environments, compliance, and more. As a result, data stores have become increasingly intricate and the need for visibility becomes paramount.
“Today’s enterprises find their data scattered throughout their various cloud environments with limited visibility of where sensitive data resides. It’s a massive problem that current cloud security offerings aren’t equipped to handle it,” said Amer Deeba, Cofounder and CEO at Normalyze. “We built Normalyze to help companies of all sizes discover, classify and secure sensitive data across all public clouds. With simple onboarding and minimum ramp up time, our platform provides full visibility on data security posture to better gauge risk and proactively respond to sensitive data threats.”
Normalyze’s secret sauce is its ability to gather all security stakeholders – from the CISO to the security engineer, to DevOps – in one user interface to discover data, classify it, and prioritize discovery of attack paths that can lead to sensitive information. The Normalyze data-first cloud security platform operates in three core phases:
- Discovery and analysis: Normalyze builds an intelligent graph with deep context and transitive trust relationships representing all the data stores, applications, identities and infrastructure resources in all clouds and how they all connect. The Normalyze agentless data scanner then determines what data stores house sensitive information and automatically maps it to specific profiles such as PCI, HIPAA and GDPR.
- Detection and prioritization: The Normalyze prioritization engine will identify risk paths discovered through the graph and prioritize them based on the sensitivity of the data at risk and impact of the attack.
- Remediation and prevention: Normalyze integrates with a variety of external tools for notification, ticket creation, workflow triggering, etc so users can automate remediation through an orchestration engine.
“Our graph-powered platform is a hub that connects all data with assets, identities, accesses, misconfigurations and vulnerabilities to help security teams continuously discover sensitive information, determine attack paths, and automate remediation efforts to secure it,” said Ravi Ithal, Cofounder and CTO of Normalyze. “With the Normalyze one-pass scanner, users can scan structured and unstructured data stores to discover sensitive information based on predefined compliance profiles for PII, GDPR, HIPAA and more with minimal upfront configuration and cost – all while ensuring data never leaves their cloud environments.”
“Normalyze data-first cloud security offering is a game-changer,” said Bernard Brantley, CISO at Corelight. “It’s ideal that I can use the same platform as my engineers and DevOps teams, giving us the ability to visualize our cloud environments in real-time and create signatures that combine sensitive data with access details, configurations, and vulnerabilities to continuously discover attack paths and drive remediation.”
“Securing data across multiple cloud environments has become a critical pillar of companies’ security programs today,” said Dharmesh Thakker, a Battery general partner. “Normalyze has built a powerful platform that gives DevOps specialists, security engineers and CISOs better visibility into their ‘data sprawl’; the links between infrastructure, applications and users; and the automation to detect and fix security issues in real time. We’re excited to partner with the company’s top-notch executives, some of whom honed their skills at companies like Netskope and Qualys, to finally bring a data-centric view to cloud security.”
“Data proliferation has become a real problem as enterprises continue to move workloads to the Cloud, leaving security teams scrambling to figure out ways to manage and secure sensitive data. It’s a massive market opportunity,” said Arif Janmohamed, partner at Lightspeed. “Normalyze solves this problem at scale by providing precise visibility to security teams on sensitive data and surrounding attack paths across all cloud environments. Ravi and Amer and the Normalyze team have made impressive traction since we led their seed round, and Lightspeed is excited to deepen our partnership and double down on their Series A.”
Normalyze’s Freemium model
The company is launching with a Freemium model that supports all public cloud platforms. With full data discovery capabilities, access to datastores, and daily cloud scans, security engineers and DevOps specialists alike will be able to visualize all of their cloud data, user access setup, and configurations.
With the simplest onboarding and minimum ramp up time, the Freemium model democratizes data discovery and classification in public clouds.
With more than 40 patent claims (4 patents filed), Normalyze has more than 20 employees across the United States and India. The round of funding will be used to expand the engineering and DevOps teams across all geographies, and build out the company’s go-to-market and sales strategies.