Normalyze has emerged from stealth with a $22.2 million series A round led by Lightspeed and Battery Ventures. The startup offers a security platform that allows users to analyze, prioritize, and respond to cloud data threats and prevent sensitive data loss. Normalyze has raised $22.6 million in total funding to date.
Co-founded by serial Silicon Valley entrepreneur Amer Deeba and Netskope founder, Ravi Ithal, the enterprise offers a unique solution to data-security problems in the cloud.
The rise of cloud computing has increased the complexity of the enterprise attack surface. While the industry is facing a unique set of challenges in relation to data discovery and data classification, there has been an increase in the frequency of cyberattacks on cloud infrastructure, along with more stringent legislation and compliance norms governing cloud service usage. Large organizations are leading the way by actively adopting technology to protect cloud based applications, which are especially vulnerable to assaults.
Data security in the modern, digital enterprise has also become increasingly complex due to various trends: proliferation of data, the explosion of microservices, rapid cloud adoption & continuous changes. Enterprises are acutely missing a clear understanding of the security posture for their most valuable assets (Data). This leads to new risk components which are causing various difficulties for Chief Information Security Officers.
According to the Identity Theft Resource Center, the rising complexity of cloud computing is a major reason why breached data records have increased from 16 million in 2010 to more than 155 million. According to a recent IDC poll, 98 percent of firms surveyed reported at least one cloud data breach in the previous 18 months. There is also a heightened risk around data governance obligations, privacy rules, and data breach disclosure laws. The problem at hand is complex. The dynamic nature of cloud systems and data present chief information security officers and security teams with enormous challenges in safeguarding their highly dynamic multi-cloud settings.
Deeba and Ithal’s partnership is premised upon a strong underlying belief that cloud computing is the future. They are also cognizant of the challenges faced by organizations, which are transferring large amounts of data from legacy on-premises systems to cloud based databases such as Azure, Amazon Web Services, and Google Cloud.
“Data is eating the cloud due to many trends like AI & ML and the move from on-prem environments to IaaS and PaaS. Existing cloud security solutions are falling short to help companies discover, classify sensitive data and secure it. This is the problem Normalyze is set to solve across all public clouds and at scale”, says Amer Deeba.
To keep data secure, enterprises need to be able to continuously discover, classify and protect their data. With several standalone alternatives available to users, identifying an appropriate service and tools for cloud security may be a difficult, expensive, and time-consuming endeavor. Categories of tools such as data discovery, data classification, access governance, and compliance are operated individually, across multiple cloud services, with no synergy amongst various toolsets. Current solutions also fall short of meeting the security demands of companies building and storing applications in the cloud.
Normalyze offers a holistic platform of tools in one unified, streamlined solution, across multiple cloud services. The Data-First Cloud Security Platform allows enterprises to obtain a holistic assessment of their data security risk through an agentless scan, data discovery, data classification AI driven vulnerability analysis, risk prioritization, and comprehensive and actionable remediation insights.
The Normalyze Cloud Platform Architecture provides a simple web user interface through which clients can create an account and expeditiously connect to the cloud. Once the initial connection is completed, a preliminary agentless assessment takes place. The scanning tool is continuous and in real-time, allowing the platform to identify and prioritize everything running operationally in the cloud environment. The system then prioritizes data and categorizes it according to its importance and level of risk. The data is also prioritized based on sensitivity and associated regulatory controls, whether PCI DSS, HIPAA, or GDPR. Once cloud assets have been discovered, data identified and classified, any data risks are identified following which remediation is prioritized with a ticket/notification sent to a team member.
The Normalyze architecture ensures that no sensitive data is stored in its environment. Only metadata is used to identify a risk following which the platform connects to email, applications such as Slack or Jira, or other connectors on the outbound to communicate those risks.
The platform is marketed to provide value to several different security stakeholders such as a:
- Chief Information Security Officers: Up-to-date data security posture and prioritized recommendations to improve data security posture and avoid data breaches.
- Security Engineers: Track data access permission and enforce least privilege. Visualize and query graph of cloud data for ad-hoc investigations.
- Governance, Risk Management, and Compliance: Proactively monitor for compliance with regulations. Data discovery and classification across all clouds.
- DevOps: A unique graph helps view a holistic picture and improve security.
The solution is available at three price points:
- Free ($0/year)
- Platinum ($14,995/year)
- Enterprise (Annual subscription based on scope – accounts, assets, and data)
The company boasts a strong technical team, with CEO Amer Deeba and CTO Ravi Ithal spearheading the project, and Gautam Kanaparthi as Head of Product.
CEO Amer Deeba is a Lebanese entrepreneur, engineer, and programmer based in San Francisco, CA, who began his early days as a software developer, working on software such as Acrobat Reader. A valley veteran, he has the insight that can only come from hard work and experience with the most demanding and successful firms.
He has spent nearly two decades in management positions in the cyber-security space, with 17 of those years at Qualys, a leading information security and compliance cloud solutions provider. At Qualys (NASDAQ: QLYS), he led all aspects of marketing, business development, strategic alliances, and global enterprise accounts. He also played an instrumental role in taking the company public in 2012.
Co-Founder Ravi Ithal also brings with him more than a decade and a half of industry experience. He was a founding engineer at Palo Alto Networks, where he helped build the device and network management systems for the world’s first application and user-aware network firewall. His most recent venture was Netskope, a platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications.
The company has onboarded several leading tech companies which include Netskope, Corelight,and more. It is currently holding discussions with several other potential clients.
