Normalyze Emerges to Simplify Cloud Data Security
Normalyze has emerged from stealth with an agentless platform that employs graph technology to enable IT teams to discover data in the cloud, classify it and identify the most likely attack paths cybercriminals could use to access it.
Fresh from raising an additional $22.2 million in Series A funding, Normalyze CEO Amer Deeba said the goal is to make it simple for cybersecurity teams to better understand where an organization’s most sensitive cloud data resides to they can better prioritize their efforts to protect it.
The graph technology developed by Normalyze enables cybersecurity teams to identify all data stores, applications, identities and infrastructure resources and how they all connect across multiple clouds, he added.
A scanner then uses machine learning algorithms to determine which data stores house sensitive information and automatically maps them to specific regulatory profiles such as the General Data Protection Rule (GDPR) or Healthcare Information Portability and Accountability Act (HIPAA), said Deeba.
Finally, a prioritization engine identifies and ranks risk paths based on the sensitivity of the data and the impact an attack would have on the business, he noted.
Deeba said cybersecurity teams can access this information via a single console and can also integrate the analytics surfaced by Normalyze with external notification, ticket creation and workflow tools to orchestrate their remediation efforts.
Pricing for Normalyze is based on a freemium model as part of an effort to make the platform widely accessible.
The amount of data housed in the cloud has exploded in recent years as organizations have opted to rely on infrastructure and software managed by a third party on their behalf. The challenge that creates is that cybersecurity teams today don’t know for certain what data is residing where in the cloud. That can be especially problematic when it’s discovered that sensitive data is being exfiltrated through a port on a cloud platform that has been inadvertently left open by an application developer.
In general, public cloud infrastructure is more secure than on-premises IT environments, but from a cybersecurity perspective, the processes used to build and deploy applications in the cloud often leave a lot to be desired. Developers often programmatically provision infrastructure and deploy applications without any type of cybersecurity review. Few developers have deep cybersecurity expertise, so it’s no surprise that many cloud resources are misconfigured. Cybercriminals now routinely scan cloud platforms for known vulnerabilities that are fairly easy for them to exploit.
Chronically short-staffed cybersecurity teams, of course, are still held responsible for cloud security. Understanding where to prioritize their efforts given the limited resources available is crucial because not all data has equal value. Unfortunately, most IT teams don’t have a robust set of data management tools in place to identify what data resides where in the cloud. As such, an agentless approach provides cybersecurity teams with a lightweight alternative to ascertain what data resides where without having to re-engineer application environments.
It’s only a matter of time before auditors start asking tougher questions about how data is stored in the cloud. In the meantime, cybersecurity teams need to have a deeper understanding of the data security challenge at hand.
