Monday, June 10 2024

Normalyze, a data-first cloud security platform, today announced it is coming out of stealth with $22.2M in Series A funding, co-led by Battery Ventures and Lightspeed Venture Partners. This round brings the company’s total funding to $26.6M to date. Normalyze is an agentless platform that helps organizations better manage sensitive data—and attack paths to it —in today’s complex, multi-cloud environments, protecting customers from large and damaging data breaches. Normalyze’s graph-powered platform provides security teams the ability to continuously analyze, prioritize, and respond to cloud data threats and prevent sensitive data loss.

The rise of cloud computing has increased the complexity of the enterprise attack surface. A recent survey from IDC found that 98% of organizations queried reported at least one cloud data breach in the past 18 months. Data security in the modern digital enterprise has become overly complex due to a variety of trends, including the proliferation of data, an explosion of microservices, rapid cloud adoption, hybrid work environments, compliance, and more. As a result, data stores have become increasingly intricate and the need for visibility becomes paramount.

“Today’s enterprises find their data scattered throughout their various cloud environments with limited visibility of where sensitive data resides. It’s a massive problem that current cloud security offerings aren’t equipped to handle it,” said Amer Deeba, Cofounder and CEO at Normalyze. “We built Normalyze to help companies of all sizes discover, classify and secure sensitive data across all public clouds. With simple onboarding and minimum ramp up time, our platform provides full visibility on data security posture to better gauge risk and proactively respond to sensitive data threats.”

Normalyze’s secret sauce is its ability to gather all security stakeholders – from the CISO to the security engineer, to DevOps – in one user interface to discover data, classify it, and prioritize discovery of attack paths that can lead to sensitive information. The Normalyze data-first cloud security platform operates in three core phases:

  • Discovery and Analysis: Normalyze builds an intelligent graph with deep context and transitive trust relationships representing all the data stores, applications, identities and infrastructure resources in all clouds and how they all connect. The Normalyze agentless data scanner then determines what data stores house sensitive information and automatically maps it to specific profiles such as PCI, HIPAA and GDPR.
  • Detection and Prioritization: The Normalyze prioritization engine will identify risk paths discovered through the graph and prioritize them based on the sensitivity of the data at risk and impact of the attack.
  • Remediation and Prevention: Normalyze integrates with a variety of external tools for notification, ticket creation, workflow triggering, etc so users can automate remediation through an orchestration engine.

“Our graph-powered platform is a hub that connects all data with assets, identities, accesses, misconfigurations and vulnerabilities to help security teams continuously discover sensitive information, determine attack paths, and automate remediation efforts to secure it,” said Ravi Ithal, Cofounder and CTO of Normalyze. “With the Normalyze one-pass scanner, users can scan structured and unstructured data stores to discover sensitive information based on predefined compliance profiles for PII, GDPR, HIPAA and more with minimal upfront configuration and cost – all while ensuring data never leaves their cloud environments.”

Investor and Customer Validation

“Normalyze data-first cloud security offering is a game-changer,” said Bernard Brantley, CISO at Corelight. “It’s ideal that I can use the same platform as my engineers and DevOps teams, giving us the ability to visualize our cloud environments in real-time and create signatures that combine sensitive data with access details, configurations, and vulnerabilities to continuously discover attack paths and drive remediation.”

“Securing data across multiple cloud environments has become a critical pillar of companies’ security programs today,” said Dharmesh Thakker, a Battery general partner. “Normalyze has built a powerful platform that gives DevOps specialists, security engineers and CISOs better visibility into their ‘data sprawl’; the links between infrastructure, applications and users; and the automation to detect and fix security issues in real time. We’re excited to partner with the company’s top-notch executives, some of whom honed their skills at companies like Netskope and Qualys, to finally bring a data-centric view to cloud security.”

“Data proliferation has become a real problem as enterprises continue to move workloads to the Cloud, leaving security teams scrambling to figure out ways to manage and secure sensitive data. It’s a massive market opportunity,” said Arif Janmohamed, partner at Lightspeed. “Normalyze solves this problem at scale by providing precise visibility to security teams on sensitive data and surrounding attack paths across all cloud environments. Ravi and Amer and the Normalyze team have made impressive traction since we led their seed round, and Lightspeed is excited to deepen our partnership and double down on their Series A.”

Normalyze’s Freemium Model

Today the company is launching with a Freemium model that supports all public cloud platforms. With full data discovery capabilities, access to datastores, and daily cloud scans, security engineers and DevOps specialists alike will be able to visualize all of their cloud data, user access setup, and configurations. With the simplest onboarding and minimum ramp up time, the Freemium model democratizes data discovery and classification in public clouds. For more information on the Freemium model, visit

With more than 40 patent claims (4 patents filed), Normalyze has more than 20 employees across the United States and India. The round of funding will be used to expand the engineering and DevOps teams across all geographies, and build out the company’s go-to-market and sales strategies. For more information and available positions, please visit

Amer Deeba, co-founder and CEO at Normalyze

Cyber Deals: HUB Security, Cyberint, MetaCompliance


Thrive Acquires Edge Technology Group to Advance Cybersecurity Managed Services

Check Also


Don’t Miss

Best Security Information and Event Management (SIEM) Solutions

Lara Oporto

A Security Information and Event Management system (SIEM) is typically most needed in larger organizations or those with complex IT infrastructures where there’s a high volume of security events and logs generated from various sources. Companies often invest in SIEM when they require comprehensive visibility into their network activities and want to centralize security monitoring […]

Best Browser Security Products

Ellie Buscemi

What is Browser Security and how does it work? Browser Security is a subcategory of cybersecurity that focuses on minimizing a user’s vulnerability to cyber threats while they use the worldwide web. These cyber threats include phishing web pages, session hijacking and malware, which can be injected onto a device by means of tamped-with web […]

Headshot of BastionZero CEO Sharon Goldberg

Cloudflare Acquires BastionZero to Enhance SASE Offering

Nico Davidoff

Acquisition Aims to Boost Cloudflare One’s Capabilities Amidst Growing SASE Market Competition Cloudflare has acquired BastionZero, a zero trust infrastructure platform, in a move aimed at enhancing its Cloudflare One secure access service edge (SASE) offering. The acquisition underscores Cloudflare’s commitment to expanding its presence in the growing SASE market. Cloudflare reported first-quarter revenue of […]

Best Secure Access Service Edge Platforms

Lara Oporto

What is SASE and how does it work? Secure Access Service Edge (SASE) is an architectural model that combines network connectivity with security functions, all delivered through a unified cloud platform or centralized policy control. In contrast to the traditional approach, where network security relies on a multitude of distinct functionalities like firewalls, Virtual Private […]

Best Data Security Posture Management (DSPM) Products

Ellie Buscemi

What is Data Security Posture Management and how does it work? Data Security Posture Management (DSPM) tools focus on protecting data by continuously tracking where it is located and who has access to it. DSPM refers to a set of methods that cybersecurity professionals use to better understand their sensitive data like what it is, […]

Best Network Detection and Response (NDR) Platforms

Lara Oporto

What is Network Detection and Response? Network Detection and Response (NDR) products are cybersecurity solutions that focus on monitoring and analyzing network traffic to identify and address potential threats. Although NDR does not prevent cyberattacks from happening, NDR products focus on catching ongoing attacks before they cause harm. How does Network Detection and Response work? […]