Saturday, April 13 2024

Normalyze, a data-first cloud security platform, today announced it is coming out of stealth with $22.2M in Series A funding, co-led by Battery Ventures and Lightspeed Venture Partners. This round brings the company’s total funding to $26.6M to date. Normalyze is an agentless platform that helps organizations better manage sensitive data—and attack paths to it —in today’s complex, multi-cloud environments, protecting customers from large and damaging data breaches. Normalyze’s graph-powered platform provides security teams the ability to continuously analyze, prioritize, and respond to cloud data threats and prevent sensitive data loss.

The rise of cloud computing has increased the complexity of the enterprise attack surface. A recent survey from IDC found that 98% of organizations queried reported at least one cloud data breach in the past 18 months. Data security in the modern digital enterprise has become overly complex due to a variety of trends, including the proliferation of data, an explosion of microservices, rapid cloud adoption, hybrid work environments, compliance, and more. As a result, data stores have become increasingly intricate and the need for visibility becomes paramount.

“Today’s enterprises find their data scattered throughout their various cloud environments with limited visibility of where sensitive data resides. It’s a massive problem that current cloud security offerings aren’t equipped to handle it,” said Amer Deeba, Cofounder and CEO at Normalyze. “We built Normalyze to help companies of all sizes discover, classify and secure sensitive data across all public clouds. With simple onboarding and minimum ramp up time, our platform provides full visibility on data security posture to better gauge risk and proactively respond to sensitive data threats.”

Normalyze’s secret sauce is its ability to gather all security stakeholders – from the CISO to the security engineer, to DevOps – in one user interface to discover data, classify it, and prioritize discovery of attack paths that can lead to sensitive information. The Normalyze data-first cloud security platform operates in three core phases:

  • Discovery and Analysis: Normalyze builds an intelligent graph with deep context and transitive trust relationships representing all the data stores, applications, identities and infrastructure resources in all clouds and how they all connect. The Normalyze agentless data scanner then determines what data stores house sensitive information and automatically maps it to specific profiles such as PCI, HIPAA and GDPR.
  • Detection and Prioritization: The Normalyze prioritization engine will identify risk paths discovered through the graph and prioritize them based on the sensitivity of the data at risk and impact of the attack.
  • Remediation and Prevention: Normalyze integrates with a variety of external tools for notification, ticket creation, workflow triggering, etc so users can automate remediation through an orchestration engine.

“Our graph-powered platform is a hub that connects all data with assets, identities, accesses, misconfigurations and vulnerabilities to help security teams continuously discover sensitive information, determine attack paths, and automate remediation efforts to secure it,” said Ravi Ithal, Cofounder and CTO of Normalyze. “With the Normalyze one-pass scanner, users can scan structured and unstructured data stores to discover sensitive information based on predefined compliance profiles for PII, GDPR, HIPAA and more with minimal upfront configuration and cost – all while ensuring data never leaves their cloud environments.”

Investor and Customer Validation

“Normalyze data-first cloud security offering is a game-changer,” said Bernard Brantley, CISO at Corelight. “It’s ideal that I can use the same platform as my engineers and DevOps teams, giving us the ability to visualize our cloud environments in real-time and create signatures that combine sensitive data with access details, configurations, and vulnerabilities to continuously discover attack paths and drive remediation.”

“Securing data across multiple cloud environments has become a critical pillar of companies’ security programs today,” said Dharmesh Thakker, a Battery general partner. “Normalyze has built a powerful platform that gives DevOps specialists, security engineers and CISOs better visibility into their ‘data sprawl’; the links between infrastructure, applications and users; and the automation to detect and fix security issues in real time. We’re excited to partner with the company’s top-notch executives, some of whom honed their skills at companies like Netskope and Qualys, to finally bring a data-centric view to cloud security.”

“Data proliferation has become a real problem as enterprises continue to move workloads to the Cloud, leaving security teams scrambling to figure out ways to manage and secure sensitive data. It’s a massive market opportunity,” said Arif Janmohamed, partner at Lightspeed. “Normalyze solves this problem at scale by providing precise visibility to security teams on sensitive data and surrounding attack paths across all cloud environments. Ravi and Amer and the Normalyze team have made impressive traction since we led their seed round, and Lightspeed is excited to deepen our partnership and double down on their Series A.”

Normalyze’s Freemium Model

Today the company is launching with a Freemium model that supports all public cloud platforms. With full data discovery capabilities, access to datastores, and daily cloud scans, security engineers and DevOps specialists alike will be able to visualize all of their cloud data, user access setup, and configurations. With the simplest onboarding and minimum ramp up time, the Freemium model democratizes data discovery and classification in public clouds. For more information on the Freemium model, visit

With more than 40 patent claims (4 patents filed), Normalyze has more than 20 employees across the United States and India. The round of funding will be used to expand the engineering and DevOps teams across all geographies, and build out the company’s go-to-market and sales strategies. For more information and available positions, please visit

Amer Deeba, co-founder and CEO at Normalyze

Cyber Deals: HUB Security, Cyberint, MetaCompliance


Thrive Acquires Edge Technology Group to Advance Cybersecurity Managed Services

Check Also


Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]