Proofpoint has entered into a definitive agreement to acquire Normalyze, a leader in Data Security Posture Management (DSPM). The acquisition is expected to close in November 2024, subject to customary closing conditions.
With this acquisition, Proofpoint will further enhance its human-centric security platform with Normalyze’s leading AI-powered DSPM technology, allowing organizations to discover, classify and protect data at scale across SaaS, PaaS, public or multi-cloud, on-prem and hybrid environments, while prioritizing the reduction of human-centric risks in data security.
Addressing Human Risk in the Data-Driven Cloud Era
As organizations embrace AI and generative technologies to drive innovation, the human element in data security has become increasingly critical. The widespread adoption of AI platforms, Databases as a Service (DBaaS) and Continuous Integration/Continuous Development (CI/CD) practices has created a web of interconnected data environments that security teams can struggle to secure. This rapid technological evolution has led to increased complexity and heightened risks of improper data handling as development teams focus on quick outcomes, often bypassing essential security governance. As more access to data is granted to people and machines, gaps in visibility and control can emerge without appropriate governance or controls from security teams.
This evolving landscape presents complex challenges in discovering, classifying, and securing data, leading to an increased risk of data breaches due to forgotten and misclassified data, as well as overprivileged access. In fact, recent research from Enterprise Strategy Group reveals that over a quarter of businesses don’t know where their sensitive data is. By implementing DSPM technology, organizations are enabled to fill the security gaps created by their teams’ interactions with complex data environments and reduce the total data attack surface.
“Today, data is at risk because of human behavior. Modern applications are rapidly changing, driven by small teams of developers working independently on microservices and various data sources, leading to an explosion of data,” said Mayank Choudhary, executive vice president and general manager, Data Security & Compliance, Proofpoint. “These modern applications are highly interconnected, making it hard for security teams to manage the heterogeneous and ever-growing sprawl of their data. By combining Proofpoint’s leading human-centric security platform with Normalyze’s pioneering DPSM technology, we can provide our customers with comprehensive visibility and control of their data posture so they can further mitigate human risk across their organization.”
“With the rapid proliferation of internally developed cloud applications, and use of SaaS applications procured by teams outside of IT, security teams are faced with the daunting challenge of inconsistent visibility and control of their critical data in the cloud,” said Ravi Ithal, cofounder and chief technology officer, Normalyze. “As data has become increasingly difficult to secure, the driving force behind our mission and technology has been to help organizations secure the data they care about, wherever it is. By joining forces with Proofpoint, we can empower organizations to further improve their data security posture, reducing the risk of data breaches caused by human errors and help them to prioritize data loss threats.”
The Normalyze DSPM platform secures even the most complex data landscapes by combining insights into data, access and risk. It simplifies collaboration between data and security teams, enabling them to create effective security and governance plans tailored to the business’ needs. The platform allows organizations to:
· Discover and classify data using AI: Normalyze’s agentless One-Pass Scanner™ leverages AI to accurately identify and classify valuable and sensitive data at scale across a wide range of data environments. Scanning is performed in place to keep data under IT control, support compliance with stringent data protection regulations, and enhance operational efficiency.
Assess and prioritize risk: Risk is prioritized by impact and likelihood, providing a comprehensive view of risk accurately and at scale. The DataValuator™ assigns monetary value to data and identifies the data stores with the highest impact of potential data loss. The Data Access Graph visualizes access and trust relationships to identify human-centric risk, and the Data Risk Navigator highlights attack paths that can lead to data breaches or loss.
· Remediate security and compliance issues: Actionable insights and comprehensive recommendations, integrated with alerts into service management platforms, help teams address exposures such as over-permissioned access before they are exploited. The solution also streamlines compliance across 500+ benchmarks, ensuring robust adherence to regulatory standards related to data protection.
Normalyze’s in-place scanning and quantified risk analysis set it apart from other DSPM solutions, providing rapid time-to-value while minimizing security and cost challenges for data and security teams. Normalyze also offers comprehensive on-premises to cloud coverage and excels in human-centric risk remediation. Normalyze’s solutions are expected to become part of Proofpoint’s offering upon the closing of the acquisition.
