Monday, September 25 2023

Normalyze, a data-first cloud security platform, today announced it is coming out of stealth with $22.2M in Series A funding, co-led by Battery Ventures and Lightspeed Venture Partners. This round brings the company’s total funding to $26.6M to date. Normalyze is an agentless platform that helps organizations better manage sensitive data—and attack paths to it —in today’s complex, multi-cloud environments, protecting customers from large and damaging data breaches. Normalyze’s graph-powered platform provides security teams the ability to continuously analyze, prioritize, and respond to cloud data threats and prevent sensitive data loss.

The rise of cloud computing has increased the complexity of the enterprise attack surface. A recent survey from IDC found that 98% of organizations queried reported at least one cloud data breach in the past 18 months. Data security in the modern digital enterprise has become overly complex due to a variety of trends, including the proliferation of data, an explosion of microservices, rapid cloud adoption, hybrid work environments, compliance, and more. As a result, data stores have become increasingly intricate and the need for visibility becomes paramount.

“Today’s enterprises find their data scattered throughout their various cloud environments with limited visibility of where sensitive data resides. It’s a massive problem that current cloud security offerings aren’t equipped to handle it,” said Amer Deeba, Cofounder and CEO at Normalyze. “We built Normalyze to help companies of all sizes discover, classify and secure sensitive data across all public clouds. With simple onboarding and minimum ramp up time, our platform provides full visibility on data security posture to better gauge risk and proactively respond to sensitive data threats.”

Normalyze’s secret sauce is its ability to gather all security stakeholders – from the CISO to the security engineer, to DevOps – in one user interface to discover data, classify it, and prioritize discovery of attack paths that can lead to sensitive information. The Normalyze data-first cloud security platform operates in three core phases:

  • Discovery and Analysis: Normalyze builds an intelligent graph with deep context and transitive trust relationships representing all the data stores, applications, identities and infrastructure resources in all clouds and how they all connect. The Normalyze agentless data scanner then determines what data stores house sensitive information and automatically maps it to specific profiles such as PCI, HIPAA and GDPR.
  • Detection and Prioritization: The Normalyze prioritization engine will identify risk paths discovered through the graph and prioritize them based on the sensitivity of the data at risk and impact of the attack.
  • Remediation and Prevention: Normalyze integrates with a variety of external tools for notification, ticket creation, workflow triggering, etc so users can automate remediation through an orchestration engine.

“Our graph-powered platform is a hub that connects all data with assets, identities, accesses, misconfigurations and vulnerabilities to help security teams continuously discover sensitive information, determine attack paths, and automate remediation efforts to secure it,” said Ravi Ithal, Cofounder and CTO of Normalyze. “With the Normalyze one-pass scanner, users can scan structured and unstructured data stores to discover sensitive information based on predefined compliance profiles for PII, GDPR, HIPAA and more with minimal upfront configuration and cost – all while ensuring data never leaves their cloud environments.”

Investor and Customer Validation

“Normalyze data-first cloud security offering is a game-changer,” said Bernard Brantley, CISO at Corelight. “It’s ideal that I can use the same platform as my engineers and DevOps teams, giving us the ability to visualize our cloud environments in real-time and create signatures that combine sensitive data with access details, configurations, and vulnerabilities to continuously discover attack paths and drive remediation.”

“Securing data across multiple cloud environments has become a critical pillar of companies’ security programs today,” said Dharmesh Thakker, a Battery general partner. “Normalyze has built a powerful platform that gives DevOps specialists, security engineers and CISOs better visibility into their ‘data sprawl’; the links between infrastructure, applications and users; and the automation to detect and fix security issues in real time. We’re excited to partner with the company’s top-notch executives, some of whom honed their skills at companies like Netskope and Qualys, to finally bring a data-centric view to cloud security.”

“Data proliferation has become a real problem as enterprises continue to move workloads to the Cloud, leaving security teams scrambling to figure out ways to manage and secure sensitive data. It’s a massive market opportunity,” said Arif Janmohamed, partner at Lightspeed. “Normalyze solves this problem at scale by providing precise visibility to security teams on sensitive data and surrounding attack paths across all cloud environments. Ravi and Amer and the Normalyze team have made impressive traction since we led their seed round, and Lightspeed is excited to deepen our partnership and double down on their Series A.”

Normalyze’s Freemium Model

Today the company is launching with a Freemium model that supports all public cloud platforms. With full data discovery capabilities, access to datastores, and daily cloud scans, security engineers and DevOps specialists alike will be able to visualize all of their cloud data, user access setup, and configurations. With the simplest onboarding and minimum ramp up time, the Freemium model democratizes data discovery and classification in public clouds. For more information on the Freemium model, visit

With more than 40 patent claims (4 patents filed), Normalyze has more than 20 employees across the United States and India. The round of funding will be used to expand the engineering and DevOps teams across all geographies, and build out the company’s go-to-market and sales strategies. For more information and available positions, please visit

Amer Deeba, co-founder and CEO at Normalyze

Cyber Deals: HUB Security, Cyberint, MetaCompliance


Thrive Acquires Edge Technology Group to Advance Cybersecurity Managed Services

Check Also


Don’t Miss

Cyber Executive Moves: Expel, AXA XL

Ellie Buscemi

Expel appoints a new chief product officer, AXA XL announces a new chief executive and DataVisor appoints a new chief revenue officer. Expel, a security operations provider in Herndon, Virginia, appointed Yonni Shelmerdine as the new chief product officer on Aug. 28. Shelmerdine comes to Expel from SentinelOne where he was the vice president of Product Management, endpoint […]

Grip Security Raising $41 Million Series B Led by Third Point Ventures


SaaS security company plans to accelerate growth and extend market leadership SaaS identity risk management platform Grip Security announced a $41 million Series B funding round led by Third Point Ventures, with participation from YL Ventures, Intel Capital and The Syndicate Group. The investment would bring Grip Security’s total funding to $66 million and marks a major milestone for the […]

Partner One Acquires Key Fidelis Cybersecurity Assets


Partner One, one of the fastest growing software conglomerates in the world, has announced its acquisition of Fidelis Cybersecurity software, intellectual property, equipment, inventory and customer and reseller contracts. Fidelis software is a leader in the cybersecurity industry, with innovative eXtended Detection and Response (XDR) and Cloud Native Application Protection Platform (CNAPP). Fidelis solutions protect […]

Healthcare IoT: Risks, Policy, and the Path Forward 

John Powers

When Amazon launched as an online bookstore twenty-eight years ago, few would have imagined that patients could one day go to its website to treat their acid reflux. But times change. Amazon just expanded their virtual healthcare marketplace, Amazon Clinic. Across the U.S., customers can now consult with clinicians through virtual calls and get treatment […]

NIST Updates Cybersecurity Framework in New Draft, Seeks Public Comment

John Powers

The National Institute of Standards and Technology updated their cybersecurity framework for the third time in a new draft. The new framework offers guidance to organizations about reducing cybersecurity risks. It contains a set of outcomes so that any organization can evaluate, prioritize, grasp, and communicate its cybersecurity measures in an effective way. The draft […]

N.Y. Gov. Debuts Premier State Cybersecurity Strategy

John Powers

Governor Kathy Hochul (D-NY) recently introduced New York’s first cybersecurity strategy. The 15-page document lays out a blueprint to expand services to aid under-resourced entities and clarifies agency responsibilities. It provides $500 million to strengthen New York’s healthcare information technology and $7.4 million to expand the New York State Police’s Cyber Analysis Unit, Computer Crimes […]