Summary: Proofpoint has announced its acquisition of Normalyze, a data security posture management startup, to enhance its capabilities in managing data visibility and control, particularly in the face of human error and complex data ecosystems. This acquisition aims to bolster data protection measures as organizations increasingly adopt cloud, SaaS, and AI technologies.
Threat Actor: Proofpoint | Proofpoint
Victim: Normalyze | Normalyze
Key Point :
- Proofpoint’s acquisition of Normalyze aims to mitigate risks associated with human interactions with data in modern cloud environments.
- Normalyze’s AI-powered platform will enhance Proofpoint’s ability to classify, monitor, and manage sensitive data across diverse digital landscapes.
- The acquisition is part of a broader trend where major security vendors are acquiring DSPM startups to strengthen their data security offerings.
Data Loss Prevention (DLP)
,
Endpoint Security
Normalyze’s AI-Powered DSPM Technology Boosts Proofpoint’s Data Visibility, Control
Proofpoint will make its first acquisition under CEO Sumit Dhawan, scooping up a data security posture management startup led by a longtime former Qualys executive.
See Also: 2024 Threat Landscape: Data Loss is a People Problem
The Silicon Valley-based email security vendor said its proposed buy of Normalyze will help Proofpoint tackle security challenges tied to human error within complex data ecosystems. The Silicon Valley-based startup is focused on tracking data interactions and minimizing over-permissioned access, which will help Proofpoint reduce vulnerabilities caused by human errors in data handling, according to Proofpoint (see: Proofpoint Snags Former VMware President Sumit Dhawan as CEO).
“Upon the close of our acquisition of Normalyze, Proofpoint customers will have not only consolidated visibility and control of their sensitive information, but also the ability to classify and protect data at scale and across digital environments,” Dhawan wrote on LinkedIn. ”This is a big win for companies as they race to adopt DBaaS and gen AI platforms, and we believe this is a win for Proofpoint.”
Normalyze, founded in 2020, employs 79 people, and has raised $26.6 million of outside funding, with the company closing a $22.2 million Series A funding round in June 2022 led by Battery Ventures and Lightspeed Venture Partners. The company has been led since inception by Amer Deeba, who previously spent 17 years at Qualys, culminating in two-and-a-half years as chief commercial officer (see: Evaluating Cloud Security Across the Enterprise).
What Normalyze Brings to the Table
The acquisition of Normalyze will help Proofpoint mitigate risks caused by human interactions with data, which have become more pronounced with the expansion of cloud, SaaS and AI technologies. Modern applications are often managed by small developer teams and lead to a proliferation of interconnected data that traditional security measures struggle to protect, according to Proofpoint.
“Modern applications are rapidly changing, driven by small teams of developers working independently on microservices and various data sources, leading to an explosion of data,” Proofpoint’s Mayank Choudhary said in a statement. “These modern applications are highly interconnected, making it hard for security teams to manage the heterogeneous and ever-growing sprawl of their data.”
Modern cloud-based and SaaS-driven environments present challenges in maintaining data visibility and control, according to Normalize co-founder and CEO Ravi Ithal. The acquisition will enable Proofpoint to help security teams overcome these challenges, enhancing data protection even in decentralized, shadow data scenarios, and helping organizations manage a diverse data landscape more effectively (see: Why Discovering Shadow AI Is Key to Protecting Data).
“With the rapid proliferation of internally developed cloud applications, and use of SaaS applications procured by teams outside of IT, security teams are faced with the daunting challenge of inconsistent visibility and control of their critical data,” he said. “As data has become increasingly difficult to secure, the driving force behind our mission and technology has been to help organizations secure the data.”
Normalyze’s platform leverages AI to simplify data discovery and classification across complex, multi-cloud environments, providing actionable insights, quantifying risk levels, and helping clients quickly locate and assess their most critical data. The platform facilitates data discovery and classification, risk assessment, and remediation support, which is essential for businesses to stay compliant and secure.
Specifically, Proofpoint said Normalyze’s agentless One-Pass Scanner uses AI to accurately identify and classify valuable and sensitive data at scale across a wide range of data environments. The DataValuator, meanwhile, assigns monetary value to data and identifies the data stores with the highest impact of potential data loss, according to Proofpoint.
How Normalyze Strengthens Proofpoint’s Hand in AI, DBaaS
As the use of AI applications grows in enterprise settings, Proofpoint said it aims to use Normalyze’s DSPM solutions to address data security challenges unique to AI integration. This move will allow organizations to leverage AI more confidently, Proofpoint said, ensuring that data security measures are robust enough to manage sensitive information within AI workflows.
As AI projects continue to expand, organizations are realizing that DSPM is the foundational step to confidently saying ‘yes’ to AI, according to Normalyze. Many businesses find themselves stalling or pulling the plug entirely on AI initiatives if they fail to address data security issues first, underscoring the critical role DSPM plays in unlocking AI’s full potential, the company found
Normalyze’s platform will enable Proofpoint customers to implement proactive governance measures against data breaches and compliance violations. Through this acquisition, Proofpoint said it can now offer a holistic solution that spans data classification, monitoring, and risk management, particularly appealing to organizations leveraging modern CI/CD, database as a service, and generative AI pipelines.
Normalyze is the seventh DSPM startup to end up in the hands of a broader security or technology vendor since May 2023, with IBM, Rubrik, Palo Alto Networks and CrowdStrike all entering this red-hot market with nine-figure buys. Most recently, Tenable bought DSPM startup Eureka in June for $29.2 million and Netskope bought Dasera to fill gaps around safeguarding structured and unstructured data (see: Netskope Purchases Dasera to Strengthen Cloud Data Security).
This is Proofpoint’s first purchase since Dhawan became CEO in November 2023 and fourth since Thoma Bravo took the company private in August 2021 for $12.3 billion. Proofpoint bought cloud email security firm Tessian in October 2023, deception firm Illusive in December 2022 to add identity risk discovery and remediation and post-breach defense, and AI-based data classification firm Dathena in January 2022 (see: Proofpoint to Buy Tessian to Infuse Email Protection With AI).
Source: https://www.bankinfosecurity.com/proofpoint-expands-data-security-normalyze-acquisition-a-26669