Proofpoint acquires data security posture management firm Normalyze

Cybersecurity firm Proofpoint has announced plans to acquire Normalyze, which specializes in data security posture management (DSPM).

The deal, expected to close some time in November, will see Normalyze’s AI-based DSPM technology integrated into Proofpoint’s human-centric security platform.

Proofpoint said the widespread adoption of AI platforms, Databases as a Service (DBaaS) and Continuous Integration/Continuous Development (CI/CD) practices has created a web of interconnected data environments that security teams can struggle to secure.

“Today, data is at risk because of human behavior. Modern applications are rapidly changing, driven by small teams of developers working independently on microservices and various data sources, leading to an explosion of data,” said Mayank Choudhary, executive vice president and general manager, Data Security & Compliance at Proofpoint.

“These modern applications are highly interconnected, making it hard for security teams to manage the heterogeneous and ever-growing sprawl of their data.”

The integration of the two firms’ technologies is designed to allow organizations to discover, classify, and protect data at scale across SaaS, PaaS, public or multi-cloud, on-prem, and hybrid environments, the company said, thereby minimizing human-related risk.

The Normalyze DSPM platform allows organizations to discover and classify data using AI, thereafter identifying key risk factors. Risk is prioritized by impact and likelihood, with the firm’s DataValuator assigning monetary value to data and identifying the data stores with the highest impact of potential data loss.

Meanwhile, actionable insights and comprehensive recommendations are integrated with alerts into service management platforms, allowing exposures such as over-permissioned access to be addressed before they are exploited.

Similarly, compliance is streamlined across more than 500 benchmarks, making it easier to adhere to regulatory standards around data protection.

“With the rapid proliferation of internally developed cloud applications, and use of SaaS applications procured by teams outside of IT, security teams are faced with the daunting challenge of inconsistent visibility and control of their critical data in the cloud,” said Ravi Ithal, co-founder and chief technology officer at Normalyze.

“As data has become increasingly difficult to secure, the driving force behind our mission and technology has been to help organizations secure the data they care about, wherever it is.”

Recent research from Enterprise Strategy Group (ESG) found that four-in-ten businesses are pretty certain they’ve lost sensitive data, while a quarter think they have, but aren’t sure.

Third-party risk management, data leakage protection, and rights management, along with regulatory compliance, were highlighted as the top three areas where generative AI governance and policy were the weakest.

More than 60% of sensitive data resides on public cloud services today, the report found, with this expected to increase to 68% within the next two years; and a quarter of organizations reported they expect between 81% and 99% of their sensitive data to be in the public cloud in the same timeframe.