Proofpoint has signed a definitive deal to acquire Normalyze as it looks to expand its human-centric security platform. The terms of the deal were not announced, and it expects it to close in November, subject to normal conditions.
The deal will see Proofpoint integrate Normalyze’s leading AI-powered DSPM technology into its platform. According to the company, it will “allow organizations to discover, classify and protect data at scale across SaaS, PaaS, public or multi-cloud, on-prem and hybrid environments, while prioritizing the reduction of human-centric risks in data security.”
Mayank Choudhary, executive vice president and general manager, Data Security & Compliance, Proofpoint commented, “Today, data is at risk because of human behavior. Modern applications are rapidly changing, driven by small teams of developers working independently on microservices and various data sources, leading to an explosion of data.
“These modern applications are highly interconnected, making it hard for security teams to manage the heterogeneous and ever-growing sprawl of their data. By combining Proofpoint’s leading human-centric security platform with Normalyze’s pioneering DPSM technology, we can provide our customers with comprehensive visibility and control of their data posture so they can further mitigate human risk across their organization.”
Companies increasingly turning to human risk monitoring
Security breaches are all too commonly blamed on human mistakes. Some of those are accidental, some careless and some malicious. Approaches to reducing them have ranged from firing staff to better education. When technical solutions have been deployed, they are often not integrated into staff training and education.
Regulators are also becoming more attentive to how data is used, abused, lost and stolen. Fines from regulators are increasing. It means organisations are now looking at better ways of addressing data handling.
Proofpoint believes that more attention to the human risk of data handling is the solution and a key market. That is because humans prepare the data that AI and other apps consume. Mistakes in that phase often have serious consequences.
The company also sees risk from applications becoming increasingly integrated. Integration leads to greater data sharing between applications, often without human involvement. It requires a greater focus on the controls and governance around the preparation and handling of that data before it is fed into applications.
Key areas that it focuses on are the discovery, classification and security of data. All bring unique challenges, especially as the volume of data inside organisations grows exponentially. It points to recent research from Enterprise Strategy Group. which shows that over a quarter of businesses don’t know where their sensitive data is.
What does Normalyze add to Proofpoint?
The acquisition adds the Normalyze Data Security Posture Management (DSPM) platform to Proofpoint’s offering. It sees this as addressing those challenges of how people interact with data and helping to close security loopholes.
Importantly, Normalize works on the data in situ. That’s important for organisations that hold data on-premises, in corporate data centres and in multiple cloud locations. That data spread has been one of the security problems, which is why an in-situ solution is essential.
Proofpoint highlights three areas where it sees the Normalyze platform adding value to its customers:
- Discover and classify data using AI: Normalyze’s agentless One-Pass Scanner™ leverages AI to accurately identify and classify valuable and sensitive data at scale across a wide range of data environments. Scanning is performed in place to keep data under IT control, support compliance with stringent data protection regulations, and enhance operational efficiency.
- Assess and prioritize risk: Risk is prioritized by impact and likelihood, providing a comprehensive view of risk accurately and at scale. The DataValuator™ assigns monetary value to data and identifies the data stores with the highest impact of potential data loss. The Data Access Graph visualizes access and trust relationships to identify human-centric risk, and the Data Risk Navigator highlights attack paths that can lead to data breaches or loss.
- Remediate security and compliance issues: Actionable insights and comprehensive recommendations, integrated with alerts into service management platforms, help teams address exposures such as over-permissioned access before they are exploited. The solution also streamlines compliance across 500+ benchmarks, ensuring robust adherence to regulatory standards related to data protection.
Enterprise Times: What does this mean?
Data has always been, and will continue to be, the biggest problem for organisations. Billions is spent every year on acquiring, storing, correcting and preparing data before it’s even used. It is often duplicated many times with even systems of record containing inaccuracies.
With the arrival of machine learning (ML) and now AI, data consumption by applications has exploded. More importantly, much of that data is consumed with little ability to identify where it has come from. That means that errors are hard to identify and resolve at source
This acquisition of Normalyze expands Proofpoint’s reach in this area but there are some questions to be asked. Will Proofpoint keep the Normalyze platform as a separate tool? How long before it creates a single integrated platform with tools from both companies?
