Launch prototype. Scores and figures shown are based on public sources and are illustrative until first publication.
VendorAudit
VendorAudit
Market Pulse Profiles Compare How to buy Reviews Methodology Newsletter
Subscribe
Category coverage Data Security DSPM · DLP · DAG · AI-SPM
Vendor profile · Data security · Updated April 2026 · Compare with another vendor

Normalyze (a Proofpoint company)

Cloud DSPM with strong analytics platform coverage, acquired by Proofpoint in October 2024. Integration still maturing. Best for organisations already evaluating Proofpoint for email security.

Capability strength
70/ 100
Company health
62/ 100
acquired by Proofpoint (Thoma Bravo PE)
Trajectory
Stable
Best fit for
Proofpoint customers; Snowflake-heavy cloud estates

At a glance

Normalyze was founded in 2021 and acquired by Proofpoint in October 2024. Proofpoint itself is a private equity-owned company (Thoma Bravo, acquired 2021 for $12.3 billion) focused primarily on email security and human-centric security platforms. The Normalyze acquisition added cloud DSPM capability to Proofpoint's portfolio alongside email-led data loss prevention. Integration of Normalyze into the Proofpoint platform was underway throughout 2025, with some capability consolidation continuing into 2026.

Normalyze had built a reputation for strong cloud-native DSPM with particular depth in analytics platform coverage (Snowflake, Databricks) and real-time data flow visibility. The Omdia 2025 DSPM Universe report noted that Normalyze's DSPM proposition concentrates on discovery and classification, delivering strong capability in core tenets even if broader posture management depth is more limited.

What Normalyze actually is

Normalyze is a cloud DSPM platform specialising in data discovery, classification, and risk visibility across multi-cloud environments with strong coverage of analytics data stores. The platform's real-time monitoring capabilities and visualisation of data flow and security posture were consistently praised in pre-acquisition reviews. Post-acquisition, Normalyze is being positioned as the DSPM layer within Proofpoint's broader information protection portfolio, complementing Proofpoint's email-based DLP with cloud data visibility.

Capability assessment

Strengths: Strong cloud-native discovery with good analytics platform (Snowflake, Databricks) coverage. Real-time data flow visualisation is a genuine differentiator for understanding how sensitive data moves through cloud environments. The Proofpoint acquisition adds email DLP breadth, creating a combined platform that covers both cloud data posture (Normalyze) and outbound email risk (Proofpoint) from a single vendor.

Weaknesses: Acquisition integration is still maturing. Buyers signing Normalyze contracts in 2026 are buying into an integration in progress — the feature set, pricing model, and go-to-market approach are all in flux as Proofpoint digests the acquisition. Proofpoint itself is under PE ownership with a likely exit (IPO or sale) expected in 2026-2027, adding another layer of ownership transition risk. Access governance, automated remediation, and behavioural detection depth are limited compared to the category leaders. APJ presence is minimal.

Company health and buying risk

Double acquisition risk is the defining characteristic of Normalyze's health profile. Normalyze was acquired by Proofpoint, which was acquired by Thoma Bravo. PE-owned vendors approaching an exit tend to prioritise margin over product investment — a risk for buyers committing to multi-year contracts. Proofpoint's Thoma Bravo exit is expected within the 2026-2027 window, which means the product roadmap, commercial terms, and support model may change materially once the exit is completed and a new owner has different priorities.

Strengths and weaknesses

Best for: Existing Proofpoint customers wanting to extend email-led information protection with cloud DSPM. Snowflake-heavy cloud environments needing strong analytics platform data visibility. Organisations that want a single vendor covering email DLP and cloud DSPM.

Worst for: Buyers prioritising product stability and roadmap certainty given the active PE exit process. Organisations needing APJ presence. Any environment requiring deep access governance, behavioural analytics, or AI security coverage.

Negotiation considerations

Build contractual protections against ownership-driven product changes — specifically: price escalation caps, SLA continuity guarantees for the first 24 months, and product feature commitments. Given the PE exit horizon, negotiate no longer than 2 years to preserve flexibility.

Business model and financial transparency

VendorAudit's detailed analysis of DSPM pure-play business model sustainability appears in the BigID profile and applies equally here. The short version: none of the private DSPM pure-plays publish audited financials, burn rate, or customer retention data. High headline ARR growth is being achieved through aggressive pricing that funds customer acquisition at below-cost economics, with capital raises sustaining the gap. The most likely exit is acquisition, not IPO — which means the buyer who acquires this vendor will bring their own pricing and roadmap priorities.

Before signing a multi-year contract, ask: net revenue retention rate, contract renewal rate, and gross margin on software. If the vendor declines entirely to share any of this data (even under NDA), treat that as information about how they view the buyer relationship. See the BigID profile for the full analysis.

Independence note: No portion of this analysis was shared with Proofpoint or Normalyze before publication. VendorAudit takes no money from covered vendors.