Cyral Secures at the Data Layer

Additional Info

Company size (employees)10 to 49
Headquarters RegionNorth America
Type of solutionCloud/SaaS


Most companies don’t know what data they have, where it is stored, or who has access to the data. As more users, applications, and services require access to sensitive datasets across multiple clouds, security organizations struggle to keep pace with the growing risks, complexity, and costs associated with securing data.

Cyral automates least privilege for your most sensitive datasets to reduce risk, complexity, and cost. The Cyral platform discovers these datasets, unifies access controls for users and applications, and enables fine-grained authorization policies as code, which enables risk-based governance and limits the blast radius of data breaches.

Unlike other security controls in the tech stack, Cyral’s discovery, authentication, authorization, and auditing controls build a secure perimeter directly around priority datasets to regulate who has access, how much access, and when access can be granted — eliminating the risk of insider threats, direct attacks, and compromised applications and environments.

How we are different

Securing database access is critical for data-driven businesses as more roles need access data for insights. However, many databases are protected only by a password that gives the user full access across the whole dataset. Existing security tools are not database aware and have no way of knowing what’s in the database and whether a user should be allowed to access a specific field or record—it’s all-or-nothing access. Cyral fixes this challenge by adding a complete suite of discovery, authentication, authorization, and auditing controls that include MFA, data masking, and IP-based controls.

Many people also think their privileged access management (PAM) system is enough on its own. PAM solutions first authenticate a user’s identity, then grant privileges based on that identity. On the surface, the case for using PAM to grant database access looks sufficient. The problem is that PAM solutions are not data or database aware — granting full access to sensitive datasets — and don’t support applications. Cyral goes beyond PAM’s restrictions to first authenticate and authorize users and applications. Then, it applies field-level security controls, like masking, filtering, and rate-limiting, that can be tailored to the users or user groups.

Cyral also has risk-based data security governance. It allows a company’s security leader to set an exfiltration cap on sensitive data, so even if hackers get past initial security measures, they can’t steal high volumes of sensitive data. Often in the case of a breach, the culprit is a lack of controls on the server where the data is kept, and authorized users and applications that should be reading only a few records can access thousands without issue. Cyral’s approach mitigates risk based on the sensitivity of the data rather than focusing on the attack vector.