Symmetry Systems

Data+AI security posture platform that fuses the data estate with the full identity graph. Primary category: dspm; also data-access-governance.

One-liner — A DSPM platform that maps sensitive data to who can reach it — humans, service accounts, AI agents, third parties — and can automatically remediate over-permissioned or misconfigured access.

What it does

Symmetry discovers and classifies sensitive data across clouds, SaaS, on-prem, legacy, and air-gapped stores, then joins that data map to a complete identity graph so you see not just what is exposed but exactly which identity could reach it and what they could do. DataGuard delivers the DSPM/data-access-governance view; DataEnforce acts on it — auto-remediating misconfigurations, revoking excess permissions, and enforcing policy without requiring a separate DLP or PAM tool. Increasingly positioned around exposure at the intersection of data and agentic identities.

Where it sits in the stack

Data layer — primary dspm, secondary data-access-governance. It controls access to sensitive data — reducing blast radius by knowing and shrinking who/what can reach it, including AI agents. Adjacent to dlp and identity tooling (veza, sailpoint).

Deployment & architecture

Flexible deployment — managed SaaS, customer-hosted, cloud, on-prem, legacy, and air-gapped — which is unusual in DSPM and matters for regulated/isolated environments. Builds an identity-to-data graph rather than only tagging data at rest. Included as a Representative Vendor in the 2025 Gartner Market Guide for DSPM.

Positioning & differentiators

Differentiator is the identity-graph fusion (data + identities + actions) and the active-remediation angle (DataEnforce), plus broad deployment reach including air-gapped. Origin: DARPA-funded research at UT Austin. Competes with cyera, sentra, bigid, bedrock-security, normalyze, concentric-ai, and varonis on the access-aware DSPM edge. Smaller/quieter than the best-funded DSPM players, so vendor-scale risk applies.

Ownership, funding & M&A

Acquired by zscaler — announced 2026-05-21 (terms undisclosed; Zscaler folds Symmetry’s Data Access Graph into its Zero Trust platform to map/secure AI-agent identity↔data flows; close expected shortly after announcement). Prior funding: ~$15M Series A (2022) + $17.7M inside round (2023-08-09, ForgePoint + Prefix, W11, TSG) — ~$33M total (approximate). The seed had no M&A flag and an earlier research pass wrongly recorded it as independent; corrected via the Zscaler/Symmetry primary announcements. See ai-security-m-and-a-map.

CTO / hedge-fund lens

DSPM is Day-1 for AI on internal data; Symmetry’s identity-aware cut is appealing where the real question is “which account or agent could exfiltrate this.” The flexible/air-gapped deployment suits funds unwilling to send sensitive data to a cloud scanner. Indirect SR 11-7 relevance (governs data feeding models). Weigh its smaller scale against bigger DSPM vendors; good shortlist candidate where identity-to-data lineage and on-prem/air-gapped coverage are priorities.

Competitors / alternatives

cyera, sentra, bigid, bedrock-security, normalyze, concentric-ai, varonis, microsoft-purview, wiz.

Open questions / to verify

  • Precise total funding and any round since the 2023 inside round.
  • Current customer scale / traction relative to Cyera/Sentra.
  • How much of DataEnforce auto-remediation customers actually run in enforce (vs. observe) mode.

Sources

History

  • [2026-06-28] Stub created from seed registry.

  • [2026-06-28] Researched; established independent (private), San Jose, DARPA/UT-Austin origin, ~$33M raised incl. $17.7M (2023). Product = DataGuard (DSPM) + DataEnforce (remediation), identity-graph differentiator. No M&A. Set ownership_confidence high.

  • [2026-06-28] CORRECTION (lint cross-check): ownership independent→acquired. Zscaler acquisition confirmed (announced 2026-05-21); earlier research missed it. Source cached.