SOURCE: Tizor Systems

July 08, 2008 08:57 ET

Tizor Monitors and Secures Sensitive Data for F500 Global Bank, Achieving Significant ROI

Tizor's Mantra Database Monitoring and Protection Solution Simplifies and Reduces the Cost of Compliance and Data Security for Leading Bank

MAYNARD, MA--(Marketwire - July 8, 2008) - Tizor Systems, a leading provider of enterprise database monitoring and protection solutions for the data center, today announced that a global bank has implemented Tizor's Mantra solution to meet data auditing requirements for Sarbanes Oxley (SOX) and a variety of data privacy regulations. The Fortune 500 customer recognized that in order to meet the critical demands created by a changing business environment, protect against the increasing sophistication of information thieves, and address a rapidly growing roster of compliance requirements, they must simplify, centralize and unify their database activity monitoring (DAM) processes.

Using Mantra, the bank achieved their goals by automating the requirements of multiple compliance regulations, saving significant dollars, time and valuable resources -- including key personnel. In an initial deployment across several dozen databases, within a few hours of implementing Mantra, the customer was able to see who was accessing critical data, when it was being accessed and from where. The company is now better prepared to protect core data from data breaches and address changes in existing regulations and future security challenges.

Data Discovery: The Key to Database Security

The customer first needed to "discover" where cardholder data resided throughout the network to devise the best strategy for monitoring and reporting on all cardholder data. The lack of visibility into critical data assets left the customer exposed to significant risks such as data theft, data breaches and unapproved data access. By automatically identifying suspicious behavior in real time, Mantra eliminated the need for complex baseline policies that generated volumes of false positives and consumed valuable resources.

The bank used Tizor's Data Discovery capabilities to pinpoint the location of data such as credit card and Social Security numbers stored in both production databases and on file shares in spreadsheets and word documents. They now have a single centralized view and audit trail of all user activity across hundreds of databases and file servers based on regulated policies.

Automating Compliance: The Low-Cost Solution

Prior to Mantra, the bank relied on the manual efforts of valuable technical professionals for database-level SOX compliance, leaving these employees with little time to handle critical tasks related to customer requirements. The company had completed a fairly substantial SOX compliance project and considered themselves checkbox compliant; however, the compliance process they had in place was expensive and inflexible, and did not address the auditing requirements of other compliance regulations, including the Gramm-Leach-Bliley Act (GLBA).

By providing a multi-compliance solution for SOX, GLBA and other regulations, Tizor's Mantra has enabled the customer to automate many of the manual tasks the bank had previously used to audit activity. After deploying the Mantra solution for database discovery, monitoring and compliance reporting across its heterogeneous database environment, the customer reports a significant drop in labor and capital costs.

Securing Outsourced Environments

Adhering to corporate and regulatory standards and data protection best practices across systems, divisions, and geographic boundaries was a challenge. The bank needed to meet corporate auditing requirements and enhance real-time monitoring and auditing controls over sensitive data for offshore outsourcing activity related to information technology outsourcing, business process outsourcing and remote database outsourcing.

With Mantra, the bank can effectively and proactively monitor and report on privileged users, the applications they use, the activities they conduct, and the content they access. Additionally, they will have a centralized view and audit trail of all user activity across hundreds of databases and file servers, across all unstructured and structured data. This non-intrusive approach allows for the enhancement of security practices, for improved data protection and Identification Management by monitoring and capturing all privileged user activity.

Mantra determines the usage patterns and risk profiles for all users and applications that access critical data. The discovery service also includes a risk assessment report to identify risks associated with current operating practices and to develop plans to mitigate those risks. The bank has set policies to detect unusual activity based on user's data access behavior which issue real-time alerts to help mitigate risk.

Ease of Use, Scalability, Superior Performance

The customer installed and deployed the Mantra system in hours, immediately providing them with all the automated reports they needed right out of the box. With its enhanced user-interface (UI) design and functionality, and pre-built SOX policies, the system was up and auditing data within a day.

Mantra SOX reports were scheduled to run daily and weekly and were automatically distributed to key personnel. During the audit cycle, Mantra distributed key audit reports that were approved by the assigned managers with digital signatures. As a result, the auditors were able to immediately gain access to the data and reports they needed for the audit. This streamlined the process and reduced the cost of the audit.

Scalability was also critical to the bank that could not afford scale problems as it grew. The bank needed a system that could support several hundred databases and have the ability to continue to scale to support future growth. Mantra was designed specifically for high-performance auditing, can scale to meet the most demanding environments and largest data centers, and transparently monitors and audits compliance activity without impacting production databases.

ROI Methodology

Mantra appliances met the customer's compliance needs immediately and achieved automation, thereby alleviating the majority of the FTE costs and capital investment. Since Mantra appliances were pre-packaged with auditing capabilities, this approach also eliminated additional ongoing development costs for enhancements.

The bank's initial deployment was followed by a large-scale rollout to hundreds of databases, involving a multi-million dollar ROI and cost saving. Typically requiring a one-year ROI on technology purchases, the customer realized an ROI on Mantra within months of implementation. The customer now has the actionable, real-time insight into critical activity that it needs to meet the compliance, security and business assurance challenges. As a result, this company liberated database professionals from mundane reporting tasks, made their businesses more competitive, and allowed IT database and security staff to spend more time on strategic initiatives that grow revenue and market share.

The bank realized a significant reduction in capital costs, a marked reduction in technical support and project management costs, an ROI payback period in a matter of weeks, and a total savings amounting to more than $1 million dollars for the first phase of the project alone.

About Tizor

Tizor provides the world's largest companies with the only enterprise database monitoring and protection solutions capable of monitoring, reporting and alerting on all critical data activity across the enterprise data center -- databases, file servers and mainframe applications. Tizor's global enterprise customers include financial institutions, insurance companies, retailers, manufacturers, healthcare providers and airlines, among others. These companies rely on Tizor's Mantra solutions to protect critical data assets, detect data breaches and provide data-related compliance, including SOX and PCI.

Headquartered in Maynard, Massachusetts, Tizor is a member of IBM's Data Governance Council and the PCI Security Standards Council. Visit Tizor's Website at or data auditing blog at

Contact Information