|
Tizor Discovery Service Identifies data vulnerabilities, helps mitigate data risk
The first step in enterprise data protection and data governance is determining where sensitive data resides and how it is vulnerable to theft, misuse and noncompliant activity. With sensitive data stored in databases, file servers and mainframes across the enterprise, gaining this insight can present significant challenges.
Most companies have sensitive information scattered across the enterprise. Customer information (credit card numbers, Social Security numbers), employee information (SSNs, addresses, salary and medical information) and operational information (financial data, IP) can reside in databases and file shares unprotected. Regulations such as PCI, GLBA, SOX and the Personal Data Privacy Act of 2007 require companies to protect data determined to be private. However, most companies are unable to address this requirement because they don’t have the tools to find and classify private data. This lack of visibility into critical data assets leaves companies exposed to significant risks such as data theft, data breaches and unapproved data access.
The Tizor Discovery Service addresses these challenges, providing the insight needed to understand an organization’s data risk posture and determine appropriate steps to mitigate risk. Comprehensive Insight
The Tizor Discovery Service provides a comprehensive evaluation of data risk. Using Tizor’s patent-pending data auditing and protection technology, our data protection experts determine precisely where critical data resides, how it is being used and how it may be vulnerable. A detailed Discovery Service report includes risk findings and recommendations for both immediate and long-term data risk mitigation.
The Discovery Service report covers a range of data risk categories, including:
- Privacy and PCI Related Activity
Identifies where customer/cardholder data is located throughout the enterprise and how and by whom it is accessed. This information is valuable in determining monitoring strategy and processes, whether access policies are effective and/or being followed, and where to employ encryption.
- Privileged user activity
Provides detailed information on privileged users’, including DBAs’, interaction with data and data servers—including which data was accessed and if and when it was altered, including database schema changes. This information is critical for determining actions required to improve internal processes and to meet SOX privileged user monitoring (PUM) and other compliance requirements.
- Suspicious user activity/data theft risk
Provides insight into user behavior with sensitive data that is in conflict with security and compliance policies or that might signal data risk, such as information theft or non-compliance. Access patterns for each individual user are captured and reported on; this can be used as a baseline for future security and compliance auditing policies.
The Tizor Discovery Service delivers the detailed information on user activity—and its associated risk--needed to drive data protection and compliance initiatives.
How the Tizor Discovery Service Works
1. Planning
The Discovery Service begins with a goal-setting session. Client stakeholders work with Tizor consultants to complete a Discovery Goal Questionnaire. Once the goals of the assessment are determined, Tizor consultants will review client infrastructure, identify areas of risk or concern, and create a tailored program plan to guide the Discovery process.
2. Monitoring
Once the Discovery plan is approved, Tizor consultants install Tizor’s Mantra data auditing appliance(s) in your environment. As a passive, non-inline appliance Mantra has no performance impact on applications, systems or processes. The Mantra appliance(s) inspects and analyzes a mirror of network traffic in order to find sensitive data, observe user activity, and assess compliance and data security risks according to specific policies.
This is a secure process and installation takes only a few hours. Risk monitoring takes approximately two to three days to complete.
3. Reporting
Discovery Service clients receive both an executive summary report and a detailed report on each of the risk categories covered. The summary report outlines the findings, including the potential risks, and recommended solutions for risk mitigation. The detailed report provides the full Discovery data for each of the activities identified, including information on failed logins, user DDL, DML, ClientIP, long sessions, and user events. Tizor consultants review each report, then work with the client team to formulate a risk mitigation strategy to address the particular risk situation.
See more Discovery Service Reports.
To learn more about the Tizor Discovery Service please email Tizor’s Discovery Team at Discovery@tizor.com or call 800-231-8224. Outside of the US call 978-243-3200. | 
