Sitemap    Contact Info
Tizor Systems, Inc. - Data Protection and Compliance Auditing Solutions
About Us Solutions Products Services Partners News & Events Resource Center
Services View Mantra
Tizor Data Discovery and Risk Assessment Service
Data Risk Assessment Service
Tizor Data Discovery and Risk Assessment Service

Identifies data vulnerabilities, helps mitigate data risk

The first step in enterprise data protection and data governance is determining where sensitive data resides and how it is vulnerable to theft, misuse and noncompliant activity. With sensitive data stored in databases, file servers and mainframes across the enterprise, gaining this insight can present significant challenges.

Most companies have sensitive information scattered across the enterprise. Customer information (credit card numbers, Social Security numbers), employee information (SSNs, addresses, salary and medical information) and operational information (financial data, IP) can reside in databases and file shares unprotected. Regulations such as PCI, GLBA, SOX and the Personal Data Privacy Act of 2007 require companies to protect data determined to be private. However, most companies are unable to address this requirement because they don’t have the tools to find and classify private data. This lack of visibility into critical data assets leaves companies exposed to significant risks such as data theft, data breaches and unapproved data access.  

The Tizor Data Discovery and Risk Assessment Service addresses these challenges, providing the insight needed to understand an organization’s data risk posture and determine appropriate steps to mitigate risk.

Comprehensive Insight

The Tizor Data Discovery and Risk Assessment Service provides a comprehensive evaluation of data risk. Using Tizor’s patent-pending database monitoring and protection technology, our data protection experts determine precisely where critical data resides, how it is being used and how it may be vulnerable. A detailed Data Discovery and Risk Assessment report includes risk findings and recommendations for both immediate and long-term data risk mitigation.

The Data Discovery and Risk Assessment report covers a range of data risk categories, including:

  • Privacy and PCI Related Activity
    Identifies where customer/cardholder data is located throughout the enterprise and how and by whom it is accessed. This information is valuable in determining monitoring strategy and processes, whether access policies are effective and/or being followed, and where to employ encryption.
  • Privileged user activity
    Provides detailed information on privileged users’, including DBAs’, interaction with data and data servers—including which data was accessed and if and when it was altered, including database schema changes. This information is critical for determining actions required to improve internal processes and to meet SOX privileged user monitoring (PUM) and other compliance requirements.
  • Suspicious user activity/data theft risk
    Provides insight into user behavior with sensitive data that is in conflict with security and compliance policies or that might signal data risk, such as information theft or non-compliance. Access patterns for each individual user are captured and reported on; this can be used as a baseline for future security and compliance auditing policies.

The Tizor Data Discovery and Risk Assessment  Service delivers the detailed information on user activity—and its associated risk--needed to drive data protection and compliance initiatives.

How the Tizor Data Discovery and Risk Assessment Service Works

1. Planning
Data Discovery and Risk Assessment begins with a goal-setting session. Client stakeholders work with Tizor consultants to complete a Goal Questionnaire. Once the goals of the assessment are determined, Tizor consultants will review client infrastructure, identify areas of risk or concern, and create a tailored program plan to guide the Data Discovery and Risk Assessment process.

2. Monitoring
Once the plan is approved, Tizor consultants install Tizor’s Mantra database monitoring appliance(s) in your environment. As a passive, non-inline appliance Mantra has no performance impact on applications, systems or processes. The Mantra appliance(s) inspects and analyzes a mirror of network traffic in order to find sensitive data, observe user activity, and assess compliance and data security risks according to specific policies.
This is a secure process and installation takes only a few hours. Risk monitoring takes approximately two to three days to complete.

3. Reporting
Data Discovery and Risk Assessment Service clients receive both an executive summary report and a detailed report on each of the risk categories covered. The summary report outlines the findings, including the potential risks, and recommended solutions for risk mitigation. The detailed report provides the full Discovery data for each of the activities identified, including information on failed logins, user DDL, DML, ClientIP, long sessions, and user events. Tizor consultants review each report, then work with the client team to formulate a risk mitigation strategy to address the particular risk situation.

See more Discovery Service Reports.

To learn more about the Tizor Data Discovery and Risk Assessment Service please email Tizor’s DD&RA Team at Discovery@tizor.com or call 800-231-8224. Outside of the US call 978-243-3200.

For more information, please fill out the form below:
* indicates required field.
*First Name
*Last Name
*Company
*Title
*Email Address
*State/Providence
*Country
*I am interested in
*How did you hear about us
If other, please describe

Tizor Discovery Service Data Sheet