E-security Cuts Costs and Time from Audit Preparation and Review for Fortune 500 Brokerage Firm

Key benefits include:
• Demonstrating compliance with internal policies and Sarbanes-Oxley regulations
• Gaining the visibility and control required to manage the compliance monitoring program more cost effectively
• Detecting and resolving violations faster while reducing operational costs
• Delivering appropriate reports, documentation and metrics to continually assess compliance posture and pass audits more cost effectively and efficiently
• Using existing resources more efficiently by eliminating tedious manual processes
• Avoiding the cost of hiring additional resources to monitor policy compliance

The Company
The customer is a Fortune 500 global brokerage firm offering securities and commodities brokerage, asset management, trust services, mutual funds, insurance, and investment banking to individuals.

The Challenge
As a financial institution, this firm is heavily regulated. Although the company established well-documented policies to address regulatory requirements, they had no cost-effective way to monitor policy compliance across their multiplatform, multi-vendor IT environment. Gathering and interpreting policy-related data generated from disparate IT systems was labor-intensive and costly. Furthermore, the company had no effective way to generate timely management reports because they kept the information needed for the reports in decentralized “silos.” The manual processes required to aggregate the data for audit preparation and review cost too much time and money. Increased regulatory pressures and the dramatic impact on shareholder value from potentially missed violations and inaccurate diagnoses drove them to seek a better solution.

The Solution
The company decided to address the costly and time-consuming audit preparation and review process by automating 80% of the 76 measurable controls that required monitoring. The security team required timely notification of policy violations and long-term metrics to demonstrate compliance with Sarbanes-Oxley, GLBA and other regulations. Sentinel automates the detection, correlation, notification and reporting of policy violations across the company’s enterprise. The customer uses Sentinel’s flexible data collection capabilities to aggregate and correlate policy data from a variety of databases, operating systems, and applications, including instant messaging and remote e-mail. This enables the customer to mitigate the risk of unauthorized access or disclosure by detecting violations immediately. The customer uses Sentinel’s Active Views™ as a real-time dashboard to gain visibility into their security posture across the company, and uses Sentinel’s correlation engine to continuously analyze security events 24 hours a day.

The Results
25% Productivity Increase
Before implementing Sentinel, the company simply did not have enough resources to monitor critical systems that used Oracle®, Sybase®, SQL Server® and Teradata® databases. With Sentinel, the company now monitors and reviews policy violations on 5 times as many assets as before, while increasing department productivity by 25%. Sentinel allows the company to monitor all critical assets, significantly reducing risk and increasing policy compliance visibility across the enterprise. Automating policy monitoring and reporting also significantly reduced the time and costs involved in audit preparation and review.

Pass Audits With No Findings
Before implementing Sentinel, the company was not confident it could pass a Sarbanes-Oxley audit. With Sentinel, the brokerage firm passed a Sarbanes- Oxley audit (as well as internal audits) with no findings cited.

Increase Visibility Required to Continually Assess Compliance Posture
Before implementing Sentinel, the company could not adequately assess its compliance posture. They had no centralized tracking system for policy violations, no visibility into policy compliance status, and no timely and accurate reports. Now, when a violation occurs, Sentinel automatically opens an incident, assigns it to the appropriate resource for resolution, and tracks the status of the violation from occurrence through resolution, automatically generating reports to track incident status. Furthermore, the company can now respond more efficiently to security- and compliance-related inquiries from relevant governing agencies such as the FDIC and SEC.