Abu Dhabi Commercial Bank Implements Guardium to Strengthen Database Controls

Security Initiative Driven by ADCB Audit Strategy to Monitor DBAs and Prevent Unauthorized Changes to Critical Databases


WALTHAM, MA - June 3, 2008 - Guardium, the database security company, and StarLink, a leading Middle East provider of security and compliance solutions, today announced that the Abu Dhabi Commercial Bank (ADCB) has successfully implemented Guardium’s real-time database security and monitoring solution to prevent unauthorized changes to critical financial tables by privileged users such as DBAs.


A publicly traded company, ADCB is the third largest commercial bank in the Middle East, with a 33-branch network spread across the UAE in addition to two branches in India and an offshore banking unit in the Cayman Islands.


Complex Heterogeneous Environment
ADCB’s data center is typical of many in that it is complex, multi-tier and heterogeneous.  The bank’s critical application infrastructure consists of different DBMS platforms running on both UNIX and Windows, along with numerous, multi-tier, banking applications.

“We were seeking a unified, cross-DBMS solution that delivers granular, real-time controls without the complexity, overhead and risk of native DBMS-resident auditing, and Guardium fulfilled all our requirements. Our goal is to ensure that critical information is stored securely through the adoption of best-of-breed technologies.” said Steve Dulvin, Head of IT Security at Abu-Dhabi Commercial Bank.


Guardium: Dominant in the Region
The Guardium solution was evaluated and deployed at ADCB by StarLink LLC, which has a distribution partnership with Guardium covering the United Arab Emirates (UAE), Saudi Arabia, Kuwait, Bahrain, Qatar, Oman, Egypt and Jordan. In addition to the ADCB sale, this partnership has yielded successful deployments at many other prestigious financial organizations including:


Another leading UAE bank.


The largest stock exchange in the Middle East.


The largest commercial bank in the UAE.


A leading Saudi bank.


One of the largest Islamic banks in the region.


The National Bank of Kuwait.


Another major Kuwaiti bank.


“We are now sweeping the region with Guardium’s powerful solution for enterprise database auditing and real-time protection,” said Nedal Ahmad, Regional Sales and Marketing Manager, StarLink.  “Given the strategic importance of safeguarding sensitive financial and customer data, our customers are looking for robust and comprehensive solutions that have been properly architected to address their needs both now and in the future.”


The Challenge: No Visibility into Changes by Privileged Users
Most organizations have formal change control policies and processes that govern how and when changes are made to production databases. Until recently, however, there were no practical solutions for detecting when critical changes were made outside of these policies and processes. This is both a serious data governance issue and a regulatory compliance issue for most firms, especially in financial services.


Guardium 7 continuously monitors all database transactions, without adding overhead or relying on traditional DBMS-resident logs that can easily be disabled by DBAs.  It creates a verifiable audit trail of all transactions - including DBA activities that access databases directly via “back-door” protocols such as Oracle Bequeath, named pipes and shared memory - and immediately generates real-time security alerts whenever policy violations are detected.  This enables organizations to effectively enforce corporate change controls, such as preventing changes outside of authorized change windows.


Guardium’s technology also dramatically reduces staff time by automatically creating reports that compare all detected changes with approved change requests. This process, known as “change control reconciliation,” is increasingly required by auditors to tighten internal controls for critical systems.


About Guardium
Guardium, the database security company, delivers the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of enterprise data.  Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise platform that both protects databases in real-time and automates the entire compliance auditing process.

The company’s enterprise security platform is now installed in more than 450 data centers worldwide, including 3 of the top 4 banks; 3 of the top 5 insurers; 2 of the top 3 retailers; 15 of the world’s top telcos; top government agencies; 2 of the world’s favorite beverage brands; the most recognized name in PCs; a top 3 aerospace company; and a leading supplier of business intelligence software.


Guardium has partnerships with Oracle, Microsoft, IBM, BMC, EMC, Accenture, McAfee and ArcSight, with Cisco as a strategic investor, and is a member of IBM’s prestigious Data Governance Council and the PCI Security Standards Council.

Guardium is a trademark of Guardium, Inc.