Join our select team of experts and discover the lucrative Power i (iSeries/AS/400) market. Distribute Raz-Lee’s advanced security software products around the world.

In addition to marketing and supporting Raz-Lee’s products, our partners provide profitable professional services and projects, such as security software implementation, configuration and assessments, all based around our field-proven products.

We provide our partners with solid support, technical training, regular updates and a wide array of marketing and sales tools.

For more information contact marketing@razlee.com

Raz-Lee Security, whose Japanese business partner, Sanwa Comtec is one of the leaders behind the original iManifest initiative in Japan, has recently joined both iManifest US and iManifest EMEA .

Raz-Lee strongly believes that the worldwide community of IBM’s Independent Software Vendors (ISVs) needs to speak out in a coordinated public relations offensive to ensure that the best business server ever designed – now called the Power i – be allocated the marketing budget and attention it deserves from IBM management.

We are committed to actively participating in the iManifest ventures and, based upon our nearly 30 years of i experience, will contribute to re-invigorating the platform to the benefit of the worldwide community In the words of Martin Fincham who is leading the iManifest EMEA initiative: “IBM needs to paint a … compelling future for the IBM i in bright, vivid colors and get the word out via traditional channels and by cultivating its to-die-for loyal user base and partner ecosystem. It can be done… Dispel the myths, tell great stories and commit to a compelling future that others can trust and buy into.”

For more info click iManifest US or iManifest EMEA .

Finally, CyberSecurity is getting the importance it warrants, and by none other than the President of the United States, Barack Obama. The new administration announced on May 29th the launch of a major CyberSpace Security Project, headed by a top-level office to better protect information networks and critical infrastructure.

“From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.” President Barack Obama

Hopefully, Obama’s enthusiastic drive for change will help alter overly complacent attitudes toward security. Amazingly, such attitudes are prevalent not only among the general public, but even at top government offices, as seen in the article Does the State Dept. Ignore Security? (Datamation.com). The article describes the frequency of incidents in which State Department employees access celebrities’ personal information out of curiosity. Moreover, an audit conducted at the State Department’s Office of the Inspector General (OIG) discovered “many control weaknesses – including a general lack of policies, procedures, guidance, and training” relating to information security.

The Obama administration’s Cyberspace Policy Review cites substantial damages caused by security hazards:

• Failure of critical infrastructures. CIA reports malicious activities against information technology systems have caused the disruption of electric power capabilities in multiple regions overseas, including a case that resulted in a multi-city power outage.

• Exploiting global financial services. In November 2008, the compromised payment processors of an international bank permitted fraudulent transactions at more than 130 automated teller machines in 49 cities within a 30-minute period, according to press reports. In another case reported by the media, a U.S. retailer in 2007 experienced data breaches and loss of personally identifiable information that compromised 45 million credit and debit cards.

• Systemic loss of U.S. economic value. Industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion.16

With such heavy tolls recognized, perhaps more conscientious approaches to information security will trickle down from government officials to private companies and IT managers.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

Check out this noteworthy real-life security story: a major European high-tech company (we’ll call it Company X) couldn’t trace a certain large sum after it had been transferred between several different systems throughout the company. Unfortunately for Company X, the authorities claimed it was income…

When Company X tried to prove otherwise, they found that the trail of the sum was too complex to trace. They put numerous managers to the task of trying to trace this sum, but no go. It was impossible for the company to prove that the sum was not income.

To make a long story short, Company X had to pay 5 Million Euros! Arggghhh…

What could have given this story a fairytale ending?  A security solution that tracks all changes in application databases, throughout all the company’s systems. A solution that provides clear reports, displaying all changes which occurred over long periods, on a single timeline. This could have been just the proof that Company X needed to rescue it from its tight spot.

Such as solution was actually developed by Raz-Lee Security, and is called AP-Journal. An Application Security and Business Analysis Solution for System i, AP-Journal protects business-critical information, keeping managers closely informed of all changes in their databases using real-time alerts and cross-application reports.
Click to learn more about AP-Journal.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

The Hardships of Security
Corporate security can be a hassle… (especially if you don’t have the right security system)
Click here to view clip

  
Security – Just a Continent Away…
Better check the reliability of your Security Provider!
Click here to view clip

Greetings from a Hacker
Sound scary? Well, get protected…
Click here to view clip

Storytime: Repeated Mistakes in Info Security
In Security, each mistake can cost…
Click here to view clip

For information on System i Security, please visit www.razlee.com

By Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

"We don't need security"

I would like to share the story of one of our customers, the Belgium subsidiary of a major bank in Germany.

When we first approached this bank, the managers said they don’t really need System i Security, since “everything is OK” with their system. This is actually a typical response of many companies and organizations, who tend to embrace a “what you don’t see can’t hurt you” policy.

We then proceeded to demonstrate our iSecurity Audit on the bank’s System i. Audit provides monitoring and reporting on all activity in the System i environment, as well as real-time server security auditing and detailed server audit trails. We quickly gathered the bank’s information from the previous two weeks, as provided by the OS400 audit log.

To the bank’s total surprise, within seconds we could see that one of the bank’s users tried to enter a password 15 times, while another user entered his password 21 times! Seems just a little suspicious, doesn’t it?

Not surprisingly, the bank decided to immediately purchase and implement a full iSecurity solution, to control and protect its System i. Now, five years later, with all their reports automated, the bank staff doesn’t even remember that iSecurity is doing the job. It is the result that counts: safety and control.

Written by Shari Masafy, MarCom Manager, Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

The recession has been here for quite a while, and each company must rethink and adjust their strategy and expenditures to suit the unstable economy. In most cases,  this means companies will only invest in what they consider essential.

Is information security essential? I think so. Here is why information security becomes even more vital in a time of recession:

• Time of increased security risks – In a recession, more people are hard-pressed for money and have large debts; more people are unemployed, bored and angry. And don’t forget all those employees you fired last week, who could well be looking for revenge… all these people are potential hackers and embezzlers.
• NOT a time to expand your losses – In a recession, all companies suffer financially. However, no one can afford to expand losses by losing huge sums to hackers.
• Time to automate your tasks – In a Down Market, you have to make do with fewer employees. This means you have to be more efficient. Sophisticated security tools, such as iSecurity, can save you lots of time, with wizards, report generators, real-time alerts, and more. 
• Time to prepare for the upturn – Now, when sales are low, concentrate on preparing your infrastructure for the day after the recession, when you will have to focus on expanding sales and marketing.
• Time for Musts only – Security is a Must. It is not a nice-to-have new project. It is safeguarding what you already have and treasure most – your business-critical information.

Click here for information on the need for information security.
Click here for information on iSecurity, Raz-Lee’s sophisticated system i security tools
Written by Shari Masafy, Marketing Communications Manager, Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

How sufficient is integrated IBM i security?

I recently ran into an interesting quote in System i News Magazine, January 2009:

“Not only is IBM i virus resistant, its object-based architecture provides integrated security based deep into the heart of the system. You don’t need to apply a multitude of security patches – because security is not an afterthought with IBM i”.

I couldn’t agree more. As VP Business Development at Raz-Lee Security, which has focused on software and security products for AS/400/IBM i since 1983, I can testify that security is indeed built into the IBM i to an extent that is unequaled on any other platform.

However, it’s important to emphasize the areas where IBM i only provides the infrastructure for security solutions, leaving it to each company – or to software providers like ourselves – to turn this infrastructure into something manageable and beneficial to CIOs, CSOs, auditors and system administrators.

Certainly the exit point architecture for protecting network access exists in vanilla OS/400; but were it not for a solution such as iSecurity Firewall, most organizations would not have the qualifications or resources to utilize these exit points.

The same goes for QAUDJRN log information; the information may all be there but its esoteric codes are unreadable without a solution such as iSecurity Audit which provides a useable front end to all this extremely valuable information.

OS/400 provides a wealth of password related system values and options; so many in fact, that a solution such as iSecurity Audit, which provides built-in password-related reports, a report generator and scheduler, is an absolute must.

And then there are capabilities that OS/400 simply does not provide; for example, an automatic operator facility (part of iSecurity Action) which can send real-time alerts and execute CL (command language) scripts in the case of a security breach.

And finally we reach the area I’ll call “Application Security”: using OS/400 facilities to secure the company’s business critical data. We’ve actually seen a growing trend over the past 2-3 years of companies’ growing interest in securing applications, as opposed to “infrastructure” (i.e. network access, QAUDJRN ).

iSecurity’s flagship product in the area of “Application Security” is AP-Journal. This product utilizes the information in OS/400 journal receivers, which fill up quickly and become unmanageable, and stores it in special purpose containers. These containers store only updates/fields which were defined by the user as “significant” and are therefore much smaller than journal receivers.

For example, AP-Journal can “trap” changes to application fields which are beyond a user-defined threshold, so that when a change occurs, an e-mail or operator message are sent to notify management. And, because the containers can store years worth of data, AP-Journal can easily provide a timeline report of all changes made to a mortgage over numerous years.

Another capability touching on application security is iSecurity’s ability to “capture” (via iSecurity Capture) user green screen images, store them and play them back at a later date.

In conclusion, while the IBM System i does lay out a groundwork for security, you still need additional, professional applications such as those offered by iSecurity in order to actually exploit the features/information provided by IBM.

Written by Eli Spitz, VP Business Development at Raz-Lee Security.
Email Eli Spitz at marketing@razlee.com