Raz-Lee Security, a major world-wide vendor of security solutions for IBM Power i computers, has enhanced its feature-rich SOX and PCI compliant file editor, FileScope, with full Unicode (UTF-16, UCS-2) support, to comply with the prevalent international standard. Unicode support is totally unique in the Power i data manipulation market and encompasses ALL FileScope facilities including Substring, Scan and Subset functions.

Unicode, a fundamental building block for international e-business, allows data from many different languages to be stored in one repository. Today’s business world demands that IT systems be able to present content and conduct transactions in all major worldwide languages. Unicode enables a single set of application source code to be written to process data in any language. It also makes the addition of new language support to an existing e-business application relatively simple since character processing and storage remains unchanged. This results in lower costs of implementation, faster time to market, and higher customer satisfaction.

FileScope is packaged in both Gold and Platinum versions, both of which support the new Unicode capability. While technologically similar, the Platinum version supports more SOX, PCI, auditing and file journaling capabilities, making it more appropriate for large and mid-sized shops.

As part of the announcement, Raz-Lee will provide, for a limited time, FileScope/Gold with Unicode Support at $0(!) including free maintenance for up to three months.

FileScope’s Unicode support enables viewing SAP, JDE, MOVEX, BPCS, and other files. The following functions are supported for these and similar files:

• Display file contents
• Print file contents
• Update records (single record, full screen, global changes)
• Scan for fields
• Subset records (OPNQRYF) including all Tests such as EQ….LIKE 
• Substring field values
• Undo changes (up to 99 days)

Raz-Lee also offers FileScope Platinum, an upgraded version, which includes (in addition to the Gold Edition features):

• Improved SOX/PCI support
  • SYSLOG/SNMP Messages for SIEM – transmits up to 1000 lines per second.
  • User Activity List Email – including users, times and actions.
• XML support
• Report Generator
• Full Screen Update

 ”A Unicode-supporting file editor is a highly desirable product, unrivaled by any other company, and we’ve already witnessed the demand for it” said Shmuel Zailer, CEO, Raz-Lee Security. “It is a fitting enhancement for our FileScope product, which is already well-stocked with unique features such as Undo, Join and User activity list emails – also unique to Raz-Lee’s technology.”

Raz-Lee Security, a leading global supplier of information security & compliance solutions for the IBM Power i, has released iTweet, a product enabling instant messaging over Twitter for the Power i.

iTweet sends selected messages to relevant users through www.twitter.com. These messages are sent effortlessly and instantaneously to users. These messages include event information, message queues, alerts on changes, deletes or reads, emergency changes in user authorities, IFS viruses detected, field-level changes to data and even VIEW of pre-defined “unreadable” data object deletion.

The tool provides a bi-directional interface between Twitter and the Power i, so that users can reply from Twitter to the Power i, for example when an error/inquiry message appears.

Messages can be received through PCs, cell phones or PDAs. A secure environment can be configured, ensuring that only relevant users can view them.

iTweet is available both as a standalone tool and as a feature integrated into other iSecurity products such as Audit, Authority on Demand, AP-Journal, Anti Virus and more. Security alert support via iTweet is in addition to existing support for alerts in the form of e-mails, MSGQ, SNMP messages, SYSLOG, SMS, etc.

In order to adapt to Twitter’s limitation of up to 100 messages per hour, the iSecurity SYSLOG assigns security levels to each message in order to decide which messages to send.

“Twitter, a highly popular social marketing tool, is mostly used for recreational or marketing purposes. iTweet, however, utilizes its easy and immediate qualities for purely technical and functional purposes. iTweet can be a real help for System Administrators and Power i users, speed up processes and streamline knowledge flow.”

Raz-Lee Security Inc., a major vendor of security solutions for IBM Power i computers, announced that SYSLOG real-time notification messages are now supported in all iSecurity products, including Audit, AP-Journal, Authority on Demand and Anti-Virus.

iSecurity’s SYSLOG feature sends events from various Power i facilities (such as logs and message systems) to remote Security Information and Event Management (SIEM) servers.

The advanced iSecurity SYSLOG capacity enables the system administrator to categorize events according to a range of severities such as emergency, alert, critical, error, warning, notice, informational and debug. It also enables the user to decide under which conditions the Power i should send a SYSLOG message, to choose the IP address of the SYSLOG server, the facility from which the message is sent, the severity range and the recipients, as well as decide whether the SYSLOG message should contain all events from iSecurity Firewall or only the rejected entries. Another useful feature is the ability to easily define the message structure, rather than receiving the standard long message and having to manually divide it into intelligible parts.

One of Raz-Lee’s Israeli customers, among the largest insurance firms in the country, makes extensive use of iSecurity SYSLOG, and transmits the entire journal receiver log using SYSLOG messages. Approximately 1000 alerts are transmitted per second, utilizing only 1% of the CPU.

“Our SYSLOG facility is not only spreading to additional products, but also to more and more customers worldwide,” said Eli Spitz, VP Business Development, Raz-Lee Security. “It gives customers the utmost flexibility to control both message conditions and content, thereby making security in the organization considerably more efficient.”

Getting PCI Compliant can be a hassle… or it can be a quick & effortless task. Find out how to easily check your Power i’s compliance status, customize a built-in report, receive summary or detailed reports, and much more. Click here to View the iSecurity Compliance Evaluator Demo

Raz-Lee’s iSecurity Anti-Virus product is based upon ClamAV, an open source toolkit. We often enconter questions from customers and distributors alike about its qualities, and about how it compares with commercial Anti-Virus solutions.

 So first – some basic info:

ClamAV is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tools for automatic database updates. The core of the package is an anti-virus engine available as a shared library. For more information click here.  

 ClamAV has won the following awards:

• InfoWorld best of open source in security, September 10th, 2007
• 2006 SourceForge.net Community Choice Awards, April 5th, 2006
• Linux Format Magazine chose ClamAV as the best AV, January 16th, 2006

And most important –  ClamAV is held in high esteem by its users. Some examples of this can be viewed in ClamAV.net forum, where users expressed their appreciation for ClamAV:

On Tue, Nov 24, 2009 at 4:27 PM, Scott Mohnkern mohnkern@gmail.com wrote:

“In our particular environment (a government server farm), we were asked  to deploy the Mcafee virus scanning tools for Linux. After several months of  frustration, we concluded given our particular configuration (A very large Storage Area Network) that McAfee would never meet our needs.

We tested and deployed ClamAV across 63 machines with over 24 terabytes  of  network storage and have found that it fits our needs extremely well. We  don’t do “on the fly” scanning, but do scanning on a cycling basis per   machine, to avoid overtaxing our network”.

 On Fri, Dec 4, 2009 at 4:10 AM, Robin diilbert.atlantis@gmail.com wrote:

 ”…I tested < McAfee CommandLine > Scanner scanning a simple file and it was 10x slower than ClamAV. “ 

On Fri, Dec 4, 2009 at 5:32 AM, Dennis Peterson dennispe@inetnw.com wrote:

 <ClamAV> is so good that TrendMicro thought it worth going to court to stop it.

For more information on iSecurity Anti-Virus please contact marketing@razlee.com

Written by Shari Masafy, MarCom Manager at Raz-Lee Security.
Email Shari at marketing@razlee.com

Raz-Lee Security has received IBM Power Systems Software Status, and has also reaffirmed its IBM Advanced Business Partner Status. These emblems reflect the close relationship between Raz-Lee and IBM.

According to IBM, “Advanced level Business Partners have committed to maintaining a prosperous business relationship with IBM and are recognized and rewarded for that commitment”. This status is awarded when a business partner displays qualified skills, revenue achievements, or demonstrated that their IBM-based solutions have been successfully implemented at a customer site through a customer experience. IBM provides Advanced Business Partners with an enhanced level of benefits to in marketing, sales support, technical enablement and skill development.

Ready for IBM Power Systems Software validation enables business partners to demonstrate and validate the integration between their solutions and the IBM Power Systems Software portfolio.

“We are proud to elevate our relationship with IBM to a new and higher level,” said Shmuel Zailer, CEO, Raz-Lee Security. “After the many years of our working together with IBM and implementing advanced security technology all over the world, we have been rewarded with the new status. I’m confident that the additional advantages and support we receive from IBM will help accelerate the distribution of our solutions worldwide”.

Written by Shari Masafy, MarCom Manager at Raz-Lee
Email Shari Masafy at marketing@razlee.com

Raz-Lee, Expert System i Security Solution Provider, Adds nuBridges Protect™ Software to Product Portfolio to Help Organizations in Israel Comply with Data Security Mandates

Raz-Lee Security, a leading supplier of information security solutions, announced today that it has partnered with nuBridges,  the secure eBusiness authority. Under the terms of the agreement, Raz-Lee Security will sell nuBridges Protect™, an award-winning encryption, tokenization and key management solution, to customers in Israel – the first encryption and tokenization solution to be sold in this country.

“With over 20 years of security focus and its strong IBM partnership, Raz-Lee has achieved an outstanding level of expertise and has become a leading security solution provider worldwide,” said Kim Addington, nuBridges Chief Marketing Officer. “We’re looking forward to working with Raz-Lee in Israel to help organizations achieve optimal data security and more easily comply with data security mandates and privacy laws.”

Designed for enterprises that need to protect payment card numbers as well as volumes of personally identifiable information (PII) from theft, nuBridges Protect reduces complexity and simplifies compliance management. It protects sensitive data at rest in database fields, files, applications and associated backup storage to help companies comply with mandates like the Payment Card Industry’s Data Security Standard (PCI DSS) and government privacy acts. Proven in production use for business-critical operations, nuBridges Protect is protecting millions of credit card numbers for some of the most prominent brands in the world.

nuBridges Protect is a multi-platform solution supporting Windows, Unix, IBM i and Mainframe, and offers full-lifecycle, PCI DSS-compliant encryption key management plus the latest in data security models, tokenization. One major advantage of using the tokenization module of nuBridges Protect is that it can remove applications and databases from the scope of PCI DSS audits, yielding significant cost, complexity and time savings.

nuBridges Protect’s superiority was acknowledged by Info Security Products Guide, which proclaimed it the Winner of 2009 Global Excellence in Compliance Solution Award.

nuBridges Protect will complement Raz-Lee’s iSecurity, which is a comprehensive, user-friendly security solution for iSeries (System i or AS/400) environments. iSecurity addresses insider threats, external security risks, and the need to monitor business-critical application data. iSecurity enables enterprises to comply with the requirements of the PCI, Sarbanes-Oxley, and HIPAA security regulations, as well as COBIT implementation guidelines. It includes over 15 individual products, securing companies’ iSeries infrastructure, as well as their business-critical databases.

“We’ve built an international business on providing a breadth of security solutions for enterprise IT and we’re excited to be able provide our customers with an award-winning solution—nuBridges Protect,” said Shmuel Zailer, CEO for Raz-Lee Security. “With nuBridges Protect, our customers will enjoy the benefits of an all-inclusive PCI-DSS compliance solution, complete with encryption and tokenization.”

Eli Spitz
VP Business Development
Raz-Lee Security Inc.
Tel: 1-888-729-5334
E-mail: eli.spitz@razlee.com
Website: www.razlee.com

Kathy Cabrera
Carabiner Communications
1-678-644-4122
kcabrera@carabinerpr.com

Check out iSecurity Compliance Evaluator in IBM Systems Magazine, IBM i Issue.

Click here to view article.

Mehuhedet, one of Israel’s major health funds, has selected our very own iSecurity solution for protecting its System i environment. Meuhedet’s iSecurity implementation includes Firewall, a solution supplying complete protection from infiltrations and unauthorized access, covering all relevant protocols. It also includes an IDS (Intrusion Detection System generating real time alerts) and Screen, a solution for protection of unattended workstations.

And how do they use it? First and foremost, for monitoring internal and external access to the server, blocking unauthorized users and checking problems with the entry attempts of users who have proper permissions. iSecurity also enables monitoring the entries into the system and watching the data on each entry through a user-friendly log.

What does the customer have to say about iSecurity? “iSecurity gets the job done,” said Itsik Rejiniano, a System Programmer at Meuhedet Health Fund. “It provides total protection for the server, but on the other hand, offers the user easy and effective management capabilities.”

For more information visit our site www.razlee.com

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

Before selecting a System i Security solution, you must first determine the best security approach for your needs. Some systems offer an Object-level security approach, while others have a Transaction-based approach. What does this difference really mean?

Essentially, Object-level security enables you to define a “white list” of the objects (such as files) which can be accessed by all or specific users; such an approach enables specifying the exact access type (Read, Write, Update,…) for each object as well.

Transaction-based security, however, does not have this capability. Instead, this approach uses a mechanism called Memorized Transactions. With this mechanism, certain transactions are kept in a separate area (not in the log), and analyzed to check if the a pattern or particular template can be used as a security rule, or as the structural basis for allowing or disallowing access to objects. Naturally, pattern recognition is a CPU intensive task which can negatively affect process time for each transaction.

Our flagship product, iSecurity, uses Object-level security together with an intuitive algorithm in which more specific rules are analyzed before generic ones are referenced. Using this algorithm, iSecurity requires only one successful I/O with minimal CPU to find the exact rule.

The advantages of Object-level security are:

Better Performance
Object-level security is far superior in the area of performance. With Transaction-based security, the greater the number of memorized transactions, the larger the number of comparisons needed for each incoming TCP transaction (FTP, SQL, etc.). And more applications in use means more transactions generated, more rules that need to be defined, and more transactions that need to be memorized.

Less Security Exposures
Unlike Object-based security, Transaction-based security compares transactions character by character, which means that unimportant differences between transactions may render important security rules useless.

Installation & Maintenance Issues
With Transaction-based security, the administrator needs to carefully review each transaction, determine which transactions require rules, and memorize those transaction definitions. The above procedure is time consuming and, more importantly, extremely error prone. Errors in defining the rules can easily lead to actual security breaches and serious monetary and reputation losses to your company.

Written by Eli Spitz, VP Business Development, Raz-Lee Security
Email Eli Spitz at marketing@razlee.com