Customer:
Mr. Didier Brisbois
Technical manager IT of IFAC
Hôspital Sainte Thérèse

My goal was to find a tool for DB2 databases which would provide me with:

• Full and robust reporting capabilities

• An easy to learn and easy to use product

• The ability to create special-purpose ViewPoints (file-specific pre-defined scripts) which can be used by unsophisticated users

• Batch processing capabilities in order not to tie-up the user’s session

• Minimal interference with AS/400 performance

Following is the list of benefits we have achieved using FileScope/Platinum:

• Quick and Easy

• Ability to perform batch processing

• Integration of FileScope into application menus

• Speed of the software, with many more options than Query

• Ability to make mass updates

• Journaling facilities to view temporary changes to a file by any user and also to monitor deleted records. (Note: These monitoring, tracking and reporting capabilities are especially important for companies which need to be HIPAA, SOX, PCI, etc. compliant.)

• Interactively viewing and editing file contents quickly and easily

• Product uses DB2-specific concepts (such as members, logical files, etc.) which is unique among products which support ODBC

• Short learning curve for most user’s queries

About FileScope

FileScope is recognized by Power i professionals as the leading Power i product in the area of data manipulation. FileScope provides unprecedented file editing capabilities, while adhering to the highest standards of quality, reliability and performance.

Features

• Cross-product Unicode UTF-16, UCS-2 support enables viewing SAP, JDE, MOVEX, BPCS, etc. files.

• Single e-mail contains all session changes

• Export to XML-format files

• Security, SOX and PCI support

• Full-Screen editor

• Save file-specific pre-defined scripts

• Field calculations

• Report generator

• Batch processing facility

• Multiple file management

• File scan and subset

• Special printing capabilities

• Log file changes

Written by Shari Masafy
Email Shari Masafy at sharim@razlee.com

Join our select team of experts and discover the lucrative Power i (iSeries/AS/400) market. Distribute Raz-Lee’s advanced security software products around the world.

In addition to marketing and supporting Raz-Lee’s products, our partners provide profitable professional services and projects, such as security software implementation, configuration and assessments, all based around our field-proven products.

We provide our partners with solid support, technical training, regular updates and a wide array of marketing and sales tools.

For more information contact marketing@razlee.com

Here’s an actual case of where iSecurity, Raz-Lee’s Power i Security solution, could have saved a European bank, LGT, a lot headaches, expenses and bad press.

On February 26th, 2008 it was reported that at least eight countries were investigating their citizens for allegedly hiding financial assets at LGT Liechtenstein, an offshore bank.

The investigations were based upon the details of the bank’s clients obtained by the German secret service from a former bank employee. Using these details, German authorities investigated and prosecuted hundreds of people listed in the stolen data. At least one of the people who were investigated committed suicide, others were imprisoned, and still others were forced to leave their job at LGT. Naturally, Germany was able to make many millions of dollars in unpaid tax revenue on these non-reported assets.

On February 8th, 2010, in a decision described as “Awesome” in Business Insider website, a German court ordered the LGT subsidiary to pay more than $10M in damages to a client for failing to inform him that his confidential details had been stolen and handed to authorities, thereby harming his chances of escaping criminal penalties for tax evasion!

The remarkable part of this story is that back in February 2008, Raz-Lee’s Swiss distributor had spoken to this bank about iSecurity and reported the following:

“This bank has iSeries systems, and we spoke with the IT Managers, staff and other managers there. Their response to our presentation of iSecurity’s auditing, security and compliance solutions was something like “We have security, we don’t think we need security, maybe in the future.”

So now, LGT encountered this terrible mess!

Let’s hope that YOUR company installs iSecurity before the worst happens…

For more information click here

Raz-Lee Security will be participating in the IBM server Systems Technical Conference, October 19-23 in Mannheim, Germany.

The conference will offer a compelling agenda that includes more than 300 knowledge-packed technical sessions and hands-on training delivered by top IBM developers and experts. It’s designed to provide clients and Business Partners with the most up-to-date information on recent IBM Systems announcements and technologies.

 In the conference, IBM executives, developers and industry experts will reveal the latest innovations, trends and directions relating to IBM Power i, System x, BladeCenter and Storage Systems.

This conference is intended for IBM clients, IBM Business Partners, Independent Software Vendors and System Integrators, and is aimed primarily at technical specialists who perform an implementation role.

 ”As an IBM Advanced Business Partner, and as leading Power i Security experts, we are committed to staying on top of IBM technology and security technology in general – which makes such conferences a must for us,” said Eli Spitz, VP Business Development, Raz-Lee Security. “Of course, we will use this opportunity for strengthening our ties with IBM, current and future business partners, and our worldwide customers”.

For more information click here.

Written by Shari Masafy
Email Shari at marketing@razlee.com

Check out iSecurity Compliance Evaluator in IBM Systems Magazine, IBM i Issue.

Click here to view article.

Raz-Lee Security has launched an innovative educational venture, in order to help Italian enterprises understand and implement the new amendments to the Italian Privacy Code 196/2003, concerning System Administrators’ role in company’s data security.

The new legislation specifies procedures for data protection, including technical and administrative measures which companies are required to implement. It holds IT departments directly responsible for user access and actions relating to companies’ information systems. Obviously, this has significant implications on System i Security as well. The legislation is expected to come into effect on June 30th 2009, after being publicized on 14 January 2009, followed by subsequent delays in its enforcement.

In the framework of the new venture, Raz-Lee has been holding free seminars explaining the requirements of the new legislation and how to implement it on System i. The sessions are conducted by Raz-Lee System i Security experts residing in Italy, who also provide ongoing technical support to Raz-Lee’s Italian customers. The meetings are conducted in intimate forums, with up to seven companies attending, in order to enable effective interactive discussions.

So far, Raz-Lee has held over 30 Round Table meetings across Italy, from Milan and Como to Naples and Sicily. Following the success and enthusiastic feedback from attending companies, Raz-Lee will continue to host such meetings. The meetings are attended by IT staff as well as top management of Italian companies.

The Round Table meetings cover the following topics:

- Security Assessment of System i
- Access monitoring & Control (FTP, ODBC, SQL)
- System auditing
- Centralized Management
- Reporting

“We are glad to be contributing tangible value to Italian enterprises in the area of our expertise, System i Security,” said Nicola Fusco, South Europe Area Manager, Raz-Lee Security. “We have a large, long-standing installed base in Italy, and it has widened further since we began this exceptional tour.”

For more information on Round Table meetings in Italy, email info.southeurope@razlee.com

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

Delta Galil, a worldwide manufacturer and provider of fashion & basic apparel, has selected iSecurity to protect their System i/AS400  environment.

And here’s what they have to say about iSecurity: “iSecurity offers us a full response to our needs as a public company committed to organized procedures – follow-up on all user access and activity,” said Ashraf Shofani, System i Manager, Delta Galil. “Furthermore, we became acquainted with the system in one day, configured it in a single session, and since then it has run automatically.”

As a public company, Delta Galil (TLV: DELT) is obligated to ensure transparency and close control of its information systems and System i environment. Accordingly, they monitor network access, perform system auditing using Firewall and Audit products, and submit user access reports.

After examining several products on the market, Delta decided on iSecurity solution, due to its ability to produce reports which are fully customized to the company’s requirements. Delta was particularly impressed with iSecurity’s easy deployment and user interface, facilitating the corporate System i security experience.

Delta’s iSecurity solution includes:
- Firewall – secures every type of network access to and from the System i.
- Password – integrates all OS/400 password management capabilities, blocking non-secure passwords.
- Screen – protects unattended terminal screens.
- Audit – reports on user activities and object access in real-time, including multi-system environments.
- Action – invokes corrective and reporting procedures for detected security breaches in other iSecurity modules, and sends emails, SMS and SYSLOG messages.
User Profile Manager – presents comprehensive information on user profiles
AP-Journal Regulation Compliance - reports on changes in application databases.

Using Firewall, the Delta team monitors all access – both internal and external – to the system, and when anyone commits a breach, the System i manager immediately gets an alert. Using Audit, the manager gets reports on the use of specific software on which Delta is obligated to report. The manager is notified whenever someone attempts to access a file or library which is blocked.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

Before selecting a System i Security solution, you must first determine the best security approach for your needs. Some systems offer an Object-level security approach, while others have a Transaction-based approach. What does this difference really mean?

Essentially, Object-level security enables you to define a “white list” of the objects (such as files) which can be accessed by all or specific users; such an approach enables specifying the exact access type (Read, Write, Update,…) for each object as well.

Transaction-based security, however, does not have this capability. Instead, this approach uses a mechanism called Memorized Transactions. With this mechanism, certain transactions are kept in a separate area (not in the log), and analyzed to check if the a pattern or particular template can be used as a security rule, or as the structural basis for allowing or disallowing access to objects. Naturally, pattern recognition is a CPU intensive task which can negatively affect process time for each transaction.

Our flagship product, iSecurity, uses Object-level security together with an intuitive algorithm in which more specific rules are analyzed before generic ones are referenced. Using this algorithm, iSecurity requires only one successful I/O with minimal CPU to find the exact rule.

The advantages of Object-level security are:

Better Performance
Object-level security is far superior in the area of performance. With Transaction-based security, the greater the number of memorized transactions, the larger the number of comparisons needed for each incoming TCP transaction (FTP, SQL, etc.). And more applications in use means more transactions generated, more rules that need to be defined, and more transactions that need to be memorized.

Less Security Exposures
Unlike Object-based security, Transaction-based security compares transactions character by character, which means that unimportant differences between transactions may render important security rules useless.

Installation & Maintenance Issues
With Transaction-based security, the administrator needs to carefully review each transaction, determine which transactions require rules, and memorize those transaction definitions. The above procedure is time consuming and, more importantly, extremely error prone. Errors in defining the rules can easily lead to actual security breaches and serious monetary and reputation losses to your company.

Written by Eli Spitz, VP Business Development, Raz-Lee Security
Email Eli Spitz at marketing@razlee.com