Herzliya, Israel – March 25, 2010 – Raz-Lee Security will demonstrate its advanced Power i security solutions at Common 2010, Booth 610, on May 3-6 at the Hilton Orlando in Orlando, Florida.

COMMON is the annual meeting of the COMMON membership and the largest gathering of the Power Systems user community. COMMON 2010 will mark a significant milestone of 50 years – a true testament to the strength and vibrancy of this professional user community.

The Annual Meeting is COMMON’s largest educational event of the year, with four full days of in-depth IBM i and AIX education that includes all-day pre-conference workshops, all-day Integrated Seminars, open labs and a wide variety of regular-length sessions.

The conference’s Opening Session will demonstrate an unprecedented level of support and recognition of COMMON by IBM, with a special message from Sam Palmisano, IBM’s Chairman of the Board, President and Chief Executive Officer, as well as a keynote address by Mark Shearer, VP, Marketing, Communications and Sales Support, IBM Systems and Technology Group.  

Raz-Lee Security will take the opportunity to display, among other products and capabilities:

• Native Object Security – enables system administrators to easily define target security levels per object and object type, and to check for inconsistencies between actual and planned object security settings. The product also enables using generic object names, and includes full reporting features.
• User Profile & System Value Replication - synchronizes user profile definitions, user passwords and system values between different systems and LPARs, allowing for exceptions as needed in Production, Test or Development systems. Synchronization is accomplished with minimum overhead to both the actual systems and the personnel mandated with managing user profile information. The product also replicates system value definitions between systems, using “optimal” system values defined in Compliance Evaluator and “baseline” site-defined values.
• Compliance Evaluator – enables managers a quick, comprehensive view of the compliance scores for all systems in the enterprise and provides detailed compliance-related reports with various levels of detail.

 ”The 50^th anniversary of COMMON and IBM’s ever-increasing participation at COMMON both attest to the solid position of the Power i in today’s enterprises,” said Shmuel Zailer, CEO, Raz-Lee Security. “As renowned Power i experts and enthusiastic supporters of iManifest (the international initiative promoting the Power i), we are delighted to witness this development and are confident that it will lift this unique platform to new heights.”

Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400) together with its North American business partner, Software Engineering of America, participated in the IBM i Essentials Virtual Conference held on March 9-10th.

This unique online event included top-notch educational webcasts live from industry experts, exhibitor booths staffed with live team members holding online chats, and networking with industry peers. As many as 16 webcasts will be held, by Jeff Uehling from IBM, Mike Pavlak from Zend and others, covering all the information required for keeping up-to-date in the IBM i world. The show was attended by many prominent players in the AS/400 security market.

At the show, Raz-Lee and SEA showcased the iSecurity Compliance Evaluator solution, which enables managers to quickly check the compliance of their systems with industry and corporate policies using customizable user-friendly reports. In addition, Application Security, Authority on Demand, Native Object Security and User & System Value Replication solutions will be spotlighted.

“This virtual show extends the reach of a traditional conference, providing us with globe-spanning opportunities to show off our advanced technology,” said Eli Spitz, VP Business Development, Raz-Lee Security. “I am confident that in such a venue, our advanced Power i security solutions will generate far-ranging awareness.”

Raz-Lee Security, a leading supplier of information security solutions for IBM System i Servers, announced that AIG-Israel, a leading Direct Insurance company affiliated with the AIG group, has selected an information security solution from Raz-Lee Security for the protection of AIG’s server infrastructure.

AIG-Israel attaches high importance to the protection of its System i (IBM-AS/400) servers, as they are the central servers of the organization. The insurance company chose iSecurity based on their previous experience with Raz-Lee Security’s products, and following the recommendation of independent professional advisors.

The iSecurity system selected by AIG-Israel provides a comprehensive security solution for preventing breaches and potential damage to the organization’s activities. iSecurity enables AIG to block break-in attempts from external sources, to receive detailed reports on employee activities (including actual screen captures of user activity), and to control user’s rights to view data. In addition, the system continuously informs relevant staff regarding changes in the business-critical databases of the company, using real-time alerts and timeline reports displaying all changes relating to any subject. These reports can integrate information from all the company’s systems (financial, purchase and manufacturing).

“iSecurity significantly simplifies the protection of our centralized computer systems, especially in the TCP/IP environment,” said Mr. Etzion Yatsiv, VP and Chief Information Officer, AIG-Israel. “Considering all the flexible option it offers, iSecurity is extremely easy to use”, added Mr. Yatsiv.

“We are proud to cooperate with a large international insurance company such as AIG,” said Eli Spitz, VP Business Development, Raz-Lee Security. “iSecurity was designed to supply the numerous insurance companies within our clientele with the rock-solid protection they need, as well as with advanced monitoring capabilities, which enable their business operations to be conducted properly and safely”, added Mr. Spitz.

About AIG
AIG-Israel is one of Israel’s leading insurance companies, operating since 1997 under the joint ownership of Aurec and the AIG group. The company is licensed for general and life insurance activities. AIG Israel offers personal insurance (auto, home health), commercial insurance (including property, employer’s liability, professional and director’s liability), and life insurance. For more information visit http://www.aig.co.il.

About Raz-Lee Security Inc.
Raz-Lee Security, headquartered in Nanuet, New York, is the leading security solution provider for IBM’s System i (AS/400) computers. Drawing upon its 25 years of expertise in the System i Performance and Optimization market, the company designs, develops and markets a comprehensive suite of advanced security software solutions – iSecurity.

For more information please contact:

Eli Spitz
VP Business Development
Raz-Lee Security
Tel: 1-888-729-5334
Email: eli.spitz@razlee.com
Website: www.razlee.com

We’re back from Common, the annual “meeting of the minds” for Power i experts, and would like to share our impressions.

One obvious aspect was the mark of the recession – fewer people, but a lot more professionals. Only the real Power i experts attended – which was actually good in a way, since we held more to-the-point discussions with people about essential issues.

We had an enlightening meeting with leading IBM executives (at 06:45 AM… and totally jetlagged), at which Power i was hailed as one of the more successful IBM platforms.

In this meeting, we had a fascinating discussion about the future directions of Power i. I offered my own vision: the creation of an integrated GUI, however basic, to be used by Power i staff.

Also in this meeting, IBM executives described their innovative cooperation with the University of Nebraska-Lincoln, Iowa State University, and Wright State University, in which students will be taught core concepts based on IBM’s Power Systems and IBM i infrastructure. This is an admirable venture which could do much to expose IT pros to Power i and promote it. I would even be happy to take part in this project myself, and I hope it expands to other countries.

We had some very productive meetings – including sessions with Jeff Uehling, IBM System i Executive, with our US business partners – SEA and Innovatum, as well as with Linda Harty, System i Network’s Executive Editor, and  Alex Woodie, IT Jungle’s Senior Editor.

There was a lot of interest in our booth and iSecurity product portfolio. Many customers stopped by our booth and described how they use our products. Our new Compliance Evaluator generated a lot of interest, and AP-Journal drew instant enthusiasm. A lot of customers asked about PCI compliance – which is a main concern for our customers.

In addition, I gave a presentation on “Tracking Application Activity via the DB-Journal: the Missing Dimension of Information Systems”, which discussed what DB-Journal offers and what it lacks, and how products like iSecurity AP-Journal cover users’ needs. The presentation was well-attended and sparked some interesting discussions.  Feel free to contact me for more info on this.

Written by Shmuel Zailer, CEO, Raz-Lee Security
Email Shmuel Zailer at marketing@razlee.com

How sufficient is integrated IBM i security?

I recently ran into an interesting quote in System i News Magazine, January 2009:

“Not only is IBM i virus resistant, its object-based architecture provides integrated security based deep into the heart of the system. You don’t need to apply a multitude of security patches – because security is not an afterthought with IBM i”.

I couldn’t agree more. As VP Business Development at Raz-Lee Security, which has focused on software and security products for AS/400/IBM i since 1983, I can testify that security is indeed built into the IBM i to an extent that is unequaled on any other platform.

However, it’s important to emphasize the areas where IBM i only provides the infrastructure for security solutions, leaving it to each company – or to software providers like ourselves – to turn this infrastructure into something manageable and beneficial to CIOs, CSOs, auditors and system administrators.

Certainly the exit point architecture for protecting network access exists in vanilla OS/400; but were it not for a solution such as iSecurity Firewall, most organizations would not have the qualifications or resources to utilize these exit points.

The same goes for QAUDJRN log information; the information may all be there but its esoteric codes are unreadable without a solution such as iSecurity Audit which provides a useable front end to all this extremely valuable information.

OS/400 provides a wealth of password related system values and options; so many in fact, that a solution such as iSecurity Audit, which provides built-in password-related reports, a report generator and scheduler, is an absolute must.

And then there are capabilities that OS/400 simply does not provide; for example, an automatic operator facility (part of iSecurity Action) which can send real-time alerts and execute CL (command language) scripts in the case of a security breach.

And finally we reach the area I’ll call “Application Security”: using OS/400 facilities to secure the company’s business critical data. We’ve actually seen a growing trend over the past 2-3 years of companies’ growing interest in securing applications, as opposed to “infrastructure” (i.e. network access, QAUDJRN ).

iSecurity’s flagship product in the area of “Application Security” is AP-Journal. This product utilizes the information in OS/400 journal receivers, which fill up quickly and become unmanageable, and stores it in special purpose containers. These containers store only updates/fields which were defined by the user as “significant” and are therefore much smaller than journal receivers.

For example, AP-Journal can “trap” changes to application fields which are beyond a user-defined threshold, so that when a change occurs, an e-mail or operator message are sent to notify management. And, because the containers can store years worth of data, AP-Journal can easily provide a timeline report of all changes made to a mortgage over numerous years.

Another capability touching on application security is iSecurity’s ability to “capture” (via iSecurity Capture) user green screen images, store them and play them back at a later date.

In conclusion, while the IBM System i does lay out a groundwork for security, you still need additional, professional applications such as those offered by iSecurity in order to actually exploit the features/information provided by IBM.

Written by Eli Spitz, VP Business Development at Raz-Lee Security.
Email Eli Spitz at marketing@razlee.com