Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400), has enhanced iSecurity AP-Journal with an Eclipse-based GUI environment. This makes Application Security easier than ever to implement and use.

AP-Journal keeps managers closely informed of all changes in their valuable information assets and streamlines IBM i journaling procedures. AP-Journal’s standard features include: 

• Addressing PCI, SOX, HIPAA, etc. requirements for closely monitoring and raising alerts when application data changes
• Long-term storage of sensitive business information, independent of journal receiver lifecycle to adhere to storage limits
• Output as e-mailed CSV, HTML, PDF attachments, Outfile, Print or within GUI
• READ operations selectively added to OS/400 Journal Receivers, complying with PCI requirements for accessing sensitive data
• Timeline & cross-application reports based upon user-defined business items
• Real time Syslog, SNMP and Twitter alerts, in addition to alerts sent as e-mails, SMS messages, operator messages, etc.
• “Mass” uploading of data base update information directly to SIEM systems via Syslog without I/O overhead of writing to disk

The new GUI support in AP-Journal includes:

• Defining applications, including:
  • Journaled files
  • Business items which are common fields appearing in multiple files
  • Filtering rules for long term retention of selected data fields
  • Defining alerts based upon pre-determined field-level thresholds and activities
• Reporting on application changes, including “before” and “after” data images based on:
  • OS/400 journal receivers
  • Special purpose journal containers which contain long term, application-specific information
• Using the unique business intelligence interface, Visualizer, to:
  • View summary data based on any application or journal header field
  • Isolate the desired population instantaneously
  • Accessing the detailed data corresponding to the desired population

“Our AP-Journal product has proved to be an ongoing success, and has been selling successfully worldwide for several years,” said Eli Spitz, VP Business Development, Raz-Lee Security. “In fact, AP-Journal’s success was instrumental in bringing about the recent press focus on IBM i Application Security, in addition to “traditional” infrastructure security aspects like network access, QAUDJRN monitoring and reporting, and user profile auditing”.

Cont.

AP-Journal had a significant impact at Toyota Boshoku America which attained JSOX compliance by providing reports on changes in application files. Another especially interesting implementation of AP-Journal was at Promedico which included

• Preventing undue blockage of customer orders on account of credit limitations
• Checking the validity of updates to pharmaceutical product’s expiration dates

Accelerating the supply process

iSecurity™ is now available on the IBM Smart Market applications portal, and is integrated into the IBM Smart Cube, a Power i server preloaded with all required applications to best serve customer needs.

Raz-Lee Security, a leading supplier of information security & compliance solutions for the IBM Power i, announced that it has been included in the IBM Smart Business Program, the business program launched in Italy for Power i and based on a concept of an integrated solution, easy to find, install, manage and support. This certification is a significant official milestone in terms of Raz-Lee’s cooperation with IBM in the Italian market. Raz-Lee’s iSecurity packs are the only 3rd-party compliance & data security solutions listed on the IBM Smart Business portal. With iSecurity, Raz-Lee succeeds in covering all customer business needs in the areas of Security and Data Protection, providing help and support for the IT Dept for better management of system and applications.

“By installing our iSecurity™ software solutions, IBM Power i customers instantaneously receive an important advantage over hardware platforms competing with IBM Power i – they immediately become compliant with the most important local and international security regulations,” said Nicola Fusco, Southern Europe Area Manager, Raz-Lee Security. “The IBM i Smart Business program’s integration of software and services creates a solution that is much more convenient for the customer, without having to search for separate solutions, pay for them and then spend hours on integrating them. Instead, the customer just plugs in and activates an already-secured and configured Smart Cube in a quarter of the time normally required to get business applications up and running”.

Below are the iSecurity packs listed in IBM Smart Business Portal:

Logs & User Control Package – the basic iSecurity™ package for System Administrators, which provides data security and compliance with the Italian regulation concerning System Administrators activities with reports generation, allowing the export of SYSLOG.

System Administrator Package – the complete solution for meeting the requirements of system administrators regulation and company regulation for protecting corporate data, providing optimized centralized control of assets in cases of infrastructure “multi-system”.

Power i Resources Management Package – this package covers company security needs, including modules that control and manage the system (resources, accounting users, rehabilitation activities) which usually involves the direct activity of the technical staff. It also represents an always-available automatic operator, which, by setting rules and controls, provides for corrective actions and/or warning also by integrating messaging services (email, fax, sms).

Power i Applications Package – contains modules that provide services to facilitate and accelerate activities related to user applications: delivery time, rollout and testing of new applications, user accounts, displaying changes in fields without changing the code of the applications, and monitoring data changes in certain fields with real-time notification of administrators.

By implementing iSecurity’s Firewall, Audit and AP-Journal modules, Toyota Boshoku America has been
able to easily monitor exit points, prevent unauthorized access, automate report generation to meet
audit requirements as well as monitor access down to the record level, which are all critical to their
requirements for complying with J – SOX.

View the full iSecurity-Toyota Bokoshu Case Study

Raz-Lee Security, a major vendor of security solutions for IBM Power i computers, has developed a comprehensive solution for Multi-System/Multi-LPAR environments, in response to the trends to “downsize” and consolidate servers.

As the number of special-purpose systems and LPARs at enterprises worldwide grows, it is critical that user profile definitions including passwords as well as system values are synchronized between the different Power i systems, allowing for exceptions as needed in Production, Test or Development environments. Naturally, synchronization must entail minimum overhead to both systems and the personnel mandated with managing user profile information.

Raz-Lee has identified this trend and consequently tailored a full security solution for multi-system/multi-LPAR environments. The solution, integrated in the iSecurity product suite, includes:

•  Replication – duplicates user profiles including passwords and other user profile definitions, as well as system values, from one system/LPAR to another, and synchronizes all parameters such as user authorities in all systems.
• Compliance Evaluator – compares compliance of different systems/LPARs
• Centralized Reporting – references and collects data from several systems/LPARs and creates reports in “merged” or individual format
• SYSLOG – the ability to interface with all leading SEM (Security Event Management) products is supported by iSecurity
• Central Administration – exports and imports product definitions & logs between different systems

“In order to uphold our status as a top-notch Power i security provider, we make it our business to identify relevant market trends and provide our customers with the exact solutions they are looking for,” said Eli Spitz, VP Business Development, Raz-Lee Security. “No other company has our abundance of features for Multi-System/Multi-LPAR environments, which is yet another unique feature for our iSecurity solution.”

Raz-Lee Security, a major world-wide vendor of security solutions for IBM Power i computers, has enhanced its feature-rich SOX and PCI compliant file editor, FileScope, with full Unicode (UTF-16, UCS-2) support, to comply with the prevalent international standard. Unicode support is totally unique in the Power i data manipulation market and encompasses ALL FileScope facilities including Substring, Scan and Subset functions.

Unicode, a fundamental building block for international e-business, allows data from many different languages to be stored in one repository. Today’s business world demands that IT systems be able to present content and conduct transactions in all major worldwide languages. Unicode enables a single set of application source code to be written to process data in any language. It also makes the addition of new language support to an existing e-business application relatively simple since character processing and storage remains unchanged. This results in lower costs of implementation, faster time to market, and higher customer satisfaction.

FileScope is packaged in both Gold and Platinum versions, both of which support the new Unicode capability. While technologically similar, the Platinum version supports more SOX, PCI, auditing and file journaling capabilities, making it more appropriate for large and mid-sized shops.

As part of the announcement, Raz-Lee will provide, for a limited time, FileScope/Gold with Unicode Support at $0(!) including free maintenance for up to three months.

FileScope’s Unicode support enables viewing SAP, JDE, MOVEX, BPCS, and other files. The following functions are supported for these and similar files:

• Display file contents
• Print file contents
• Update records (single record, full screen, global changes)
• Scan for fields
• Subset records (OPNQRYF) including all Tests such as EQ….LIKE 
• Substring field values
• Undo changes (up to 99 days)

Raz-Lee also offers FileScope Platinum, an upgraded version, which includes (in addition to the Gold Edition features):

• Improved SOX/PCI support
  • SYSLOG/SNMP Messages for SIEM – transmits up to 1000 lines per second.
  • User Activity List Email – including users, times and actions.
• XML support
• Report Generator
• Full Screen Update

 ”A Unicode-supporting file editor is a highly desirable product, unrivaled by any other company, and we’ve already witnessed the demand for it” said Shmuel Zailer, CEO, Raz-Lee Security. “It is a fitting enhancement for our FileScope product, which is already well-stocked with unique features such as Undo, Join and User activity list emails – also unique to Raz-Lee’s technology.”

Raz-Lee Security, a leading global supplier of information security & compliance solutions for the IBM Power i, has released iTweet, a product enabling instant messaging over Twitter for the Power i.

iTweet sends selected messages to relevant users through www.twitter.com. These messages are sent effortlessly and instantaneously to users. These messages include event information, message queues, alerts on changes, deletes or reads, emergency changes in user authorities, IFS viruses detected, field-level changes to data and even VIEW of pre-defined “unreadable” data object deletion.

The tool provides a bi-directional interface between Twitter and the Power i, so that users can reply from Twitter to the Power i, for example when an error/inquiry message appears.

Messages can be received through PCs, cell phones or PDAs. A secure environment can be configured, ensuring that only relevant users can view them.

iTweet is available both as a standalone tool and as a feature integrated into other iSecurity products such as Audit, Authority on Demand, AP-Journal, Anti Virus and more. Security alert support via iTweet is in addition to existing support for alerts in the form of e-mails, MSGQ, SNMP messages, SYSLOG, SMS, etc.

In order to adapt to Twitter’s limitation of up to 100 messages per hour, the iSecurity SYSLOG assigns security levels to each message in order to decide which messages to send.

“Twitter, a highly popular social marketing tool, is mostly used for recreational or marketing purposes. iTweet, however, utilizes its easy and immediate qualities for purely technical and functional purposes. iTweet can be a real help for System Administrators and Power i users, speed up processes and streamline knowledge flow.”

This case study/product review offers the the point of view of Promedico, a large Israeli pharmaceuticals company, on iSecurity AP-Journal - the applications it is used for and how it makes business more efficient.

Click here to view.

Herzliya, Israel – March 25, 2010 – Raz-Lee Security will demonstrate its advanced Power i security solutions at Common 2010, Booth 610, on May 3-6 at the Hilton Orlando in Orlando, Florida.

COMMON is the annual meeting of the COMMON membership and the largest gathering of the Power Systems user community. COMMON 2010 will mark a significant milestone of 50 years – a true testament to the strength and vibrancy of this professional user community.

The Annual Meeting is COMMON’s largest educational event of the year, with four full days of in-depth IBM i and AIX education that includes all-day pre-conference workshops, all-day Integrated Seminars, open labs and a wide variety of regular-length sessions.

The conference’s Opening Session will demonstrate an unprecedented level of support and recognition of COMMON by IBM, with a special message from Sam Palmisano, IBM’s Chairman of the Board, President and Chief Executive Officer, as well as a keynote address by Mark Shearer, VP, Marketing, Communications and Sales Support, IBM Systems and Technology Group.  

Raz-Lee Security will take the opportunity to display, among other products and capabilities:

• Native Object Security – enables system administrators to easily define target security levels per object and object type, and to check for inconsistencies between actual and planned object security settings. The product also enables using generic object names, and includes full reporting features.
• User Profile & System Value Replication - synchronizes user profile definitions, user passwords and system values between different systems and LPARs, allowing for exceptions as needed in Production, Test or Development systems. Synchronization is accomplished with minimum overhead to both the actual systems and the personnel mandated with managing user profile information. The product also replicates system value definitions between systems, using “optimal” system values defined in Compliance Evaluator and “baseline” site-defined values.
• Compliance Evaluator – enables managers a quick, comprehensive view of the compliance scores for all systems in the enterprise and provides detailed compliance-related reports with various levels of detail.

 ”The 50^th anniversary of COMMON and IBM’s ever-increasing participation at COMMON both attest to the solid position of the Power i in today’s enterprises,” said Shmuel Zailer, CEO, Raz-Lee Security. “As renowned Power i experts and enthusiastic supporters of iManifest (the international initiative promoting the Power i), we are delighted to witness this development and are confident that it will lift this unique platform to new heights.”

Here’s an actual case of where iSecurity, Raz-Lee’s Power i Security solution, could have saved a European bank, LGT, a lot headaches, expenses and bad press.

On February 26th, 2008 it was reported that at least eight countries were investigating their citizens for allegedly hiding financial assets at LGT Liechtenstein, an offshore bank.

The investigations were based upon the details of the bank’s clients obtained by the German secret service from a former bank employee. Using these details, German authorities investigated and prosecuted hundreds of people listed in the stolen data. At least one of the people who were investigated committed suicide, others were imprisoned, and still others were forced to leave their job at LGT. Naturally, Germany was able to make many millions of dollars in unpaid tax revenue on these non-reported assets.

On February 8th, 2010, in a decision described as “Awesome” in Business Insider website, a German court ordered the LGT subsidiary to pay more than $10M in damages to a client for failing to inform him that his confidential details had been stolen and handed to authorities, thereby harming his chances of escaping criminal penalties for tax evasion!

The remarkable part of this story is that back in February 2008, Raz-Lee’s Swiss distributor had spoken to this bank about iSecurity and reported the following:

“This bank has iSeries systems, and we spoke with the IT Managers, staff and other managers there. Their response to our presentation of iSecurity’s auditing, security and compliance solutions was something like “We have security, we don’t think we need security, maybe in the future.”

So now, LGT encountered this terrible mess!

Let’s hope that YOUR company installs iSecurity before the worst happens…

For more information click here

Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400) together with its North American business partner, Software Engineering of America, participated in the IBM i Essentials Virtual Conference held on March 9-10th.

This unique online event included top-notch educational webcasts live from industry experts, exhibitor booths staffed with live team members holding online chats, and networking with industry peers. As many as 16 webcasts will be held, by Jeff Uehling from IBM, Mike Pavlak from Zend and others, covering all the information required for keeping up-to-date in the IBM i world. The show was attended by many prominent players in the AS/400 security market.

At the show, Raz-Lee and SEA showcased the iSecurity Compliance Evaluator solution, which enables managers to quickly check the compliance of their systems with industry and corporate policies using customizable user-friendly reports. In addition, Application Security, Authority on Demand, Native Object Security and User & System Value Replication solutions will be spotlighted.

“This virtual show extends the reach of a traditional conference, providing us with globe-spanning opportunities to show off our advanced technology,” said Eli Spitz, VP Business Development, Raz-Lee Security. “I am confident that in such a venue, our advanced Power i security solutions will generate far-ranging awareness.”