Join our select team of experts and discover the lucrative Power i (iSeries/AS/400) market. Distribute Raz-Lee’s advanced security software products around the world.

In addition to marketing and supporting Raz-Lee’s products, our partners provide profitable professional services and projects, such as security software implementation, configuration and assessments, all based around our field-proven products.

We provide our partners with solid support, technical training, regular updates and a wide array of marketing and sales tools.

For more information contact marketing@razlee.com

Here’s an actual case of where iSecurity, Raz-Lee’s Power i Security solution, could have saved a European bank, LGT, a lot headaches, expenses and bad press.

On February 26th, 2008 it was reported that at least eight countries were investigating their citizens for allegedly hiding financial assets at LGT Liechtenstein, an offshore bank.

The investigations were based upon the details of the bank’s clients obtained by the German secret service from a former bank employee. Using these details, German authorities investigated and prosecuted hundreds of people listed in the stolen data. At least one of the people who were investigated committed suicide, others were imprisoned, and still others were forced to leave their job at LGT. Naturally, Germany was able to make many millions of dollars in unpaid tax revenue on these non-reported assets.

On February 8th, 2010, in a decision described as “Awesome” in Business Insider website, a German court ordered the LGT subsidiary to pay more than $10M in damages to a client for failing to inform him that his confidential details had been stolen and handed to authorities, thereby harming his chances of escaping criminal penalties for tax evasion!

The remarkable part of this story is that back in February 2008, Raz-Lee’s Swiss distributor had spoken to this bank about iSecurity and reported the following:

“This bank has iSeries systems, and we spoke with the IT Managers, staff and other managers there. Their response to our presentation of iSecurity’s auditing, security and compliance solutions was something like “We have security, we don’t think we need security, maybe in the future.”

So now, LGT encountered this terrible mess!

Let’s hope that YOUR company installs iSecurity before the worst happens…

For more information click here

Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400) together with its North American business partner, Software Engineering of America, participated in the IBM i Essentials Virtual Conference held on March 9-10th.

This unique online event included top-notch educational webcasts live from industry experts, exhibitor booths staffed with live team members holding online chats, and networking with industry peers. As many as 16 webcasts will be held, by Jeff Uehling from IBM, Mike Pavlak from Zend and others, covering all the information required for keeping up-to-date in the IBM i world. The show was attended by many prominent players in the AS/400 security market.

At the show, Raz-Lee and SEA showcased the iSecurity Compliance Evaluator solution, which enables managers to quickly check the compliance of their systems with industry and corporate policies using customizable user-friendly reports. In addition, Application Security, Authority on Demand, Native Object Security and User & System Value Replication solutions will be spotlighted.

“This virtual show extends the reach of a traditional conference, providing us with globe-spanning opportunities to show off our advanced technology,” said Eli Spitz, VP Business Development, Raz-Lee Security. “I am confident that in such a venue, our advanced Power i security solutions will generate far-ranging awareness.”

Raz-Lee’s iSecurity Anti-Virus product is based upon ClamAV, an open source toolkit. We often enconter questions from customers and distributors alike about its qualities, and about how it compares with commercial Anti-Virus solutions.

 So first – some basic info:

ClamAV is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tools for automatic database updates. The core of the package is an anti-virus engine available as a shared library. For more information click here.  

 ClamAV has won the following awards:

• InfoWorld best of open source in security, September 10th, 2007
• 2006 SourceForge.net Community Choice Awards, April 5th, 2006
• Linux Format Magazine chose ClamAV as the best AV, January 16th, 2006

And most important –  ClamAV is held in high esteem by its users. Some examples of this can be viewed in ClamAV.net forum, where users expressed their appreciation for ClamAV:

On Tue, Nov 24, 2009 at 4:27 PM, Scott Mohnkern mohnkern@gmail.com wrote:

“In our particular environment (a government server farm), we were asked  to deploy the Mcafee virus scanning tools for Linux. After several months of  frustration, we concluded given our particular configuration (A very large Storage Area Network) that McAfee would never meet our needs.

We tested and deployed ClamAV across 63 machines with over 24 terabytes  of  network storage and have found that it fits our needs extremely well. We  don’t do “on the fly” scanning, but do scanning on a cycling basis per   machine, to avoid overtaxing our network”.

 On Fri, Dec 4, 2009 at 4:10 AM, Robin diilbert.atlantis@gmail.com wrote:

 ”…I tested < McAfee CommandLine > Scanner scanning a simple file and it was 10x slower than ClamAV. “ 

On Fri, Dec 4, 2009 at 5:32 AM, Dennis Peterson dennispe@inetnw.com wrote:

 <ClamAV> is so good that TrendMicro thought it worth going to court to stop it.

For more information on iSecurity Anti-Virus please contact marketing@razlee.com

Written by Shari Masafy, MarCom Manager at Raz-Lee Security.
Email Shari at marketing@razlee.com

Raz-Lee Security will be participating in the IBM server Systems Technical Conference, October 19-23 in Mannheim, Germany.

The conference will offer a compelling agenda that includes more than 300 knowledge-packed technical sessions and hands-on training delivered by top IBM developers and experts. It’s designed to provide clients and Business Partners with the most up-to-date information on recent IBM Systems announcements and technologies.

 In the conference, IBM executives, developers and industry experts will reveal the latest innovations, trends and directions relating to IBM Power i, System x, BladeCenter and Storage Systems.

This conference is intended for IBM clients, IBM Business Partners, Independent Software Vendors and System Integrators, and is aimed primarily at technical specialists who perform an implementation role.

 ”As an IBM Advanced Business Partner, and as leading Power i Security experts, we are committed to staying on top of IBM technology and security technology in general – which makes such conferences a must for us,” said Eli Spitz, VP Business Development, Raz-Lee Security. “Of course, we will use this opportunity for strengthening our ties with IBM, current and future business partners, and our worldwide customers”.

For more information click here.

Written by Shari Masafy
Email Shari at marketing@razlee.com

Check out iSecurity Compliance Evaluator in IBM Systems Magazine, IBM i Issue.

Click here to view article.

Delta Galil, a worldwide manufacturer and provider of fashion & basic apparel, has selected iSecurity to protect their System i/AS400  environment.

And here’s what they have to say about iSecurity: “iSecurity offers us a full response to our needs as a public company committed to organized procedures – follow-up on all user access and activity,” said Ashraf Shofani, System i Manager, Delta Galil. “Furthermore, we became acquainted with the system in one day, configured it in a single session, and since then it has run automatically.”

As a public company, Delta Galil (TLV: DELT) is obligated to ensure transparency and close control of its information systems and System i environment. Accordingly, they monitor network access, perform system auditing using Firewall and Audit products, and submit user access reports.

After examining several products on the market, Delta decided on iSecurity solution, due to its ability to produce reports which are fully customized to the company’s requirements. Delta was particularly impressed with iSecurity’s easy deployment and user interface, facilitating the corporate System i security experience.

Delta’s iSecurity solution includes:
- Firewall – secures every type of network access to and from the System i.
- Password – integrates all OS/400 password management capabilities, blocking non-secure passwords.
- Screen – protects unattended terminal screens.
- Audit – reports on user activities and object access in real-time, including multi-system environments.
- Action – invokes corrective and reporting procedures for detected security breaches in other iSecurity modules, and sends emails, SMS and SYSLOG messages.
User Profile Manager – presents comprehensive information on user profiles
AP-Journal Regulation Compliance - reports on changes in application databases.

Using Firewall, the Delta team monitors all access – both internal and external – to the system, and when anyone commits a breach, the System i manager immediately gets an alert. Using Audit, the manager gets reports on the use of specific software on which Delta is obligated to report. The manager is notified whenever someone attempts to access a file or library which is blocked.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

"We don't need security"

I would like to share the story of one of our customers, the Belgium subsidiary of a major bank in Germany.

When we first approached this bank, the managers said they don’t really need System i Security, since “everything is OK” with their system. This is actually a typical response of many companies and organizations, who tend to embrace a “what you don’t see can’t hurt you” policy.

We then proceeded to demonstrate our iSecurity Audit on the bank’s System i. Audit provides monitoring and reporting on all activity in the System i environment, as well as real-time server security auditing and detailed server audit trails. We quickly gathered the bank’s information from the previous two weeks, as provided by the OS400 audit log.

To the bank’s total surprise, within seconds we could see that one of the bank’s users tried to enter a password 15 times, while another user entered his password 21 times! Seems just a little suspicious, doesn’t it?

Not surprisingly, the bank decided to immediately purchase and implement a full iSecurity solution, to control and protect its System i. Now, five years later, with all their reports automated, the bank staff doesn’t even remember that iSecurity is doing the job. It is the result that counts: safety and control.

Written by Shari Masafy, MarCom Manager, Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

How sufficient is integrated IBM i security?

I recently ran into an interesting quote in System i News Magazine, January 2009:

“Not only is IBM i virus resistant, its object-based architecture provides integrated security based deep into the heart of the system. You don’t need to apply a multitude of security patches – because security is not an afterthought with IBM i”.

I couldn’t agree more. As VP Business Development at Raz-Lee Security, which has focused on software and security products for AS/400/IBM i since 1983, I can testify that security is indeed built into the IBM i to an extent that is unequaled on any other platform.

However, it’s important to emphasize the areas where IBM i only provides the infrastructure for security solutions, leaving it to each company – or to software providers like ourselves – to turn this infrastructure into something manageable and beneficial to CIOs, CSOs, auditors and system administrators.

Certainly the exit point architecture for protecting network access exists in vanilla OS/400; but were it not for a solution such as iSecurity Firewall, most organizations would not have the qualifications or resources to utilize these exit points.

The same goes for QAUDJRN log information; the information may all be there but its esoteric codes are unreadable without a solution such as iSecurity Audit which provides a useable front end to all this extremely valuable information.

OS/400 provides a wealth of password related system values and options; so many in fact, that a solution such as iSecurity Audit, which provides built-in password-related reports, a report generator and scheduler, is an absolute must.

And then there are capabilities that OS/400 simply does not provide; for example, an automatic operator facility (part of iSecurity Action) which can send real-time alerts and execute CL (command language) scripts in the case of a security breach.

And finally we reach the area I’ll call “Application Security”: using OS/400 facilities to secure the company’s business critical data. We’ve actually seen a growing trend over the past 2-3 years of companies’ growing interest in securing applications, as opposed to “infrastructure” (i.e. network access, QAUDJRN ).

iSecurity’s flagship product in the area of “Application Security” is AP-Journal. This product utilizes the information in OS/400 journal receivers, which fill up quickly and become unmanageable, and stores it in special purpose containers. These containers store only updates/fields which were defined by the user as “significant” and are therefore much smaller than journal receivers.

For example, AP-Journal can “trap” changes to application fields which are beyond a user-defined threshold, so that when a change occurs, an e-mail or operator message are sent to notify management. And, because the containers can store years worth of data, AP-Journal can easily provide a timeline report of all changes made to a mortgage over numerous years.

Another capability touching on application security is iSecurity’s ability to “capture” (via iSecurity Capture) user green screen images, store them and play them back at a later date.

In conclusion, while the IBM System i does lay out a groundwork for security, you still need additional, professional applications such as those offered by iSecurity in order to actually exploit the features/information provided by IBM.

Written by Eli Spitz, VP Business Development at Raz-Lee Security.
Email Eli Spitz at marketing@razlee.com