Raz-Lee’s YouTube Channel: More than 5,000 Views!

Have you recently accessed our 25 YouTube videos? With a total of more than 5,000 views, our videos are just what the Facebook-Twitter-LinkedIn-WhatsApp generation wants in order to become quickly acquainted with our security, auditing and compliance solutions.

We’ve got loads of interesting “How-To”  and “Tips and Tricks” videos which solve real day-to-day issues. Most of our videos are based upon our GUI which covers 100% of the green-screen solutions, as well as on our Visualizer Business Intelligence solution.

Visualizer is a great “slice-and-dice” tool which uses our proprietary IBM i security data warehouse to enable you to quickly analyze many millions (and tens and hundreds of millions) of system journal (QAUDJRN) records and network access events. Investigating suspicious security-related events to find the “needle-in-the-haystack” takes seconds using Visualizer!

We highly recommend you access Raz-Lee’s YouTube Channel today!

Contact marketing@razlee.com for more details.

 

Field & PGP Encryption Article in IT Jungle

Raz-Lee Security’s NEW Field and PGP Encryption product (see http://www.razlee.com/products/security/encryption_tokenization_o.php ) is already being used successfully at companies worldwide.

The latest (good!) news is that Alex Woodie of IT Jungle interviewed Raz-Lee’s CEO/CTO, Shmuel Zailer, at the COMMON US conference in May in New Orleans.

We recommend you read Alex’s great write-up of the interview at http://www.itjungle.com/tfh/tfh072016-story03.html .

Contact marketing@razlee.com for more details.

Case Study: Mortgage Bank realizes competitive advantage using AP-Journal

Most of us have taken out a home mortgage at least once and those who have, know that it’s impossible to keep track, over the 20 or 25 year lifespan of the mortgage, of all the changes made to the mortgage!

A leading mortgage bank used Raz-Lee Security’s AP-Journal product for application auditing and security, to position themselves as unique among their competitors by periodically providing customers with a “Mortgage Timeline Report”. This report concisely lists all changes made to the customer’s mortgage since its beginning, leading customers to much better understand their mortgage life-cycle.

The mortgage bank also uses AP-Journal together with HP’s ArcSight SIEM product to provide what their auditor’s say is a “built-proof” auditing solution for all database activities taking place on their IBM i. Using this functionality, the bank was able to cancel maintenance for the IBM i component of a competitive product.

Contact marketing@razlee.com for more details.

Verizon Business Report: Most Organizations Slipping out of PCI Compliance Within One Year

Interesting reading: This report states that out of 100 organizations which were certified as PCI compliant in 2010, 75 are no longer compliant in 2011!

To me this means that software such as Raz-Lee’s Compliance Evaluator needs to be used on an ongoing basis in order ensure compliance over time.

Also interesting are the “basic requirements” of PCI Compliance listed in the report, including many supported by Raz-Lee’s other products; these include using firewalls and antivirus, implementing strong passwords and access control, protecting the database, tracking all activity, etc.

In summation, compliance needs to be an “everyday, ongoing process” and organizations need “continuous adherence” to the standard.

Recommended!

PCI Compliance Anyone?

Face-to-face meetings with customers often lead to “real-world” enhancement requests which we at Raz-Lee take seriously…

At recent meetings in the Midwest, we were asked to enhance our iSecurity Firewall product to allow network access to PCI business critical files from ONLY certain IPs addresses.

Our initial intent was to restrict access to these files based upon whether or not specific users are allowed to access such files. That is, if the user tries to access the file from a specific IP address or address-range, their identity will be checked using the definitions of an alternative user.

After discussing this solution with a select group of Firewall customers, we decided to implement a more streamlined, less error-prone solution using Firewall’s Object Security features, to define Location Groups for each file or set of generic files. A Location Group is defined as a set of IP addresses or address-ranges and/or generic device names, from which access to these sensitive files will be either allowed or rejected.

Defining access rights using Files rather than Users greatly simplifies the solution and will serve as the basis for future related improvements based upon PCI auditor’s ongoing requests, which, as always, we intend to implement!

For purposes of monitoring actual access to these sensitive files, which PCI auditors will obviously require/demand, we provide iSecurity Audit, which is based upon the QAUDJRN and uses ZC and ZR audit types. Using iSecurity’s unique Group/Item filter feature, the user can easily define the relevant items which must (or should not- NITEM) appear in the specified Group.