Case Study: Mortgage Bank realizes competitive advantage using AP-Journal

Most of us have taken out a home mortgage at least once and those who have, know that it’s impossible to keep track, over the 20 or 25 year lifespan of the mortgage, of all the changes made to the mortgage!

A leading mortgage bank used Raz-Lee Security’s AP-Journal product for application auditing and security, to position themselves as unique among their competitors by periodically providing customers with a “Mortgage Timeline Report”. This report concisely lists all changes made to the customer’s mortgage since its beginning, leading customers to much better understand their mortgage life-cycle.

The mortgage bank also uses AP-Journal together with HP’s ArcSight SIEM product to provide what their auditor’s say is a “built-proof” auditing solution for all database activities taking place on their IBM i. Using this functionality, the bank was able to cancel maintenance for the IBM i component of a competitive product.

Contact for more details.

Loss of Data Trail = Loss of 5M Euros

broke2Check out this noteworthy real-life security story: a major European high-tech company (we’ll call it Company X) couldn’t trace a certain large sum after it had been transferred between several different systems throughout the company. Unfortunately for Company X, the authorities claimed it was income…

When Company X tried to prove otherwise, they found that the trail of the sum was too complex to trace. They put numerous managers to the task of trying to trace this sum, but no go. It was impossible for the company to prove that the sum was not income.

To make a long story short, Company X had to pay 5 Million Euros! Arggghhh…

What could have given this story a fairytale ending?  A security solution that tracks all changes in application databases, throughout all the company’s systems. A solution that provides clear reports, displaying all changes which occurred over long periods, on a single timeline. This could have been just the proof that Company X needed to rescue it from its tight spot.

Such as solution was actually developed by Raz-Lee Security, and is called AP-Journal. An Application Security and Business Analysis Solution for System i, AP-Journal protects business-critical information, keeping managers closely informed of all changes in their databases using real-time alerts and cross-application reports.
Click to learn more about AP-Journal.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at

Join Us for Some Funny Security Clips

bald4The Hardships of Security
Corporate security can be a hassle… (especially if you don’t have the right security system)
Click here to view clip

Security – Just a Continent Away…

Better check the reliability of your Security Provider!
Click here to view clip


hacker2Greetings from a Hacker
Sound scary? Well, get protected…
Click here to view clip


drawing1Storytime: Repeated Mistakes in Info Security
In Security, each mistake can cost…
Click here to view clip


For information on System i Security, please visit

By Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at

"Everything is OK here, we don't need System i Security"

"We don't need security"

"We don't need security"

I would like to share the story of one of our customers, the Belgium subsidiary of a major bank in Germany.

When we first approached this bank, the managers said they don’t really need System i Security, since “everything is OK” with their system. This is actually a typical response of many companies and organizations, who tend to embrace a “what you don’t see can’t hurt you” policy.

We then proceeded to demonstrate our iSecurity Audit on the bank’s System i. Audit provides monitoring and reporting on all activity in the System i environment, as well as real-time server security auditing and detailed server audit trails. We quickly gathered the bank’s information from the previous two weeks, as provided by the OS400 audit log.

To the bank’s total surprise, within seconds we could see that one of the bank’s users tried to enter a password 15 times, while another user entered his password 21 times! Seems just a little suspicious, doesn’t it?

Not surprisingly, the bank decided to immediately purchase and implement a full iSecurity solution, to control and protect its System i. Now, five years later, with all their reports automated, the bank staff doesn’t even remember that iSecurity is doing the job. It is the result that counts: safety and control.

Written by Shari Masafy, MarCom Manager, Raz-Lee Security
Email Shari Masafy at

Why Invest in Information Security During a Recession?

Piggy Bank Savings Female Half FilledThe recession has been here for quite a while, and each company must rethink and adjust their strategy and expenditures to suit the unstable economy. In most cases,  this means companies will only invest in what they consider essential.

Is information security essential? I think so. Here is why information security becomes even more vital in a time of recession:

  • Time of increased security risks – In a recession, more people are hard-pressed for money and have large debts; more people are unemployed, bored and angry. And don’t forget all those employees you fired last week, who could well be looking for revenge… all these people are potential hackers and embezzlers.
  • NOT a time to expand your losses – In a recession, all companies suffer financially. However, no one can afford to expand losses by losing huge sums to hackers.
  • Time to automate your tasks – In a Down Market, you have to make do with fewer employees. This means you have to be more efficient. Sophisticated security tools, such as iSecurity, can save you lots of time, with wizards, report generators, real-time alerts, and more. 
  • Time to prepare for the upturn – Now, when sales are low, concentrate on preparing your infrastructure for the day after the recession, when you will have to focus on expanding sales and marketing.
  • Time for Musts only – Security is a Must. It is not a nice-to-have new project. It is safeguarding what you already have and treasure most – your business-critical information.

Click here for information on the need for information security.
Click here for information on iSecurity, Raz-Lee’s sophisticated system i security tools
Written by Shari Masafy, Marketing Communications Manager, Raz-Lee Security
Email Shari Masafy at

How Sufficient is IBM i's Integrated Security Infrastructure?

Is integrated IBM i Security Sufficient?

How sufficient is integrated IBM i security?

I recently ran into an interesting quote in System i News Magazine, January 2009:

“Not only is IBM i virus resistant, its object-based architecture provides integrated security based deep into the heart of the system. You don’t need to apply a multitude of security patches – because security is not an afterthought with IBM i”.

I couldn’t agree more. As VP Business Development at Raz-Lee Security, which has focused on software and security products for AS/400/IBM i since 1983, I can testify that security is indeed built into the IBM i to an extent that is unequaled on any other platform.

However, it’s important to emphasize the areas where IBM i only provides the infrastructure for security solutions, leaving it to each company – or to software providers like ourselves – to turn this infrastructure into something manageable and beneficial to CIOs, CSOs, auditors and system administrators.

Certainly the exit point architecture for protecting network access exists in vanilla OS/400; but were it not for a solution such as iSecurity Firewall, most organizations would not have the qualifications or resources to utilize these exit points.

The same goes for QAUDJRN log information; the information may all be there but its esoteric codes are unreadable without a solution such as iSecurity Audit which provides a useable front end to all this extremely valuable information.

OS/400 provides a wealth of password related system values and options; so many in fact, that a solution such as iSecurity Audit, which provides built-in password-related reports, a report generator and scheduler, is an absolute must.

And then there are capabilities that OS/400 simply does not provide; for example, an automatic operator facility (part of iSecurity Action) which can send real-time alerts and execute CL (command language) scripts in the case of a security breach.

And finally we reach the area I’ll call “Application Security”: using OS/400 facilities to secure the company’s business critical data. We’ve actually seen a growing trend over the past 2-3 years of companies’ growing interest in securing applications, as opposed to “infrastructure” (i.e. network access, QAUDJRN ).

iSecurity’s flagship product in the area of “Application Security” is AP-Journal. This product utilizes the information in OS/400 journal receivers, which fill up quickly and become unmanageable, and stores it in special purpose containers. These containers store only updates/fields which were defined by the user as “significant” and are therefore much smaller than journal receivers.

For example, AP-Journal can “trap” changes to application fields which are beyond a user-defined threshold, so that when a change occurs, an e-mail or operator message are sent to notify management. And, because the containers can store years worth of data, AP-Journal can easily provide a timeline report of all changes made to a mortgage over numerous years.

Another capability touching on application security is iSecurity’s ability to “capture” (via iSecurity Capture) user green screen images, store them and play them back at a later date.

In conclusion, while the IBM System i does lay out a groundwork for security, you still need additional, professional applications such as those offered by iSecurity in order to actually exploit the features/information provided by IBM.

Written by Eli Spitz, VP Business Development at Raz-Lee Security.
Email Eli Spitz at