Disgruntled employees, recently fired or not given raises can do the biggest damage to the company. They know the organization from the inside and know exactly were the sensitive information is stored.
A case like that happened in Vodafone who has fired several staff in NSW for breaking into databases to steal customer information.
Read more here: http://www.smh.com.au/technology/security/vodafone-sacks-staff-over-database-breaches-20110114-19q0y.html
Following System i Network’s recent focuson Raz-Lee’s YouTube channel, iSecurity’s acceptance into IBM Italy’s Smart Business Program and MCPress Online’s article on Visualizer, IBM Systems Magazine’s January 2011 Product News features our Visualizer Business Intelligence product which assists companies worldwide to analyze and pinpoint security and management issues in a user-friendly, slice-and-dice GUI.
Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400), has enhanced its iSecurity Visualizer with revolutionary Business Intelligence capabilities which will help companies analyze and pinpoint security and management issues based upon all security and management-related queries which can be executed from the iSecurity GUI.
For the past three years, Raz-Lee has offered its customers an advanced, Eclipse-based Business Intelligence solution called Visualizer for easily analyzing network access and QAUDJRN activity in a friendly graphic user interface environment. This solution enabled users to instantaneously find the “needle in the haystack” in order to investigate potential security breaches whether originating from the network or transpiring on the IBM i itself.
With the addition of the new capabilities, Visualizer now analyzes:
• Firewall log files
• Audit log files
• AP-Journal application data
• Output of Firewall queries
• Output of Audit queries including User Profile-related queries
• Output of queries which have been run and stored on disk (Database Reports)
Of special interest, the ability to analyze User Profile based queries via Visualizer adds an essential dimension to the challenge of defining, synchronizing and managing User Profile information, especially in multiple partition environments.
In addition, Visualizer now has “Drill To” capabilities for easily defining or changing security rules based upon specific network access or QAUDJRN events, as well as for dynamically displaying a table view of BI-filtered data, enabling export to Excel, PDF, CSV and HTML files.
Raz-Lee Security sees this functional expansion of Visualizer as a major step forward in helping customers obtain real benefit from iSecurity as well as in differentiating iSecurity from ALL competitors.
“Anyone reading the professional trade press over the past year or so has undoubtedly been impressed by the ever increasing number of articles centering on the potential benefits to companies attained by using Business Intelligence technologies,” said Eli Spitz, VP Business Development, Raz-Lee Security. “Our revolutionary Visualizer BI product responds to this trend and gives our customers the cutting edge technology they deserve.”
Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400), has enhanced iSecurity AP-Journal with an Eclipse-based GUI environment. This makes Application Security easier than ever to implement and use.
AP-Journal keeps managers closely informed of all changes in their valuable information assets and streamlines IBM i journaling procedures. AP-Journal’s standard features include:
The new GUI support in AP-Journal includes:
“Our AP-Journal product has proved to be an ongoing success, and has been selling successfully worldwide for several years,” said Eli Spitz, VP Business Development, Raz-Lee Security. “In fact, AP-Journal’s success was instrumental in bringing about the recent press focus on IBM i Application Security, in addition to “traditional” infrastructure security aspects like network access, QAUDJRN monitoring and reporting, and user profile auditing”.
Cont.
AP-Journal had a significant impact at Toyota Boshoku America which attained JSOX compliance by providing reports on changes in application files. Another especially interesting implementation of AP-Journal was at Promedico which included
Accelerating the supply process
iSecurity™ is now available on the IBM Smart Market applications portal, and is integrated into the IBM Smart Cube, a Power i server preloaded with all required applications to best serve customer needs.
Raz-Lee Security, a leading supplier of information security & compliance solutions for the IBM Power i, announced that it has been included in the IBM Smart Business Program, the business program launched in Italy for Power i and based on a concept of an integrated solution, easy to find, install, manage and support. This certification is a significant official milestone in terms of Raz-Lee’s cooperation with IBM in the Italian market. Raz-Lee’s iSecurity packs are the only 3rd-party compliance & data security solutions listed on the IBM Smart Business portal. With iSecurity, Raz-Lee succeeds in covering all customer business needs in the areas of Security and Data Protection, providing help and support for the IT Dept for better management of system and applications.
“By installing our iSecurity™ software solutions, IBM Power i customers instantaneously receive an important advantage over hardware platforms competing with IBM Power i – they immediately become compliant with the most important local and international security regulations,” said Nicola Fusco, Southern Europe Area Manager, Raz-Lee Security. “The IBM i Smart Business program’s integration of software and services creates a solution that is much more convenient for the customer, without having to search for separate solutions, pay for them and then spend hours on integrating them. Instead, the customer just plugs in and activates an already-secured and configured Smart Cube in a quarter of the time normally required to get business applications up and running”.
Below are the iSecurity packs listed in IBM Smart Business Portal:
Logs & User Control Package – the basic iSecurity™ package for System Administrators, which provides data security and compliance with the Italian regulation concerning System Administrators activities with reports generation, allowing the export of SYSLOG.
System Administrator Package – the complete solution for meeting the requirements of system administrators regulation and company regulation for protecting corporate data, providing optimized centralized control of assets in cases of infrastructure “multi-system”.
Power i Resources Management Package – this package covers company security needs, including modules that control and manage the system (resources, accounting users, rehabilitation activities) which usually involves the direct activity of the technical staff. It also represents an always-available automatic operator, which, by setting rules and controls, provides for corrective actions and/or warning also by integrating messaging services (email, fax, sms).
Power i Applications Package – contains modules that provide services to facilitate and accelerate activities related to user applications: delivery time, rollout and testing of new applications, user accounts, displaying changes in fields without changing the code of the applications, and monitoring data changes in certain fields with real-time notification of administrators.
Herzliya, Israel – July 5, 2010 – Raz-Lee Security, a leading supplier of information security & compliance solutions for the IBM Power i, announced a new release of iSecurity and Scope products. This major release of iSecurity and Scope products is especially significant as it harnesses Raz-Lee’s unique technological capabilities to cover market needs and customer requests. In addition, all Raz-Lee products support IBM’s new release, 7.1.
In particular, Raz-Lee’s unique support in FileScope and CodeScope for Unicode will enable companies to easily support multi-language applications and universal source code.
The new and powerful features added to the iSecurity products in this release include:
“We are proud to announce this feature-rich new release,” said Shmuel Zailer, Raz-Lee Security. “With hot new features such as Unicode, Twitter, Syslog, SNMP and Smart Wizards, we are well-equipped to meet the current and future needs of our customers.”
By implementing iSecurity’s Firewall, Audit and AP-Journal modules, Toyota Boshoku America has been
able to easily monitor exit points, prevent unauthorized access, automate report generation to meet
audit requirements as well as monitor access down to the record level, which are all critical to their
requirements for complying with J – SOX.
Raz-Lee Security drew quite a crowd around its new security enhancements at COMMON 2010, in Orlando, Florida. This year’s COMMON was attended by over 1200 people, the vast majority being Power i decision-makers focused on implementing the latest and most efficient new Power i technologies, in particular for security and compliance.
Numerous visitors flocked to Raz-Lee’s booth to learn about its innovations, and group sessions were held in order to provide information to all interested parties. Attendees were well-aware of industry regulations and auditor’s requirements, and were eager to select the right products to ensure compliance with regulations, especially products which could provide “out-of-the-box” PCI, SOX, HIPAA, etc. compliance templates and “ready-to-run” reports.
The Press also took notice of Raz-Lee’s success at COMMON, as seen in the following links:
IT Jungle: Raz-Lee Gets the Twitter Bug
System i Network: At COMMON 2010, Raz-Lee Security Says IBM i Getting Younger
System i Network: In Honor of COMMON’s 50th, Raz-Lee Offers Advanced File Editor with Full Unicode—Free to IBM i Community
MCPressonline: Raz-Lee Freely Celebrates COMMON 50
IBMSystemsMagazine: Raz-Lee Security Releases i Twitter Solution, Other Enhancements
Among the products which were of particular interest to visitors and the Press were:
• Native Object Security – enables system administrators to easily define target security levels per object and object type, and to check for inconsistencies between actual and planned object security settings. The product also enables using generic object names, and includes full reporting features. Also, a new artificial intelligence-based wizard builds an optimal set of security rules for a group of objects, based on analysis of the current security settings of the objects in a directory.
• User Profile & System Value Replication – synchronizes user profile definitions, user passwords and system values between different systems and LPARs, allowing for exceptions as needed in Production, Test or Development systems. Synchronization is accomplished with minimum overhead to both the actual systems and the personnel mandated with managing user profile information. The product also replicates system value definitions between systems, using “optimal” system values defined in Compliance Evaluator and “baseline” site-defined values.
• Compliance Evaluator – enables managers a quick, comprehensive view of the compliance scores for all systems in the enterprise and provides detailed compliance-related reports with various levels of detail.
• Syslog/SNMP/Twitter Support – sends security alerts instantaneously to relevant SIEM systems or users through www.twitter.com. These message alerts include detailed event information and alerts on application data changes, deletes or reads, emergency changes in user authorities, IFS viruses detected, malicious access to the Power i , and much more.
• FileScope – FREE SOX and PCI compliant file editor with full Unicode (UTF-16, UCS-2) support and full activity tracing via Syslog, SNMP, Twitter, MSGQ, SMS and e-mail.
“We were flattered by the outstanding level of interest and attention our products generated at COMMON this year,” said Shmuel Zailer, CEO, Raz-Lee Security. “Customers know they can turn to Raz-Lee to achieve the level of compliance they need, as well as to continuously monitor all Power i infrastructure and application security events in their enterprise.”
Written by Shari Masafy
Email Shari at sharim@razlee.com
Customer:
Mr. Didier Brisbois
Technical manager IT of IFAC
Hôspital Sainte Thérèse
My goal was to find a tool for DB2 databases which would provide me with:
• Full and robust reporting capabilities
• An easy to learn and easy to use product
• The ability to create special-purpose ViewPoints (file-specific pre-defined scripts) which can be used by unsophisticated users
• Batch processing capabilities in order not to tie-up the user’s session
• Minimal interference with AS/400 performance
Following is the list of benefits we have achieved using FileScope/Platinum:
• Quick and Easy
• Ability to perform batch processing
• Integration of FileScope into application menus
• Speed of the software, with many more options than Query
• Ability to make mass updates
• Journaling facilities to view temporary changes to a file by any user and also to monitor deleted records. (Note: These monitoring, tracking and reporting capabilities are especially important for companies which need to be HIPAA, SOX, PCI, etc. compliant.)
• Interactively viewing and editing file contents quickly and easily
• Product uses DB2-specific concepts (such as members, logical files, etc.) which is unique among products which support ODBC
• Short learning curve for most user’s queries
About FileScope
FileScope is recognized by Power i professionals as the leading Power i product in the area of data manipulation. FileScope provides unprecedented file editing capabilities, while adhering to the highest standards of quality, reliability and performance.
Features
• Cross-product Unicode UTF-16, UCS-2 support enables viewing SAP, JDE, MOVEX, BPCS, etc. files.
• Single e-mail contains all session changes
• Export to XML-format files
• Security, SOX and PCI support
• Full-Screen editor
• Save file-specific pre-defined scripts
• Field calculations
• Report generator
• Batch processing facility
• Multiple file management
• File scan and subset
• Special printing capabilities
• Log file changes
Written by Shari Masafy
Email Shari Masafy at sharim@razlee.com
Raz-Lee Security, a major vendor of security solutions for IBM Power i computers, has developed a comprehensive solution for Multi-System/Multi-LPAR environments, in response to the trends to “downsize” and consolidate servers.
As the number of special-purpose systems and LPARs at enterprises worldwide grows, it is critical that user profile definitions including passwords as well as system values are synchronized between the different Power i systems, allowing for exceptions as needed in Production, Test or Development environments. Naturally, synchronization must entail minimum overhead to both systems and the personnel mandated with managing user profile information.
Raz-Lee has identified this trend and consequently tailored a full security solution for multi-system/multi-LPAR environments. The solution, integrated in the iSecurity product suite, includes:
“In order to uphold our status as a top-notch Power i security provider, we make it our business to identify relevant market trends and provide our customers with the exact solutions they are looking for,” said Eli Spitz, VP Business Development, Raz-Lee Security. “No other company has our abundance of features for Multi-System/Multi-LPAR environments, which is yet another unique feature for our iSecurity solution.”