iSecurity Now Supports QSH and PASE Logging, Reporting & Alerting

OS/400’s inability to log QSHELL activity left an opening in the overall IBM i auditing process and imposed a serious security risk to an organization. This lack of functionality has become significantly more serious with the ever-increasing use of this environment in IBM i shops. In response, Raz-Lee has developed the unique ability to log QSHELL for QSH and PASE in the IBM i.

Until now, people using native OS/400 could log standard OS/400 commands, but there was no way to log QSHELL commands. Now, companies using iSecurity Audit can run commands – entered during an interactive session as well as when entered as parameters in the QSH and STRQSH commands – that are part of the QSHELL environment to delete and write to files, create directories and more.

Click here to read the full details about iSecurity’s added support for QSH and PASE Logging, Reporting & Alerting

iSecurity Approved for IBM Tivoli Netcool/OMNIbus Certification

IBM has certified Raz-Lee’s iSecurity for integration with their Tivoli Netcool/OMNIbus, part of Tivoli’s Security Operations Manager, to consolidate complex IT and network operation management tasks. The integration with Tivoli’s SIEM capabilities will enable it to receive Syslog real-time alerts from iSecurity and to consolidate security event information from other IBM i servers, and indeed from multiple hardware platforms, into its single console environment.

Click here to read the full details about the new IBM Tivoli Certification

Verizon Business Report: Most Organizations Slipping out of PCI Compliance Within One Year

Interesting reading: This report states that out of 100 organizations which were certified as PCI compliant in 2010, 75 are no longer compliant in 2011!

To me this means that software such as Raz-Lee’s Compliance Evaluator needs to be used on an ongoing basis in order ensure compliance over time.

Also interesting are the “basic requirements” of PCI Compliance listed in the report, including many supported by Raz-Lee’s other products; these include using firewalls and antivirus, implementing strong passwords and access control, protecting the database, tracking all activity, etc.

In summation, compliance needs to be an “everyday, ongoing process” and organizations need “continuous adherence” to the standard.


PCI Compliance Anyone?

Face-to-face meetings with customers often lead to “real-world” enhancement requests which we at Raz-Lee take seriously…

At recent meetings in the Midwest, we were asked to enhance our iSecurity Firewall product to allow network access to PCI business critical files from ONLY certain IPs addresses.

Our initial intent was to restrict access to these files based upon whether or not specific users are allowed to access such files. That is, if the user tries to access the file from a specific IP address or address-range, their identity will be checked using the definitions of an alternative user.

After discussing this solution with a select group of Firewall customers, we decided to implement a more streamlined, less error-prone solution using Firewall’s Object Security features, to define Location Groups for each file or set of generic files. A Location Group is defined as a set of IP addresses or address-ranges and/or generic device names, from which access to these sensitive files will be either allowed or rejected.

Defining access rights using Files rather than Users greatly simplifies the solution and will serve as the basis for future related improvements based upon PCI auditor’s ongoing requests, which, as always, we intend to implement!

For purposes of monitoring actual access to these sensitive files, which PCI auditors will obviously require/demand, we provide iSecurity Audit, which is based upon the QAUDJRN and uses ZC and ZR audit types. Using iSecurity’s unique Group/Item filter feature, the user can easily define the relevant items which must (or should not- NITEM) appear in the specified Group.

Why Insider Threats are so Dangerous and Prevalent

Disgruntled employees, recently fired or not given raises can do the biggest damage to the company. They know the organization from the inside and know exactly were the sensitive information is stored.

A case like that happened in Vodafone who has fired several staff in NSW for breaking into databases to steal customer information.

Read more here:

Visualizer in the News!

Following System i Network’s recent focuson Raz-Lee’s YouTube channel, iSecurity’s acceptance into IBM Italy’s Smart Business Program and MCPress Online’s article on Visualizer, IBM Systems Magazine’s January 2011 Product News features our Visualizer Business Intelligence product which assists companies worldwide to analyze and pinpoint security and management issues in a user-friendly, slice-and-dice GUI.

Revolutionary Business Intelligence Capabilities in Raz-Lee’s iSecurity Visualizer

Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400), has enhanced its iSecurity Visualizer with revolutionary Business Intelligence capabilities which will help companies analyze and pinpoint security and management issues based upon all security and management-related queries which can be executed from the iSecurity GUI.

For the past three years, Raz-Lee has offered its customers an advanced, Eclipse-based Business Intelligence solution called Visualizer for easily analyzing network access and QAUDJRN activity in a friendly graphic user interface environment. This solution enabled users to instantaneously find the “needle in the haystack” in order to investigate potential security breaches whether originating from the network or transpiring on the IBM i itself.

With the addition of the new capabilities, Visualizer now analyzes:

• Firewall log files

• Audit log files

• AP-Journal application data

• Output of Firewall queries

• Output of Audit queries including User Profile-related queries

• Output of queries which have been run and stored on disk (Database Reports)

Of special interest, the ability to analyze User Profile based queries via Visualizer adds an essential dimension to the challenge of defining, synchronizing and managing User Profile information, especially in multiple partition environments.

In addition, Visualizer now has “Drill To” capabilities for easily defining or changing security rules based upon specific network access or QAUDJRN events, as well as for dynamically displaying a table view of BI-filtered data, enabling export to Excel, PDF, CSV and HTML files.

Raz-Lee Security sees this functional expansion of Visualizer as a major step forward in helping customers obtain real benefit from iSecurity as well as in differentiating iSecurity from ALL competitors.

“Anyone reading the professional trade press over the past year or so has undoubtedly been impressed by the ever increasing number of articles centering on the potential benefits to companies attained by using Business Intelligence technologies,” said Eli Spitz, VP Business Development, Raz-Lee Security. “Our revolutionary Visualizer BI product responds to this trend and gives our customers the cutting edge technology they deserve.”

iSecurity AP-Journal Enhanced with Full GUI Support

Raz-Lee Security, a leading supplier of information security solutions for IBM Power i servers (iSeries/AS/400), has enhanced iSecurity AP-Journal with an Eclipse-based GUI environment. This makes Application Security easier than ever to implement and use.

AP-Journal keeps managers closely informed of all changes in their valuable information assets and streamlines IBM i journaling procedures. AP-Journal’s standard features include: 

  • Addressing PCI, SOX, HIPAA, etc. requirements for closely monitoring and raising alerts when application data changes
  • Long-term storage of sensitive business information, independent of journal receiver lifecycle to adhere to storage limits
  • Output as e-mailed CSV, HTML, PDF attachments, Outfile, Print or within GUI
  • READ operations selectively added to OS/400 Journal Receivers, complying with PCI requirements for accessing sensitive data
  • Timeline & cross-application reports based upon user-defined business items
  • Real time Syslog, SNMP and Twitter alerts, in addition to alerts sent as e-mails, SMS messages, operator messages, etc.
  • “Mass” uploading of data base update information directly to SIEM systems via Syslog without I/O overhead of writing to disk

The new GUI support in AP-Journal includes:

  • Defining applications, including:
    • Journaled files
    • Business items which are common fields appearing in multiple files
    • Filtering rules for long term retention of selected data fields
    • Defining alerts based upon pre-determined field-level thresholds and activities
  • Reporting on application changes, including “before” and “after” data images based on:
    • OS/400 journal receivers
    • Special purpose journal containers which contain long term, application-specific information
  • Using the unique business intelligence interface, Visualizer, to:
    • View summary data based on any application or journal header field
    • Isolate the desired population instantaneously
    • Accessing the detailed data corresponding to the desired population

“Our AP-Journal product has proved to be an ongoing success, and has been selling successfully worldwide for several years,” said Eli Spitz, VP Business Development, Raz-Lee Security. “In fact, AP-Journal’s success was instrumental in bringing about the recent press focus on IBM i Application Security, in addition to “traditional” infrastructure security aspects like network access, QAUDJRN monitoring and reporting, and user profile auditing”.








AP-Journal had a significant impact at Toyota Boshoku America which attained JSOX compliance by providing reports on changes in application files. Another especially interesting implementation of AP-Journal was at Promedico which included

  • Preventing undue blockage of customer orders on account of credit limitations
  • Checking the validity of updates to pharmaceutical product’s expiration dates

Accelerating the supply process

Raz-Lee Security Joins IBM Smart Business Program in Italy

iSecurity™ is now available on the IBM Smart Market applications portal, and is integrated into the IBM Smart Cube, a Power i server preloaded with all required applications to best serve customer needs.

Raz-Lee Security, a leading supplier of information security & compliance solutions for the IBM Power i, announced that it has been included in the IBM Smart Business Program, the business program launched in Italy for Power i and based on a concept of an integrated solution, easy to find, install, manage and support. This certification is a significant official milestone in terms of Raz-Lee’s cooperation with IBM in the Italian market. Raz-Lee’s iSecurity packs are the only 3rd-party compliance & data security solutions listed on the IBM Smart Business portal. With iSecurity, Raz-Lee succeeds in covering all customer business needs in the areas of Security and Data Protection, providing help and support for the IT Dept for better management of system and applications.

“By installing our iSecurity™ software solutions, IBM Power i customers instantaneously receive an important advantage over hardware platforms competing with IBM Power i – they immediately become compliant with the most important local and international security regulations,” said Nicola Fusco, Southern Europe Area Manager, Raz-Lee Security. “The IBM i Smart Business program’s integration of software and services creates a solution that is much more convenient for the customer, without having to search for separate solutions, pay for them and then spend hours on integrating them. Instead, the customer just plugs in and activates an already-secured and configured Smart Cube in a quarter of the time normally required to get business applications up and running”.

Below are the iSecurity packs listed in IBM Smart Business Portal:

Logs & User Control Package – the basic iSecurity™ package for System Administrators, which provides data security and compliance with the Italian regulation concerning System Administrators activities with reports generation, allowing the export of SYSLOG.

System Administrator Package – the complete solution for meeting the requirements of system administrators regulation and company regulation for protecting corporate data, providing optimized centralized control of assets in cases of infrastructure “multi-system”.

Power i Resources Management Package – this package covers company security needs, including modules that control and manage the system (resources, accounting users, rehabilitation activities) which usually involves the direct activity of the technical staff. It also represents an always-available automatic operator, which, by setting rules and controls, provides for corrective actions and/or warning also by integrating messaging services (email, fax, sms).

Power i Applications Package – contains modules that provide services to facilitate and accelerate activities related to user applications: delivery time, rollout and testing of new applications, user accounts, displaying changes in fields without changing the code of the applications, and monitoring data changes in certain fields with real-time notification of administrators.