Raz-Lee’s YouTube Channel: More than 5,000 Views!

Have you recently accessed our 25 YouTube videos? With a total of more than 5,000 views, our videos are just what the Facebook-Twitter-LinkedIn-WhatsApp generation wants in order to become quickly acquainted with our security, auditing and compliance solutions.

We’ve got loads of interesting “How-To”  and “Tips and Tricks” videos which solve real day-to-day issues. Most of our videos are based upon our GUI which covers 100% of the green-screen solutions, as well as on our Visualizer Business Intelligence solution.

Visualizer is a great “slice-and-dice” tool which uses our proprietary IBM i security data warehouse to enable you to quickly analyze many millions (and tens and hundreds of millions) of system journal (QAUDJRN) records and network access events. Investigating suspicious security-related events to find the “needle-in-the-haystack” takes seconds using Visualizer!

We highly recommend you access Raz-Lee’s YouTube Channel today!

Contact marketing@razlee.com for more details.

 

Join Us for Some Funny Security Clips

bald4The Hardships of Security
Corporate security can be a hassle… (especially if you don’t have the right security system)
Click here to view clip

  indian2
Security – Just a Continent Away…

Better check the reliability of your Security Provider!
Click here to view clip

 

hacker2Greetings from a Hacker
Sound scary? Well, get protected…
Click here to view clip

 

drawing1Storytime: Repeated Mistakes in Info Security
In Security, each mistake can cost…
Click here to view clip

 

For information on System i Security, please visit www.razlee.com

By Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at
marketing@razlee.com

"Everything is OK here, we don't need System i Security"

"We don't need security"

"We don't need security"

I would like to share the story of one of our customers, the Belgium subsidiary of a major bank in Germany.

When we first approached this bank, the managers said they don’t really need System i Security, since “everything is OK” with their system. This is actually a typical response of many companies and organizations, who tend to embrace a “what you don’t see can’t hurt you” policy.

We then proceeded to demonstrate our iSecurity Audit on the bank’s System i. Audit provides monitoring and reporting on all activity in the System i environment, as well as real-time server security auditing and detailed server audit trails. We quickly gathered the bank’s information from the previous two weeks, as provided by the OS400 audit log.

To the bank’s total surprise, within seconds we could see that one of the bank’s users tried to enter a password 15 times, while another user entered his password 21 times! Seems just a little suspicious, doesn’t it?

Not surprisingly, the bank decided to immediately purchase and implement a full iSecurity solution, to control and protect its System i. Now, five years later, with all their reports automated, the bank staff doesn’t even remember that iSecurity is doing the job. It is the result that counts: safety and control.

Written by Shari Masafy, MarCom Manager, Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

Choosing the Right Security Approach: Object-level Security vs. Transaction-based Security

Before selecting a System i Security solution, you must first determine the best security approach for your needs. Some systems offer an Object-level security approach, while others have a Transaction-based approach. What does this difference really mean?

Essentially, Object-level security enables you to define a “white list” of the objects (such as files) which can be accessed by all or specific users; such an approach enables specifying the exact access type (Read, Write, Update,…) for each object as well.

Transaction-based security, however, does not have this capability. Instead, this approach uses a mechanism called Memorized Transactions. With this mechanism, certain transactions are kept in a separate area (not in the log), and analyzed to check if the a pattern or particular template can be used as a security rule, or as the structural basis for allowing or disallowing access to objects. Naturally, pattern recognition is a CPU intensive task which can negatively affect process time for each transaction.

Our flagship product, iSecurity, uses Object-level security together with an intuitive algorithm in which more specific rules are analyzed before generic ones are referenced. Using this algorithm, iSecurity requires only one successful I/O with minimal CPU to find the exact rule.

The advantages of Object-level security are:

Better Performance
Object-level security is far superior in the area of performance. With Transaction-based security, the greater the number of memorized transactions, the larger the number of comparisons needed for each incoming TCP transaction (FTP, SQL, etc.). And more applications in use means more transactions generated, more rules that need to be defined, and more transactions that need to be memorized.

Less Security Exposures
Unlike Object-based security, Transaction-based security compares transactions character by character, which means that unimportant differences between transactions may render important security rules useless.

Installation & Maintenance Issues
With Transaction-based security, the administrator needs to carefully review each transaction, determine which transactions require rules, and memorize those transaction definitions. The above procedure is time consuming and, more importantly, extremely error prone. Errors in defining the rules can easily lead to actual security breaches and serious monetary and reputation losses to your company.

Written by Eli Spitz, VP Business Development, Raz-Lee Security
Email Eli Spitz at
marketing@razlee.com

5 "Must-Have"s for System i IT Managers

checklist2I’ve often wondered about what IT Managers – and their superiors – really need in the areas of security and compliance.

The importance of security is pretty obvious: A security breach, be it a hacking trick done by a teenage kid from across the globe or an embezzlement carried out by “an enemy from within“, can easily make the company’s stock value and “bottom line” take a huge nose dive. And don’t forget the personal damage to the manager’s career… That alone is enough to get you to make sure that systems are totally secure and that audit trails exist!

Also, as auditors become more and more powerful in their organization, demanding answers, figures and proof of everything that happens, IT Managers have no choice but to “supply the goods” and the means for these auditors to get their jobs done.

So here are my thoughts on the 5 “must-haves” for IT Managers these days:

1) Click Click – Single click access to a single page summary report, presenting, in a “top-down” manner, all exceptions to security policies on all systems in the environment. One example of such an interface is Raz-Lee’s iSecurity GUI.

2) Take it Easy – Easily enable system administrators, auditors- and managers!- to define, run and schedule compliance reports running over selected systems in their environment.

3) A Picture’s Worth a Thousand Words – Single screen graphical (i.e. business intelligence oriented) access to security-oriented data warehouse with on-line drill down capabilities to isolate and identify security breaches and related events. See iSecurity GUI Screens for an example of this.

4) Know Where you StandSingle click assessment of how the site is complying with defined policies (either IBM’s, best practices or the site’s defined baseline policies).

5) Automate It – Automatic responses to potential security breaches and events which will enable identifying the intruder and accumulating court-acceptable evidence.

Raz-Lee’s iSecurity, an advanced System i Security product suite, addresses all 5 “Must Haves” .  Email marketing@razlee.com for a free consultation on the best security solution for you.

Written by Shmuel Zailer, CEO, Raz-Lee Security
Email Shmuel Zailer at marketing@razlee.com