Meuhedet, a Major Israeli Health Fund, Chooses iSecurity!

meuhedet_logoMehuhedet, one of Israel’s major health funds, has selected our very own iSecurity solution for protecting its System i environment. Meuhedet’s iSecurity implementation includes Firewall, a solution supplying complete protection from infiltrations and unauthorized access, covering all relevant protocols. It also includes an IDS (Intrusion Detection System generating real time alerts) and Screen, a solution for protection of unattended workstations.

And how do they use it? First and foremost, for monitoring internal and external access to the server, blocking unauthorized users and checking problems with the entry attempts of users who have proper permissions. iSecurity also enables monitoring the entries into the system and watching the data on each entry through a user-friendly log.

What does the customer have to say about iSecurity? “iSecurity gets the job done,” said Itsik Rejiniano, a System Programmer at Meuhedet Health Fund. “It provides total protection for the server, but on the other hand, offers the user easy and effective management capabilities.”

For more information visit our site www.razlee.com

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at
marketing@razlee.com

Loss of Data Trail = Loss of 5M Euros

broke2Check out this noteworthy real-life security story: a major European high-tech company (we’ll call it Company X) couldn’t trace a certain large sum after it had been transferred between several different systems throughout the company. Unfortunately for Company X, the authorities claimed it was income…

When Company X tried to prove otherwise, they found that the trail of the sum was too complex to trace. They put numerous managers to the task of trying to trace this sum, but no go. It was impossible for the company to prove that the sum was not income.

To make a long story short, Company X had to pay 5 Million Euros! Arggghhh…

What could have given this story a fairytale ending?  A security solution that tracks all changes in application databases, throughout all the company’s systems. A solution that provides clear reports, displaying all changes which occurred over long periods, on a single timeline. This could have been just the proof that Company X needed to rescue it from its tight spot.

Such as solution was actually developed by Raz-Lee Security, and is called AP-Journal. An Application Security and Business Analysis Solution for System i, AP-Journal protects business-critical information, keeping managers closely informed of all changes in their databases using real-time alerts and cross-application reports.
Click to learn more about AP-Journal.

Written by Shari Masafy, MarCom Manager at Raz-Lee Security
Email Shari Masafy at
marketing@razlee.com

Why Invest in Information Security During a Recession?

Piggy Bank Savings Female Half FilledThe recession has been here for quite a while, and each company must rethink and adjust their strategy and expenditures to suit the unstable economy. In most cases,  this means companies will only invest in what they consider essential.

Is information security essential? I think so. Here is why information security becomes even more vital in a time of recession:

  • Time of increased security risks – In a recession, more people are hard-pressed for money and have large debts; more people are unemployed, bored and angry. And don’t forget all those employees you fired last week, who could well be looking for revenge… all these people are potential hackers and embezzlers.
  • NOT a time to expand your losses – In a recession, all companies suffer financially. However, no one can afford to expand losses by losing huge sums to hackers.
  • Time to automate your tasks – In a Down Market, you have to make do with fewer employees. This means you have to be more efficient. Sophisticated security tools, such as iSecurity, can save you lots of time, with wizards, report generators, real-time alerts, and more. 
  • Time to prepare for the upturn – Now, when sales are low, concentrate on preparing your infrastructure for the day after the recession, when you will have to focus on expanding sales and marketing.
  • Time for Musts only – Security is a Must. It is not a nice-to-have new project. It is safeguarding what you already have and treasure most – your business-critical information.

Click here for information on the need for information security.
Click here for information on iSecurity, Raz-Lee’s sophisticated system i security tools
Written by Shari Masafy, Marketing Communications Manager, Raz-Lee Security
Email Shari Masafy at marketing@razlee.com

5 "Must-Have"s for System i IT Managers

checklist2I’ve often wondered about what IT Managers – and their superiors – really need in the areas of security and compliance.

The importance of security is pretty obvious: A security breach, be it a hacking trick done by a teenage kid from across the globe or an embezzlement carried out by “an enemy from within“, can easily make the company’s stock value and “bottom line” take a huge nose dive. And don’t forget the personal damage to the manager’s career… That alone is enough to get you to make sure that systems are totally secure and that audit trails exist!

Also, as auditors become more and more powerful in their organization, demanding answers, figures and proof of everything that happens, IT Managers have no choice but to “supply the goods” and the means for these auditors to get their jobs done.

So here are my thoughts on the 5 “must-haves” for IT Managers these days:

1) Click Click – Single click access to a single page summary report, presenting, in a “top-down” manner, all exceptions to security policies on all systems in the environment. One example of such an interface is Raz-Lee’s iSecurity GUI.

2) Take it Easy – Easily enable system administrators, auditors- and managers!- to define, run and schedule compliance reports running over selected systems in their environment.

3) A Picture’s Worth a Thousand Words – Single screen graphical (i.e. business intelligence oriented) access to security-oriented data warehouse with on-line drill down capabilities to isolate and identify security breaches and related events. See iSecurity GUI Screens for an example of this.

4) Know Where you StandSingle click assessment of how the site is complying with defined policies (either IBM’s, best practices or the site’s defined baseline policies).

5) Automate It – Automatic responses to potential security breaches and events which will enable identifying the intruder and accumulating court-acceptable evidence.

Raz-Lee’s iSecurity, an advanced System i Security product suite, addresses all 5 “Must Haves” .  Email marketing@razlee.com for a free consultation on the best security solution for you.

Written by Shmuel Zailer, CEO, Raz-Lee Security
Email Shmuel Zailer at marketing@razlee.com

How Sufficient is IBM i's Integrated Security Infrastructure?

Is integrated IBM i Security Sufficient?

How sufficient is integrated IBM i security?

I recently ran into an interesting quote in System i News Magazine, January 2009:

“Not only is IBM i virus resistant, its object-based architecture provides integrated security based deep into the heart of the system. You don’t need to apply a multitude of security patches – because security is not an afterthought with IBM i”.

I couldn’t agree more. As VP Business Development at Raz-Lee Security, which has focused on software and security products for AS/400/IBM i since 1983, I can testify that security is indeed built into the IBM i to an extent that is unequaled on any other platform.

However, it’s important to emphasize the areas where IBM i only provides the infrastructure for security solutions, leaving it to each company – or to software providers like ourselves – to turn this infrastructure into something manageable and beneficial to CIOs, CSOs, auditors and system administrators.

Certainly the exit point architecture for protecting network access exists in vanilla OS/400; but were it not for a solution such as iSecurity Firewall, most organizations would not have the qualifications or resources to utilize these exit points.

The same goes for QAUDJRN log information; the information may all be there but its esoteric codes are unreadable without a solution such as iSecurity Audit which provides a useable front end to all this extremely valuable information.

OS/400 provides a wealth of password related system values and options; so many in fact, that a solution such as iSecurity Audit, which provides built-in password-related reports, a report generator and scheduler, is an absolute must.

And then there are capabilities that OS/400 simply does not provide; for example, an automatic operator facility (part of iSecurity Action) which can send real-time alerts and execute CL (command language) scripts in the case of a security breach.

And finally we reach the area I’ll call “Application Security”: using OS/400 facilities to secure the company’s business critical data. We’ve actually seen a growing trend over the past 2-3 years of companies’ growing interest in securing applications, as opposed to “infrastructure” (i.e. network access, QAUDJRN ).

iSecurity’s flagship product in the area of “Application Security” is AP-Journal. This product utilizes the information in OS/400 journal receivers, which fill up quickly and become unmanageable, and stores it in special purpose containers. These containers store only updates/fields which were defined by the user as “significant” and are therefore much smaller than journal receivers.

For example, AP-Journal can “trap” changes to application fields which are beyond a user-defined threshold, so that when a change occurs, an e-mail or operator message are sent to notify management. And, because the containers can store years worth of data, AP-Journal can easily provide a timeline report of all changes made to a mortgage over numerous years.

Another capability touching on application security is iSecurity’s ability to “capture” (via iSecurity Capture) user green screen images, store them and play them back at a later date.

In conclusion, while the IBM System i does lay out a groundwork for security, you still need additional, professional applications such as those offered by iSecurity in order to actually exploit the features/information provided by IBM.

Written by Eli Spitz, VP Business Development at Raz-Lee Security.
Email Eli Spitz at marketing@razlee.com