Raz-Lee Summarizes i OS Security Settings in New Compliance Product

Published: March 17, 2009

by Alex Woodie

The IBM System i is a notoriously difficult nut for auditors to crack. Accustomed to "standards-based" Windows and Unix systems, auditors sometimes struggle to make their way around a subject's i OS-based computer. To help alleviate the pain of hunting for security data for auditors and IT managers alike, i OS security software developer Raz-Lee Security last month launched a new product called Compliance Evaluator that seeks to include the most relevant compliance-related security information in a concise, one-page summary.

Raz-Lee, which is based in Israel and has its U.S. offices near New York City, has plenty of experience with helping customers deal with security regulations. Its iSecurity suite can generate hundreds of reports detailing exactly whether a given System i server (and the company running it) is compliant with computer security provisions of countless laws, including Sarbanes Oxley, HIPAA, PCI, Basel II, the California Privacy Act, and ISO 17799, just for starters.

But not everybody wants to wade through the technical minutia--or can understand it, for that matter. Whether a group of users has exceeded the password reset limit of 60 days may be an important thing to consider when sculpting a security enforcement policy. But when all you want is a big picture summary of a customer's AS/400 security posture, the nitty gritty detail actually hurts productivity; it doesn't help it.

That's where the latest addition to Raz-Lee iSecurity suite, Compliance Evaluator (formerly called Compliance On-Demand), comes in. Compliance Evaluator is intended to be used by IT managers and auditors who periodically need concise summaries of System i security settings. The product gathers data from i OS's QAUDJRN, and generates one-page summary reports, which include an overall compliance score and ratings for specific security-related components, such as system values, network attributes, and user profiles. All of the reports are output in Excel format, and can be automatically e-mailed to managers or off-site auditors.

Auditors and IT managers can get a quick summary view of how their AS/400 servers' security settings stack up to SOX and other regulations with Raz-Lee's new Compliance Evaluator.

Raz-Lee CEO Shmuel Zailer says the new product marks a breakthrough in System i security reporting. "With Compliance Evaluator, we've take a giant step forward toward our mission of making System i security easily attainable for managers and auditors," Zailer says. "The clear, single-view display of complex, comprehensive security data makes managers' tasks a lot easier, enabling them to quickly assess--and immediately improve--the security of their environment."

The security settings of up to 99 System i servers or LPARs can be summarized by Compliance Evaluator. The product can then take this data and compare the different security scores, generate site-wide security summaries, or even create baseline levels for compliance.

Compliance Evaluator uses the security reporting and scheduling capabilities of several other iSecurity products, including the Firewall and Audit products, to generate its summary. Because of this, it cannot be sold separately from the suite. Instead, it's meant to help with security compliance reporting of existing and future iSecurity customers.

Compliance Evaluator is available now. Pricing is tier-based and begins at $4,000. For more information, visit www.raz-lee.com.

RELATED STORIES

Raz-Lee Eases Compliance with Update to iSecurity

Raz-Lee Updates iSecurity Suite

Raz-Lee Signs BOSaNOVA to Resell Security Software

Raz-Lee Targets U.S. Market with iSeries Security Tools

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot