fhs
Volume 8, Number 15 -- April 15, 2008

Raz-Lee Flushes Out Fraud with Application Security Tool

Published: April 15, 2008

by Alex Woodie

The System i security experts at Raz-Lee have developed a new product called AP-Journal that's designed to detect fraudulent field-level changes to DB2/400-based application files that could indicate inside fraud. The new tool, which Raz-Lee first unveiled two weeks ago at the COMMON conference in Nashville, Tennessee, is based on IBM journaling and will be most useful for companies in the healthcare and financial services industries, the company says.

One of the most pressing security issues affecting System i shops is that too many organizations grant way too much authority to their users. According to a recent security survey performed by PowerTech (which sells security tools that compete with Raz-Lee's), the average shop has close to 70 users with *ALLOBJ authority, or nearly 10 percent of all their users. While the vast majority of these users will not abuse their authorities (such as by manually changing a field-level value in a critical application), the fact remains that they can.

And when a user decides to change a field--to perpetrate fraud or even for a legitimate (but misguided) business reason--it can be difficult to find out who made the change, when the change was made, and what the change entailed. It's possible to trace the changes if the journaling feature in i (the operating system formerly known as i5/OS and OS/400) is activated and the organization has skilled personnel working with journal receivers. But for those without those technical skills, details about field-level changes are not available.

Raz-Lee decided this was a problem that needed a more elegant solution, so it developed the AP-Journal, which it claims is a first-of-its-kind product on the market. The software works with IBM journaling and journal receivers, but instead of requiring users to write special programs to obtain usable information, the AP-Journal extracts the usable data (which is marked with a "commonality key") and indexes it in a separate container, thereby creating a highly targeted database of changes to field-level values that is more efficient to search and monitor.

Filters are then created to determine how far a field-level value can be changed before it will trigger an alert. AP-Journal allows filters to be created based on numeric value change or percentage change. If a change to a field exceeds the limit--such as a product's price being reduced by more than 20 percent, or a salary being increased by more than 10 percent--AP-Journal automatically sends an e-mail to the administrator notifying him or her of the change.

The software can also be used in batch mode to create reports that display changes made over a period of years, including before and after views of the data. The product also supports a "quick view" mode that lets managers see all field-level changes made in one or two files.

Raz-Lee CEO Shmuel Zailer says one early adopter is using AP-Journal to monitor order values in its ERP system. "If I had an order that was worth $1 million, and now I go to the computer and see that it's worth $50,000, can you tell me how it came that that order changed so dramatically?" Zailer said during an interview at the COMMON conference.

While fraud detection is definitely a big part of AP-Journal, it's not the product's only goal. According to Eli Spitz, vice president of business development for Raz-Lee, the software can be used to maintain a level of compliance and control over the potential for unauthorized changes. "Maybe somebody changed something and didn't have rights to," Spitz said. In this case, AP-Journal would be used to record the violation.

Other possible non-fraud uses of AP-Journal can be found in the financial services and healthcare industries. As people refinance their mortgages and move from one house to another over a period of years, AP-Journal can be used to track changes to the original contract, Zailer says. Similarly, the software could be used in a hospital setting to track the activities of a doctor--what patients he saw and what drugs he prescribed--potentially years after the fact.

AP Journal is available now. Pricing is tier-based and ranges from $10,000 to $70,000. For more information, visit www.razlee.com.


RELATED STORIES

Raz-Lee Repackages i5/OS Security Software

Raz-Lee Eases Compliance with Update to iSecurity

Raz-Lee Updates iSecurity Suite

VAI to Resell iSecurity Suite from Raz-Lee

Raz-Lee Targets U.S. Market with iSeries Security Tools

Raz-Lee Developing Native iSeries Antivirus Software

Raz-Lee Ships New iSeries Security Software


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
ALDON

Compliance got you seeing red?

Keep your organization in line with
Aldon's Application Lifecycle Management solutions.

Whether you fall under HIPAA, Sarbanes-Oxley,
ITIL, Basel II or other initiatives, Aldon ALM will
simplify your life and ensure regulatory compliance.

Download our White Paper, and learn how Aldon can bring you
the best practices you need to achieve governance.

Click here to download
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

LANSA:  It's Time for 4 days of education at the LANSA User Conference, May 4 – 7, in Orlando
MoshiMoshi:  An Interactive Experience for the System i Community. See Episode 1 now!
Vision Solutions:  A Rewind Button for i5 Data? Read the Whitepaper
 

IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
Getting Started with PHP for i5/OS: List Price, $59.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95
 
The Four Hundred
The 64-Core Power6-Based Power 595 Starts to Roll in May

And Then There Was One: The New and Improved Power 570

Sundry Power Systems Announcements

As I See It: Goldilocks and the Zen of IT

Albert Simon Barsa, Jr., 1953-2008

The Linux Beacon
Oracle Touts Unbreakable Linux, Adds Clusterware Support

Ubuntu 6.10 Comes to the End of the Line

IBM Merges System p and System i Server Lines

IBM Launches Dual-Core Power6 JS12 Blade Server

Most CIOs Say 2008 IT Budgets Are Stable, So Far

Big Iron
Bears' Turns

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
SQL Doesn't Like Logical Files

Performance Advice from a Mysterious Friend, Part 4

Admin Alert: V6R1 Changes for the i5/OS Administrator, Part 1

System i PTF Guide
April 5, 2008: Volume 10, Number 14

March 29, 2008: Volume 10, Number 13

March 22, 2008: Volume 10, Number 12

March 15, 2008: Volume 10, Number 11

March 8, 2008: Volume 10, Number 10

March 1, 2008: Volume 10, Number 9

The Windows Observer
New Batch of Windows Flaws Give Hackers a Roadmap to Riches

Yahoo Rebuffs Microsoft's Threat of a Hostile Takeover

AMD to Slash 10 Percent of Workforce Amid Sales Shortfall

Options to Microsoft's Hosted E-Mail Abound

Oracle to Support 10g on Windows Server 2008 by July

The Unix Guardian
The 64-Core Power6-Based Power 595 Starts to Roll in May

HP Rejiggers HP-UX 11i Packaging as Update 2 Ships

Sun Gangs Up Sparc T2+ Chips with Maramba Servers

The Power 575: Grandfather of the Multi-Teraflops Power7 Monster

Most CIOs Say 2008 IT Budgets Are Stable, So Far

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

New Generation Software
Aldon
Bsafe Information Systems
Computer Keyes
Guild Companies


Printer Friendly Version


TABLE OF CONTENTS
i-Based SCS500 Internet Phone System Now Available

Raz-Lee Flushes Out Fraud with Application Security Tool

ARCAD Looks to Aid Application Modernization Projects with Updated Software

BOSaNOVA Goes Semi-Rugged with New Thin Client

Quadrant Updates IntelliChief with Web Forms

News Briefs and Product Shorts:
IBM to Launch Mashup Center Beta in April . . . Centerfield Sells disk/HUNTER to S4i Systems . . . Moshi Moshi: Bytware Says 'Hello' With New Animated Series . . . First Option Releases iSeries Watchdog . . . Healthcare Company Adopts Biometric Time and Attendance Terminals . . .

Four Hundred Stuff

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement