Bsafe Bolsters OS/400 Security Software with New Logging, Alerts
January 27, 2004 Alex Woodie
Bsafe Software Solutions this week says it will start shipping a new version of its iSeries security software suite with new features in the areas of tracking changed data and generating security alerts. The company, which is based in Israel and has been trying to break into the North American market, says the changed data tracking feature in Bsafe/iSeries Global Security Version 3.3 can help companies comply with government mandates that call for tighter data security.
With an array of third-party OS/400 security products to choose from, the folks at Bsafe Software Solutions point to the Windows interface as its distinguishing feature. While it’s a subjective comparison, Bsafe officials repeatedly claim theirs is the richest OS/400 security product with a Windows client GUI.
And you can do quite a bit from the Bsafe Windows GUI. In fact, the GUI in is used to work with all of the modules in the Bsafe/iSeries suite. Before the release of Version 3.3, these modules included the Intrusion Prevention System, which enforces rules governing the execution of commands on your iSeries system, via TCP/IP and SNA, and also guards ports and enforces network address rules; the Intrusion Detection System, which is used to alert administrators of suspicious system activity by sending messages (e-mails, IMs, SNMP traps); the Internal Security Manager, which controls OS/400 object and user access rights; the Advanced Audit Journal, which runs 62 different reports against the OS/400 system journal; and the Network Traffic Analyzer, which provides a detailed log of network events.
With Bsafe/iSeries 3.3, the company has added a new Dataflow facility, which uses the system journal to track changes made to data in OS/400 applications. Bsafe previously offered a green-screen utility called Bsafe/iSeries Dataflow, which tracked changed data. Alternatively, enterprising users could always dig for the changed-data information in the journal log. However, neither of these techniques presents the information in GUI, which Bsafe maintains is a convenience when searching for data.
The Dataflow capability uses filters to search for altered files. Bsafe says Dataflow’s most outstanding feature is its capability to display a journal’s entry specific data, which is the field-level changed data in a record. It also works as a file viewer for journals, with changes in field values being clearly and distinctly marked. In this way, companies can get a “before” and “after” image of specific fields, or entire records, for auditing purposes, such as those required by the Sarbanes-Oxley Act and other government mandates, the company says. Users can add, change, or delete journals with the tool.
The other big change with Bsafe/iSeries 3.3 is the addition of new alerts that are automatically generated when someone attempts to gain unauthorized access to an OS/400 server. Previously, the software alerted administrators of network traffic and potential intrusions (through the IDS). “With this release, we’re generating alerts for messages originating from the system log,” says Neil Leigh, a marketing manager with Bsafe.
Bsafe has built alerts for three actions with this release: system value changes, unsuccessful sign-on attempts, and unsuccessful attempts to access certain objects. “These are the main security breaches we’ve found with our clients that administrators want to know about,” Leigh says. A future release of Bsafe/iSeries will be able to kick-off an alert when a change is made at the field level, he says. “That’s a whole class of alerts that doesn’t exist, but it will with the next release.”
Bsafe/iSeries Version 3.3 has undergone some fine tuning in performance and will save customers’ I/O cycles, the company says. For example, there is more flexibility in the way the software records network traffic. Instead of logging each FTP connection in a series of transactions with a trusted partner, the administrator can choose to log only the first connection.
Last year, we reported that Bsafe was accelerating its efforts to break into the American market for OS/400 security software by signing two resellers. As it turned out, 2003 was actually a much better year for Bsafe in Europe, where the company concentrated most of its sales efforts, says Shimon Bouganim, founder and chief technology officer for BSafe.
Bsafe currently has 25 resellers and partners around the world, including IBM, through its subsidiaries in Italy, Greece, Israel, Hong Kong, and China. The company has not given up on the United States software market, the world’s largest software market, and is looking to partner with additional resellers. “We didn’t find the best way to penetrate the market,” Bouganim says. “For us, 2004 will be the time to enter America.”
For more information, go to www.bsafesolutions.com.