Raz-Lee Eases Compliance with Update to iSecurity
September 11, 2007 Alex Woodie
System i shops struggling to comply with the onrush of new laws and rules affecting security will find it easier to track the computer-related components of those rules thanks to a new release from Raz-Lee Security. In late August, Raz-Lee announced the launch of iSecurity Audit version 8.2, which adds more than 200 new pre-defined compliance reports, and brings several other new features designed to help customers with their compliance initiatives.
The number of new laws and industry guidelines that companies must deal with today is unprecedented in this country. Whether it’s Sarbanes Oxley, HIPAA, PCI, Basel II, the California Privacy Act, ISO 17799, or a dozen other legal or industry mandates, new rules put a disproportionate burden on the IT departments that are tasked with carrying out the wishes of the management and the state. As the caretakers of incredibly powerful systems containing petabytes of extremely sensitive information, System i administrators are well advised to adopt tools that can automate the compliance-related tasks.
One of the company’s selling compliance solutions for System i servers is Raz-Lee Security, which is based in Israel and has U.S. headquarters in Nanuet, New York. Raz-Lee sells more than a dozen i5/OS security tools under the iSecurity banner, including a firewall, an IDS, an audit journal, an antivirus tool, password automation, user profile management, centralized reporting, and several others. All of the tools can be purchased individually, or iSeries shops can buy them as an integrated package.
Last month, Raz-Lee announced a major new release of the Audit component of iSecurity, version 9.2, which brings a number of enhancements in the area of compliance and reporting.
In previous releases of the tool, Audit contained about 80 pre-canned reports that tracked a variety of settings, such as use of powerful user profiles, operating system security levels, and object authority. With Audit 9.2, the number of pre-canned reports has been increased to more than 300, providing administrators and auditors with a plethora of options for demonstrating compliance–or a lack of compliance.
Examples of reports offered with Audit 9.2 include: lists of all deleted and restored objects; a list of all commands run from CL programs; a list of all interactive commands run by the security officer profile; lists of object authority and log-in failures; users with passwords more than 60 days old; and many more. Some of the 220 new reports touted by Raz-Lee actually exist in Firewall version 13.1, according to a company official.
Another new feature is the capability to schedule and generate security reports for multiple servers at the same time. Reports can be executed and viewed or printed either on remote systems or locally, and can easily be set up for execution on pre-defined groups of servers as well, according to Raz-Lee. Two options for generating reports on remote servers are provided: one that continuously gathers data from the remote system, reflecting the true “up to the last second” state of the box; and the “freeze and run” method, where data from the remote system is gathered and dumped on a local box, where the reports are generated.
While it’s not a new feature, it’s worth saying that Raz-Lee’s product lets users view reports in their choice of formats, including HTML, PDF, Excel, CSV, or e-mail. Such flexibility in output can be a lifesaver when the “look and feel” of a report is important for making a good first impression.
Administrators also gain the ability to view a report that compares a user’s current system values and network attributes against a baseline, or against IBM’s recommended settings. The fact that all of these are included in a single report makes life easier on time-strapped administrators and auditors.
Another new addition to Audit 9.2 that should make life easier on administrators and auditors are explanations of the importance of the particular reports that Raz-Lee has included in the product. The company has even included references to specific paragraphs and sections in the various compliance regulation documents, which should help provide much-needed clarity, especially for those of us who don’t have Dr. Frank-level knowledge of the intricacies of the system.