Raz-Lee Feeds IBM i Data into RSA SIEM

March 18, 2011 Alex Woodie

RSA Security recently certified IBM i security software from Raz-Lee Security to feed log data into its enVision security information and event management (SIEM) offering. The integration gives IBM i shops a proven way to keep one of the security world’s most adopted and well-respected SIEM devices in tune with events occurring on the IBM i server.

Earlier this month, Raz-Lee announced that RSA had certified iSecurity version 11.4 to translate IBM i data into the Syslog format, and feed it into the enVision SIEM, an enterprise-class security device that’s been adopted by about 1,600 customers. The integration involves various components of iSecurity, including AP-Journal, Audit, Anti-Virus, Firewall, and Authority on Demand.

As a result of the integration, several security events on the IBM i server can now be detected in real time via the SIEM, including: attempts to hack into the server through network exit points; attempts to change user authority levels; the presence of viruses on the IFS; and attempts to edit or delete IBM i application objects and data files.

The integration satisfies demand from RSA customers to include the IBM i server within the scope of protection provided by the enVision SIEM device. IBM i event information can now be included in standard security and compliance reports generated by enVision. Most importantly, customers can now correlate any unusual activity detected on the IBM i server with activity detected in other computer systems and networks. This is the crux of the SIEM, and enables organizations stay on top of the latest blended threats that cyber criminals are using to pilfer corporate IT systems for data and money.

Internal networks are used to send IBM i event information from iSecurity to envision. Users can send the data via several means, including the IBM i message queue (MSGQ), short messaging service (SMS), simple network management protocol (SNMP), and even the Twitter messaging service, according to an RSA implementation guide. Raz-Lee added automatic generation of Twitter messages to its products last year at the COMMON conference in Orlando, Florida.

According to the RSA brochure, iSecurity can use Twitter to send IBM i security information at speeds of up to 1,000 lines per second. Messages can also be sent under different severity ratings, including emergency, alert, critical, error, and warning.

Raz-Lee touts one of the largest insurance companies in Israel as one of the first iSecurity customers to start sending IBM i data to enVision. According to a customer brief from Raz-Lee, the company was able to stop storing IBM i event data on the IBM i server itself after it started sending them to enVision, which saved a considerable amount of disk space, as well as I/O overhead.

The company also discovered what many other security experts have been saying for years: that the IBM i server can be somewhat chatty when it comes to logs and message queues. It was generating so much IBM i log data that it overwhelmed enVision, and the company was forced to use filters to scale back the number of events it sent over the wire.

iSecurity is not the only IBM i security tool that can feed data to enVision, which was originally developed by a company called Network Intelligence that was acquired by EMC around the same time that EMC bought RSA in 2006. Raz-Lee doesn’t have formal partnerships in place with other SIEM vendors, but a company spokesman says it’s easy to support other SIEMs. Raz-Lee does have a partnership with Imperva, which focuses on database security.

The integration supports Raz-Lee iSecurity version 11.4 and higher running on i5/OS V5R3 through IBM i 7.1. For more information, see the vendors’ websites at www.rsa.com and www.razlee.com.

Raz-Lee Gets the Twitter Bug

Imperva and Raz-Lee Team Up for DB2/400 Security Software

Raz-Lee Adds Object-Level Security to i OS Security Suite

RSA Cracks Down on Security Threats with enVision 4.0

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Strategic Partnerships Add Value

A Case for On-Prem IBM i Deployment

As organizations decide where to run their IBM i workloads with a growing range of strategies, it becomes more important to have strong differentiators in the various options to help make prudent IT decisions. Cloud options are now becoming more widely considered, but as UCG Technologies explains in a recent IT Jungle article, these options should be weighed in comparison to purchasing or leasing your own IBM Power Server and installing it on premises or at a Co-location facility.

On premise (on-prem) deployments largely remain most cost-effective and appropriate for midrange systems, especially when factoring in backup and disaster recovery. One way to maximize this approach is to capitalize on long-standing partnerships with complimentary expertise as in the case with IBM and UCG Technologies. The IBM i Solution Edition for UCG’s VAULT400 cloud backup & DRaaS is an offering that allows organizations the ability to combine the power of IBM Power Systems and IBM i with the strengths of business applications, along with superior services and support. The leads to improved productivity and responsiveness, adaptability and competitive Total Cost of Ownership (TCO).

Benefits to the end user include:

Discounted single or unlimited user entitlements – Save $6,000 to $60,000
No-charge IBM i processor core entitlements
No-charge IBM i access unlimited user entitlements
Discounted Rational Developer for i
No-charge service vouchers – 4 hours or 8 hours – Value of up to $ 1,800
IBM Spec Sheet for IBM i Solution Edition

To receive the above benefits, end user client must meet IBM requirements including contracting for a minimum of $6,000 of VAULT400 cloud backup services for P05 or $25,000 for P10 with UCG Technologies. The IBM i Solution Edition may be purchased directly from UCG Technologies or from another qualified – authorized IBM partner.

The IBM i Solution Edition for VAULT400 cloud backup & DRaaS is available for both the IBM Power System S914 and S924. Leverage a platform that utilizes the full power of IBM i while deploying a complete backup and disaster recovery solution that delivers rapid ROI. That is an on-prem win-win for mid-market organizations.

Request Complimentary POWER9 System Upgrade Analysis

Please visit ucgtechnologies.com/IBM-POWER9-systems for more information.

800.211.8798 | info@ucgtechnologies.com

Admin Alert: Corralling i/OS Storage Hogs, Part 2 IBM Hikes Maintenance Fees on Power-Based Gear

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search