• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • ALL Out Security Roots Out Fraud with New Audit Tool

    May 10, 2011 Alex Woodie

    One of the new exhibitors at last week’s COMMON conference and expo was ALL Out Security, a software company that comes out of the JD Edwards world. At the show, ALL Out Security debuted a new auditing tool called TRACE that’s designed to track down unauthorized changes made to data on IBM i systems, whether it stems from an innocent error or criminal intent.

    ALL Out Security is well versed in the security needs of JD Edwards World and EnterpriseOne customers. The Colorado Springs, Colorado-based company’s core product, called ALL Out Security, helps administrators lock down their JD Edwards ERP systems, which can be difficult to do using the ERP suites’ native security tools, the company says. More than 240 JD Edwards customers around the world have adopted its security offerings, the vendor claims.

    Security is all about building walls around users and what they can access, said Richard Belton, a co-founder and senior consultant with ALL Out Security. “But what happens when they breach our controls and get in and do something they shouldn’t do?” he said during a press conference at the COMMON show in Minneapolis last week.

    That is where the company’s new TRACE product comes into play. The software, which uses the IBM i audit journal, is designed to automatically notify internal auditors when suspicious events have occurred on their IBM i server, such as changes made to sensitive fields in DB2/400, the use of SQL or ODBC to change data, and the bypass of application-level controls.

    These events could indicate one of two things: That an inexperienced user was lost in the application and accidentally did some things he shouldn’t have, or an experienced user was exploiting weaknesses in the IBM i application environment to enrich himself at the company’s expense.

    The lure of easy money can be too much for users who lack moral values and think it’s OK to steal from their employers. And all too often, IBM i shops unknowingly assist these criminals by not adequately securing their servers, applications, and data. While a correctly configured IBM i server can be practically impossible to break into, surveys conducted year after year show the average IBM i shop is woefully under secured.

    There is a thin line separating an experienced employee who has the knowledge to exploit IBM i’s security weaknesses but doesn’t, and a would-be criminal who begins to acts on his urges.

    For example, a warehouse manager may think he can get away with selling some of his company’s products on the black market, then using unmonitored SQL to cover his tracks by changing the quantity of product listed in the ERP system. Or a manager at a bank may think she can get away with using an anonymous ODBC session to change an account number in the payroll system, so that she collects additional paychecks.

    In each of these cases, TRACE can serve as a safety net for under-secured IBM i shops, and save these companies the embarrassment and monetary loss that results from internal fraud.

    “It’s fraud,” said Belton, who previously worked at IBM and JD Edwards, and has worked with customers all over the world. “The whole idea of getting management involved is to make them aware of it.”

    IBM i shops could discover these events on their own by analyzing the millions of records in the audit journal, but it would be more difficult, Belton said. In addition to helping auditors detect fraudulent activity, TRACE also generates compliance reports and assists with separation of duties (SOD) requirements, he said.

    ALL Out Security acquired the TRACE product about two months ago from its original developer, an auditor who discovered he didn’t want to be in the software business. There are currently about three customers.

    TRACE is available now. The software can be obtained through a traditional perpetual license, which ranges from about $2,000 to $25,000 depending on P group, or through a monthly subscription. For more information, see www.alloutsecurity.com.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    looksoftware:  FREE Webcast: RPG Open Access Demystified. June 7 (Europe) & June 8 (USA)
    RJS Software Systems:  Go paperless, automate business process and save money.
    Shield Advanced Solutions:  JobQGenie ~ the perfect companion for your high availability solution

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Will Red Hat Cloudware Come to Power-Based IBM i Clouds? Retrieve Column Descriptions in your ADO Client/Server Applications

    Leave a Reply Cancel reply

Volume 11, Number 17 -- May 10, 2011
THIS ISSUE SPONSORED BY:

JAMS Job Scheduler
looksoftware
ManageEngine
VAULT400
RJS Software Systems

Table of Contents

  • Profound to Resell RPG Open Access for IBM
  • ALL Out Security Roots Out Fraud with New Audit Tool
  • New Maxava HA Suite Controlled from Mobile Device
  • mrc Claims Breakthrough in Mobile Interface Generation
  • Vision Solutions Launches HA Appliance
  • Symmetry Goes Big with Launch of ‘i In the Sky’ Cloud
  • Customized Green Screens Key to BCD’s Web Enablement
  • Crossroads Supports IBM i 7.1, NPIV with SPHiNX Storage Device
  • Raz-Lee Unveils General Purpose IBM i Reporting Tool
  • Insurance Company Taps CoSentry for Co-Location Services

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • To Comfort The Afflicted And Afflict The Comfortable
  • How FalconStor Is Reinventing Itself, And Why IBM Noticed
  • Guru: When Procedure Driven RPG Really Works
  • Vendors Fill In The Gaps With IBM’s New MFA Solution
  • IBM i PTF Guide, Volume 27, Number 27
  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle