• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Raz-Lee Adds Self-Auditing Feature to Security Products

    November 4, 2015 Alex Woodie

    “Who polices the police?” That’s the question many CIOs are asking as they clamp down on potential security exposures in response to increasingly strict regulations. Now Raz-Lee Security is working to reduce the suspicion surrounding IBM i system administrators (i.e., the server cops) by building self-auditing capabilities directly into its security tools.

    In many IBM i shops, the system administrator is typically the most powerful user on the system. This jack-of-all-trades is often called upon to do the work that would be covered by a security officer in bigger shops running open systems. It’s common to give the “keys to the kingdom,” as it were, to the sys admin, and to trust him with critical security roles, such as controlling authority, access, authentication, and auditing for all users on the system.

    Putting all this power into the hands of a single person raises legitimate security concerns. Business owners are asked to entrust the sanctity of their data and their livelihoods to a single administrator with god-like powers on the IBM i. What if the admin goes rogue? How would you be able to tell?

    The folks at Raz-Lee understand the dilemma. Security tools such as its iSecurity Suite can cut both ways. In addition to giving the administrators powerful tools to spot malfeasance by internal and external users, they also give admins the capability to potentially cover up their own tracks.

    Now Raz-Lee is stepping up and clamping down on this potential weakness. Last month the company announced that it’s adding self-auditing capabilities for detecting any changes made to the product configuration and definition files for all of the products in its iSecurity Suite.

    The self-auditing features were developed by using the IBM i database journal to track any changes made to product configuration and definition files. The output of the database journal can be tough to interpret, so Raz-Lee has embedded its own journal reporting tool, called AP-Journal, to make it user friendly.

    Raz-Lee says this feature is unique on the market and addresses a potentially serious security exposure. “[A] system administrator with open and unrecorded access to a security product may freely change the product’s definitions to allow abusing the system without such breaches being detected by others, even by those who are administrating the product,” the company says.

    The changes come in response to user demands, says Eli Spitz, Raz-Lee’s vice president of business development.

    “Auditors at large customers worldwide have asked Raz-Lee to provide the capability to audit their own products’ definition changes,” he says. “Raz-Lee has now decided to provide exactly what customers are looking for: a free, robust, and out-of-the-box product feature.”

    iSecurity includes more than a dozen individual products, including:

    • Action, for identifying security breaches on IBM i
    • Anti-Virus, an IBM i implementation of open source ClamAV
    • AP-Journal Business Analysis, for internal security investigations using the audit journal
    • AP-Journal Regulation Compliance, for proving security compliance to external auditors
    • Assessment, a Windows-based security assessment tool for IBM i
    • Audit, providing comprehensive auditing and reporting for IBM i
    • Authority on Demand, allowing users to temporarily swap into powerful user profiles
    • Capture, for tracking user activity, including screen shots
    • Central Administration, providing centralized control of multi-server iSecurity implementations
    • Compliance Evaluator, for checking on the regulatory compliance posture of a system
    • Firewall, for protecting IBM i from network-born threats
    • Password, for managing passwords
    • Screen, a security-focused screensaver
    • System Control, for responding to system resource changes
    • Visualizer for Audit, a visualization tool for audits
    • Visualizer for Firewall, a visualization tool for the firewall

    Raz-Lee, which has offices in New York City and Israel, made the announcement at last month’s COMMON Fall Conference and Expo, which was held in Fort Lauderdale, Florida.

    RELATED STORIES

    Raz-Lee Makes Moves in UK and Latin America

    Raz-Lee Rolls Out Business-Item Capture Solution

    Raz-Lee Certifies IBM i Security Tools with McAfee

    Raz-Lee Supports IPv6 with IBM i Security Software

    Raz-Lee Delivers New IFS Object Security for IBM i

    McAfee Works with Raz-Lee to Monitor DB2 for i

    Raz-Lee Updates AP-Journal Fraud-Detection Tool

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Raz-Lee Security

    Raz-Lee Security is the leader in security and compliance solutions that guard business-critical information on IBM i servers. We are committed to providing the best and most comprehensive solutions for compliance, auditing, and protection from threats and ransomware. We have developed cutting-edge solutions that have revolutionized analysis and fortification of IBM i servers.

    Raz-Lee’s flagship iSecurity suite of products is comprised of solutions that help your company safeguard and monitor valuable information assets against intrusions. Our state-of-the-art products protect your files and databases from both theft and extortion attacks. Our technology provides visibility into how users access data and applications, and uses sophisticated user tracking and classification to detect and block cyberattacks, unauthorized users and malicious insiders.

    With over 35 years of exclusive IBM i security focus, Raz-Lee has achieved outstanding development capabilities and expertise. We work hard to help your company achieve the highest security and regulatory compliance.

    Key Products:

    • AUDIT
    • FIREWALL
    • ANTIVIRUS
    • ANTI-RANSOMWARE
    • MULTI-FACTOR AUTHENTICATION
    • AP-JOURNAL
    • DB-GATE
    • FILESCOPE
    • COMPLIANCE MANAGER
    • FIELD ENCRYPTION

    Learn about iSecurity Products at https://www.razlee.com/isecurity-products/

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    NGS:  Nov. 18 FREE Webinar: Migration Alternatives for Query/400 Users
    HelpSystems:  How do you use IBM i? Your peers want to know! Take the survey >
    BCD:  IBM i Webinar with Jon Paris - RPG OA: So Misunderstood! November 18 at 1pm EST

    Extracting Sample Data From A DB2 for i Table IBM i Development Team Considering Native .NET

    Leave a Reply Cancel reply

Volume 25, Number 56 -- November 4, 2015
THIS ISSUE SPONSORED BY:

New Generation Software
Rocket Software
BCD Software
Fresche Legacy
Storagepipe

Table of Contents

  • IBM i Executives: Where Are They Now?
  • Crossroads Drops Rack Requirement, Adds De-Dupe in VTL
  • Tango/04 Boosts IT-Business Alignment Capabilities
  • Komodo Launches Hosted Splunk Service for IBM i
  • Raz-Lee Adds Self-Auditing Feature to Security Products

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Power Systems Did Indeed Grow Revenues Last Year
  • The IBM Power Trap: Three Mistakes That Leave You Stuck
  • Big Blue Decrees Its 2023 IBM Champions
  • As I See It: The Good, the Bad, And The Mistaken
  • IBM i PTF Guide, Volume 25, Number 5
  • N2i Gains Traction Among IBM i Newbies
  • Realizing The Promise Of Cross Platform Development With VS Code
  • 2023 IBM i Predictions, Part 3
  • Four Hundred Monitor, January 25
  • Join The 2023 IBM i Marketplace Survey Webinar Tomorrow

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.