Raz-Lee Adds Self-Auditing Feature to Security Products
November 4, 2015 Alex Woodie
“Who polices the police?” That’s the question many CIOs are asking as they clamp down on potential security exposures in response to increasingly strict regulations. Now Raz-Lee Security is working to reduce the suspicion surrounding IBM i system administrators (i.e., the server cops) by building self-auditing capabilities directly into its security tools.
In many IBM i shops, the system administrator is typically the most powerful user on the system. This jack-of-all-trades is often called upon to do the work that would be covered by a security officer in bigger shops running open systems. It’s common to give the “keys to the kingdom,” as it were, to the sys admin, and to trust him with critical security roles, such as controlling authority, access, authentication, and auditing for all users on the system.
Putting all this power into the hands of a single person raises legitimate security concerns. Business owners are asked to entrust the sanctity of their data and their livelihoods to a single administrator with god-like powers on the IBM i. What if the admin goes rogue? How would you be able to tell?
The folks at Raz-Lee understand the dilemma. Security tools such as its iSecurity Suite can cut both ways. In addition to giving the administrators powerful tools to spot malfeasance by internal and external users, they also give admins the capability to potentially cover up their own tracks.
Now Raz-Lee is stepping up and clamping down on this potential weakness. Last month the company announced that it’s adding self-auditing capabilities for detecting any changes made to the product configuration and definition files for all of the products in its iSecurity Suite.
The self-auditing features were developed by using the IBM i database journal to track any changes made to product configuration and definition files. The output of the database journal can be tough to interpret, so Raz-Lee has embedded its own journal reporting tool, called AP-Journal, to make it user friendly.
Raz-Lee says this feature is unique on the market and addresses a potentially serious security exposure. “[A] system administrator with open and unrecorded access to a security product may freely change the product’s definitions to allow abusing the system without such breaches being detected by others, even by those who are administrating the product,” the company says.
The changes come in response to user demands, says Eli Spitz, Raz-Lee’s vice president of business development.
“Auditors at large customers worldwide have asked Raz-Lee to provide the capability to audit their own products’ definition changes,” he says. “Raz-Lee has now decided to provide exactly what customers are looking for: a free, robust, and out-of-the-box product feature.”
iSecurity includes more than a dozen individual products, including:
Raz-Lee, which has offices in New York City and Israel, made the announcement at last month’s COMMON Fall Conference and Expo, which was held in Fort Lauderdale, Florida.