Raz-Lee Adds Zero-Trust Features To IBM i Firewall
March 18, 2024 Alex Woodie
IBM i shops that are looking to implement a zero-trust security posture in their IBM i systems may want to check out Raz-Lee Security. The software company has added micro-segmentation capability to its iSecurity Firewall product, giving IBM i shops another level of control over their networks.
Zero-trust is one of the more promising methods to secure an internal network these days, as it requires users to be authenticated, authorized, and continuously validated before being granted access to internal applications or data. It has been widely adopted in corporate networks as one aspect of a strong defense, particularly in Windows and Linux networks, but also with larger host systems, such as IBM i servers and mainframes.
Several zero-trust security vendors added support for IBM i back in 2021, including Guardicore, which added IBM i support to its Centra offering before being acquired by Akamai for $660 million in 2022. Another vendor adding IBM i support was Illumio, which boasts of being used by six of the 10 largest banks in the world.
It turns out that the work to support IBM i in the Guardicore products was done by Raz-Lee Security, which entered into a contract with Guardicore to develop the IBM i portion. Recently, the Israeli IBM i security company bolstered its own network security product, iSecurity Firewall, with the same type of micro-segmentation capability that it helped develop for Guardicore.
Raz-Lee CEO Shmuel Zailer recently explained to IT Jungle how micro-segmentation enables zero-trust security in Firewall.
“The idea of micro-segmentation comes to security from a different corner,” he said. “Instead of thinking about what exactly somebody is doing to which object, etcetera, what you do is you start thinking about segments in your network.”
For instance, one segment of your network may stretch from Dallas to New York, he said. With micro-segmentation, the administrator would define the specific IP addresses and the specific ports that could be used, Zailer said.
Zero-trust goes beyond typical IBM i security by specifying not only who can access IBM i resources, but where they can access them, too. For instance, an outside contractor may have permission to log onto his client’s IBM i server in one of the client’s locations.
“But if he goes to another office where all the office was just going clerical operations and then he starts programming – well, you will have to change some definitions,” Zailer said.
The control over users and their activity across network segments is more fine-grained with zero-trust security and micro-segmentation, said Moshe Sofer, Raz-Lee’s marketing manager.
“They are not just controlling who is the user. They are also controlling who is the user and where is the user able to connect? From where to where? With which port? It’s really, really specific,” he said.
For instance, a user might have permission to move data via FTP from one location to another, whereas another user may only have permission to access the database. “They might have the same authority, but now with the Firewall you have planned control about how they are working,” Sofer said. “It’s how they enter inside the network and inside the network you are controlling who they are and what are they doing in these micro controlling transactions.”
iSecurity Firewall uses some security features of the IBM i operating system as part of its zero-trust implementation. Specifically, it uses the exit point for sockets, Zailer said. But the idea behind zero-trust is “completely different” than traditional IBM i security, he said.
“It’s different from old school security,” he said. “It’s a modern method. The processing time required to enforce this security is absolutely minimal, which means performance. People tend to think about it as more systematic. They can make less mistakes in the definition of the rules, because it’s so systematic.”
Raz-Lee has supported zero-trust security in iSecurity Firewall for some time now, but it is only now just starting to talk about it. Any users who have installed the latest release already have access to the micro-segmentation capabilities.
Zailer points out that the zero-trust security features in Firewall only work within IBM i. If customers want to implement zero-trust security for their entire organization, including for open systems, then he would encourage them to look at another solution, such as the Guardicore security tool now sold by Akamai.
RELATED STORIES
Raz-Lee Updates Anti-Ransomware