• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • ALL Out Security Roots Out Fraud with New Audit Tool

    May 10, 2011 Alex Woodie

    One of the new exhibitors at last week’s COMMON conference and expo was ALL Out Security, a software company that comes out of the JD Edwards world. At the show, ALL Out Security debuted a new auditing tool called TRACE that’s designed to track down unauthorized changes made to data on IBM i systems, whether it stems from an innocent error or criminal intent.

    ALL Out Security is well versed in the security needs of JD Edwards World and EnterpriseOne customers. The Colorado Springs, Colorado-based company’s core product, called ALL Out Security, helps administrators lock down their JD Edwards ERP systems, which can be difficult to do using the ERP suites’ native security tools, the company says. More than 240 JD Edwards customers around the world have adopted its security offerings, the vendor claims.

    Security is all about building walls around users and what they can access, said Richard Belton, a co-founder and senior consultant with ALL Out Security. “But what happens when they breach our controls and get in and do something they shouldn’t do?” he said during a press conference at the COMMON show in Minneapolis last week.

    That is where the company’s new TRACE product comes into play. The software, which uses the IBM i audit journal, is designed to automatically notify internal auditors when suspicious events have occurred on their IBM i server, such as changes made to sensitive fields in DB2/400, the use of SQL or ODBC to change data, and the bypass of application-level controls.

    These events could indicate one of two things: That an inexperienced user was lost in the application and accidentally did some things he shouldn’t have, or an experienced user was exploiting weaknesses in the IBM i application environment to enrich himself at the company’s expense.

    The lure of easy money can be too much for users who lack moral values and think it’s OK to steal from their employers. And all too often, IBM i shops unknowingly assist these criminals by not adequately securing their servers, applications, and data. While a correctly configured IBM i server can be practically impossible to break into, surveys conducted year after year show the average IBM i shop is woefully under secured.

    There is a thin line separating an experienced employee who has the knowledge to exploit IBM i’s security weaknesses but doesn’t, and a would-be criminal who begins to acts on his urges.

    For example, a warehouse manager may think he can get away with selling some of his company’s products on the black market, then using unmonitored SQL to cover his tracks by changing the quantity of product listed in the ERP system. Or a manager at a bank may think she can get away with using an anonymous ODBC session to change an account number in the payroll system, so that she collects additional paychecks.

    In each of these cases, TRACE can serve as a safety net for under-secured IBM i shops, and save these companies the embarrassment and monetary loss that results from internal fraud.

    “It’s fraud,” said Belton, who previously worked at IBM and JD Edwards, and has worked with customers all over the world. “The whole idea of getting management involved is to make them aware of it.”

    IBM i shops could discover these events on their own by analyzing the millions of records in the audit journal, but it would be more difficult, Belton said. In addition to helping auditors detect fraudulent activity, TRACE also generates compliance reports and assists with separation of duties (SOD) requirements, he said.

    ALL Out Security acquired the TRACE product about two months ago from its original developer, an auditor who discovered he didn’t want to be in the software business. There are currently about three customers.

    TRACE is available now. The software can be obtained through a traditional perpetual license, which ranges from about $2,000 to $25,000 depending on P group, or through a monthly subscription. For more information, see www.alloutsecurity.com.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    ARCAD Software

    DevSecOps & Peer Review – The Power of Automation

    In today’s fast-paced development environments, security can no longer be an afterthought. This session will explore how DevSecOps brings security into every phase of the DevOps lifecycle—early, consistently, and effectively.

    In this session, you’ll discover:

    • What DevSecOps is and why it matters?
    • Learn how to formalize your security concerns into a repeatable process
    • Discover the power of automation through pull requests, approval workflows, segregation of duties, peer review, and more—ensuring your data and production environments are protected without slowing down delivery.

    Whether you’re just getting started or looking to enhance your practices, this session will provide actionable insights to strengthen your security posture through automation and team alignment to bring consistency to the process.

    Watch Now!

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    looksoftware:  FREE Webcast: RPG Open Access Demystified. June 7 (Europe) & June 8 (USA)
    RJS Software Systems:  Go paperless, automate business process and save money.
    Shield Advanced Solutions:  JobQGenie ~ the perfect companion for your high availability solution

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Will Red Hat Cloudware Come to Power-Based IBM i Clouds? Retrieve Column Descriptions in your ADO Client/Server Applications

    Leave a Reply Cancel reply

Volume 11, Number 17 -- May 10, 2011
THIS ISSUE SPONSORED BY:

JAMS Job Scheduler
looksoftware
ManageEngine
VAULT400
RJS Software Systems

Table of Contents

  • Profound to Resell RPG Open Access for IBM
  • ALL Out Security Roots Out Fraud with New Audit Tool
  • New Maxava HA Suite Controlled from Mobile Device
  • mrc Claims Breakthrough in Mobile Interface Generation
  • Vision Solutions Launches HA Appliance
  • Symmetry Goes Big with Launch of ‘i In the Sky’ Cloud
  • Customized Green Screens Key to BCD’s Web Enablement
  • Crossroads Supports IBM i 7.1, NPIV with SPHiNX Storage Device
  • Raz-Lee Unveils General Purpose IBM i Reporting Tool
  • Insurance Company Taps CoSentry for Co-Location Services

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM Pulls The Curtain Back A Smidge On Project Bob
  • IBM Just Killed Merlin. Here’s Why
  • Guru: Playing Sounds From An RPG Program
  • A Bit More Insight Into IBM’s “Spyre” AI Accelerator For Power
  • IBM i PTF Guide, Volume 27, Number 42
  • What You Will Find In IBM i 7.6 TR1 and IBM i 7.5 TR7
  • Three Things For IBM i Shops To Consider About DevSecOps
  • Big Blue Converges IBM i RPG And System Z COBOL Code Assistants Into “Project Bob”
  • As I See It: Retirement Challenges
  • IBM i PTF Guide, Volume 27, Number 41

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle