System iNetwork

December 17, 2009

Wish List Fulfillment: Raz-Lee Helps Replicate User and Security Settings Between Systems

Raz-Lee Security recently announced enhancements to its iSecurity product suite, and I spoke with Eli Spitz, Raz-Lee Security's vice president of business development, to get more information, as well as to get his take on the latest trends he's noticing in the security market as 2009 winds down.

What's hot in security these days? What are your customers asking for help with?

Spitz: In the industry in general, a trend we're seeing is companies consolidating their environment into multi-system and multi-LPAR networks. Over the past year or so, we've sold into large banks running well-known banking applications, especially in Europe; some even have P40s and P50s, but certainly the trend is to the smaller systems, P10s and P20s. The real challenge for companies is the management and coordination of these networked systems. You don't want to repeat work that you've done on one system for security and compliance—you don't want to have to do that again on other systems. You want to be able to reuse definitions, rules, and alerts that you've set up.

So we're answering to this trend, and our latest batch of features that we've released really relates to this. In fact, these features were specifically requested by a large U.S. financial institution. They have 100+ systems/LPARs, and what they asked for was help with the whole issue of replication: ensuring that definitions are in sync, user profiles are all in sync, and system values are all in sync. Of course there will be exceptions, for example between user profile or system value definitions on test as opposed to production systems, and we allow for this as well in our products.

A really interesting aspect of multi-system management is simultaneously checking compliance levels in these diverse environments. For this, the Compliance Evaluator product that we released about a year ago offers the possibility of evaluating a site's compliance level over any subset of systems, against both site-defined standards as well as regulatory requirements. In fact, the product comes with built-in PCI, SOX, and HIPAA compliance checks that can be run after minimum site customization. And, within the product, we allow for exceptions and unique definitions for the different environments existing at all sites. So alongside the Compliance Evaluator product, which gives a compliance score for individual systems, we've added the ability to replicate definitions, rules, product parameters, and values from one system to another—in the area of user profiles, system values, etc.

So that's one trend that we've been seeing. Another trend we've also addressed, which is important in large companies, is native object security. IBM a couple of years ago came out with a product called Secure Perspectives, whose purpose is to address native object security—defining various levels of user access rights to objects defined in the system. But Secure Perspectives sort of lost focus and has not seen wide market acceptance. As of recently, there is a group in IBM that is involved with that product again. [Editor's Note: IBMer Terry Ford says that IBM's STG Lab Services Security Team has begun new work on Secure Perspectives. Read Ford's comment in our Product Lines blog.]

Native object security is really important because you're always going to have to get down to the basic object that you need to secure, and there's no easy and error-prone way of doing that in large shops.

So, to answer to this growing concern, we've developed a rules-based solution that fully supports generic names for securing, defining, and monitoring access levels to all objects in the system, including all different levels of access—read, add, update, execute, delete, etc. [Editor's Note: See "Raz-Lee Security Releases New Modules for Security Tool Suite."]

A third trend we're seeing is the increasing awareness and concern about application security. Just last week, we concluded a deal in the UK through our rep there, Northdoor, for a financial institution that originally purchased our Firewall and Audit products and has now added the AP-Journal solution. We've been very successful selling this product because it allows for monitoring application-level data and alerting anyone, in realtime via SMS, e-mail, message, or SYSLOG, when application data changes by more than a predefined threshold—percentage or absolute.

As an example, one of our customers is a large medical-supply and healthcare distributor that monitors online the stock levels of all items, and when the level-on-hand goes below a certain value, they'll send out an SMS message automatically to somebody so they can reorder the item. That's just one example, but it's easy to understand how it works.

A related issue is the potentially serious security breach we've been hearing more and more about from companies when data is accessed (read) and not necessarily updated. Originally, our application journal product was based solely upon what IBM provides—journal receivers, which we can filter, monitor, and use to send out alerts. What IBM journal receivers don't do is record accesses—simple reads!

To solve the read access challenge, we developed a solution that integrates with AP-Journal for monitoring these read accesses. So if, for example, someone does access my particular salary, it will be more constrictive. Fewer people can access it, but if they do view it, we can issue the alert. So application security is also brought up as a requirement more and more, and of course we're making a big push out of it and marketing in that direction—spreading the buzz. And companies are responding positively, saying that their auditors would like this solution.

I mentioned that the realtime alerts that we generate in all our products, in Firewall, Audit, Authority on Demand, or AP-Journal, can be a SYSLOG message. So another trend we're noticing is the increasing implementation of system event management (SEM) systems by multi-platform shops. It's basically a central console that accepts event notices from different nodes in the enterprise, which can be any appropriate hardware, for example IBM i, z, or whatever. Or it could be a Wintel or Unix box. With our support for SYSLOG, the Power i is now much better integrated into overall site management.

I think I've covered all the major trends we're seeing and how we've addressed them. Looking to the future, we're doing a lot of development and integration work right now with some financial application companies using mostly AP-Journal, and we will soon be announcing a related OEM agreement we've signed. You'll hear more about that in January.

Also on tap during the upcoming half year or so are graphical and statistical analysis features in AP-Journal, including identifying field-level trends and activity, and the extension of Compliance Evaluator to other platforms, including Windows, Linux, and others. We will be expanding marketing efforts as well and signing up more distributors and looking to establish more OEM agreements.

The bottom line is, we're looking forward to a very successful 2010!

Here are links to some of the other System iNetwork coverage on Raz-Lee Security:

• Security Pulse Point: A Quick Chat with Security Vendor Raz-Lee
• Raz-Lee Solution Protects Your Business from Deliberate and Inadvertent Risk
• Raz-Lee Offers (H)iSecurity
• Raz-Lee Enhances IBM i Security Solution's GUI
• Raz-Lee Security Releases New Modules for Security Tool Suite

—Linda Harty, executive editor & availability/security/networking/connectivity editor

Posted by lharty at December 17, 2009 8:14 AM