security & compliance for today & beyond · security & compliance for ... compliance,...
TRANSCRIPT
iSecurity Overview:
Security & Compliance
for
Today & Beyond
Shmuel Zailer, CEO/CTO
• Internationally renowned IBM i solutions provider
• Founded in 1983, 100% focused on IBM i
• Corporate offices in: US, Italy, Germany, Israel
• Installed in over 35 countries, more than 12,000 licenses
• IBM Business Partner, Integration Partner with Tivoli and Q1Labs
• Partnerships with other major global security providers:
• Official partnership with RSA enVision, GFI SIEM, HP OpenView
• OEM by Imperva SecureSphere
• Proven integration with ArcSight, CA UniCenter, Splunk, Juniper…
• Worldwide distribution network
About Raz-Lee Security
Raz-Lee’s Mission To provide the best and most comprehensive IBM i
compliance, auditing and security solutions
• Infrastructure Security: network access, QAUDJRN monitor and report, user profile management and object authorities, automatic tracking of software changes, native object security, anti virus protection, all the above with multi-LPAR management capabilities
• Application Security: DB activity (journal) auditing, Cross-Application business item reporting with real-time alerting, Business Intelligence over transaction data, screen recording…
• System tools: File editor, RPG/COBOL and interactive access to MS SQL, Oracle, MySQL, Excel,…
Raz-Lee Security – Mission & Product Lines
Raz-Lee’s Global Distribution Network
Selected iSecurity Customers
Some Banking Customers KUNDINKASSO FORENINGSSPARBANKE
RISONA BANK
BURAJIRU BANK
SVENSKA HANDELSBANKEN-LUXEMB.
MIZUHO CORPORATE BANK
MIZUHO BANK
ROYAL BANK OF SCOTLAND
NUEVO BANCO DE SANTA FE
KINKI OSAKA BANK
BANK OF CHINA
VENTURE BANK
BANCO DI SARDEGNA
FIRST GLOBAL BANK
KANSAI URBAN BANK
HSH-NORDBANK
Some 2011 Customers TAIKO HEALTH
INFO AG
SOUTHERN WINE & SPIRITS
BALLY TOTAL FITNESS
WYOMING MACHINERY
WILLIAM ADAMS
BUTLER MACHINERY
CATS
ECOMMERCE
FOLEY EQUIPMENT COMPANY
CAPITAL
AVESCO
SANDS BETHLEHEM CASINO
PANASONIC EXCEL STAFF
SANYO ELECTRIC LOGISTICS
• CHS (Community Health Systems, US) appx. 150 LPARs, replaced Powertech
• Royal Bank of Scotland purchased iSecurity after POCs of nearly ALL competitors!
• Venetian Casinos (multi-national) purchased iSecurity following extensive compliance POC.
• Euronet Worldwide banking clearinghouse in Europe & Asia, replaced competitor with iSecurity.
• Svenska Handelsbanken, one of the largest banks in Scandinavia, used competitor for several years; replaced it with iSecurity.
• Unicredit (IT Austria), SkyTV, IKO Industries, JPMorgan Chase, Boyd Gaming, Bank of China, MasterCard, Avis
iSecurity: Selected Customers
• Full GUI and green screen - short learning curve, ease of use
• Visualizer Business Intelligence analysis
• Hundreds of built-in, customizable reports. Report/Query Generator and Scheduler produces print, screen, HTML, PDF, CSV e-mailed reports.
• Wizards, Real Time/Periodical, Alerts. All done on IBM i
• Sends SYSLOG, SNMP, Twitter, e-mail, messages
• Cross-enterprise reporting, definitions, logs
• Exceptional performance on all sizes of systems
• Unique products: Capture, Change/PTF Tracker, DB-Gate, Anti-Virus
• The most comprehensive IBM i security suite, with on-going product development
iSecurity - Characteristics
Reports for Large Systems
• Report/Query Generator HTML, PDF, CSV, EXCEL reports by E-mail (in addition to output via Screen, Print, GUI an OUTFILE)
• Each field includes field description, values and their description, allows selection of possible values
• Filter by EQ, NE, GT… LIST, LIKE, START, ITEM (in an external table) with And/Or conditions
• In AP-Journal also DIFGT, DIFLT… DIF%GT, DIF%LT… (difference between After and Before values in numbers and percentage)
• Report includes Explanation to auditor, Systems included in the report, Statistics…
• Can be observed by Visualizer for analysis
• Fully featured Report Scheduler
Consolidated report correlating information from all
LPARs, up to last minute
Note last 5 minutes and system parameters
Integrated Business Intelligence
Intuitive Multi-
Level Filtering
Use Summary
Data for On-
Line inspection
Drill down to
LOG events
Multi-System Support in iSecurity
• Replication:
• User Profiles & Passwords
• System Values
• Product definitions/rules
• Reporting: reports on all LPARs from any single LPAR in real time
• Compliance: compare compliance scores of systems
• Real Time reaction to security breaches: sends SYSLOG, SNMP, Twitter, e-mail, messages, … with edited messages or Fields
iSecurity Products Overview
Evaluation
Compliance Evaluator for SOX, PCI, HIPAA…
Visualizer- BI for security
Syslog, SNMP for SIEM
Auditing • Audit QAUDJRN, Status… • Real-time Actions, CL scripts • Capture screen activity • Central Admin of multiple
LPARS & systems • User Profile Replication • Change/PTF Tracker
Protection • Firewall FTP, ODBC,… access
• Obtain Authority on Demand
• Monitor CL Commands
• Native Object Security
• Anti-Virus protection
Databases • DB-Gate: SQL to non-DB2 DBs (Oracle, MS SQL,…)
• AP-Journal for DB audit, filter, archive, real-time alerts
• View/hide sensitive data
• FileScope secured file editor
Security Assessment FREE!
PCI, HIPAA, SOX… Security Breach Management Decision
Compliance Report with Score for 2 Systems
Detailed
Summary
Major iSecurity Products:
Firewall, Audit, AP-Journal
Firewall - Provides total protection of ALL company’s critical files, libraries, etc.
from network intrusions, viruses, and unauthorized usage.
Audit – Enables easy auditing of ALL company’s critical files, users, jobs,
objects, etc. Includes more than 200 built-in, customizable reports which can be
scheduled to run at pre-set dates and times.
AP-Journal – Powerful, unique application security:
• includes real-time threshold-activated alerts per application fields
• changes to business-critical data are highlighted
• displays both “before” and “after” data images
• generates cross-application timeline reports of all data changes/updates
• also monitors and reports on READ access to fields
AP-Journal Examples (for banking/financial)
• Provide the customer with a timeline report showing MORTGAGE history of
the last 5 years. Include only important info.
• Send e-mail, SMS, SNMP, SYSLOG, Twitter when the INTEREST_RATE
changes by more than 0.2%.
• Who modified PAYMENTS between 20:00 and 06:00 or during corporate
summer vacation?
• When did the tariff for overseas transactions change?
• Which users, who are not Managers, viewed the confidential
PAYMENT_TERMS table since the last business day?
• What changes to the bank’s production libraries were made via non
application-specific (SOX mandated) utilities such as IBM DFU?
Alert After
AP-Journal Technical Overview
Receivers
Screen Print-out
Long-time storage for critical data
Email & HTML
Alert Before
DB1 DB2 DB3
Reporting System
Reporting System
Processing of Receivers in Real time
(or at night)
C D
E F
G G
Journal DB-Reads
B A
Containers
Business Items
AP-Journal - Unique Application Security
• React in Real-Time • Message, e-Mail, SMS, Syslog, Twitter, CL Script • For irregular activity or as Application Extension (SMS the customer when
order is ready)
• Interconnect applications (no programming), time based: • Order history (items, payments, claims, ….) • Mortgage history (loaners, guarantors, real-estates, payments)
• Special support for Misys, JDE…
• Bi-lateral data conversion capabilities between external and internal data • All outputs and inputs are in standard “human” format, all internal
representations are according to system logic • Converts internal date representation to external “human” format • Support add/omit decimal point based on actual currency
• Controls READ access (PCI requirement)
• Who read the Credit Card number (xxxx-xxxx-xxxx-xxxx) • Which credit cards were displayed on a certain user’s screen
iSecurity Audit: Information Sources
OS/400
Objects
•Users
•Authorities
•Objects
•Scheduled
Jobs
•Etc.
Report Generator & Visualizer:
Screen, GUI, PDF, HTML (by email)
Filtered Data
Receivers
`
I5/OS
QAUDJRN Current Activity
•Active Jobs
•System Status
•Sharepools
Message
Queues
•QSYSOFR
•Any other
Message
Queue
SIEM Support:
Syslog, SNMP
Log
Alert via Action
Issue Real-Time Alerts via iSecurity Action
QAUDJRN
(Audit)
Network
Security
(Firewall)
Critical OS
messages
(QSYSOPR/
QSYSMSG)
Database
Journals
(AP Journal)
Authority changes
(Authority on
Demand)
Real-Time Alert handling in iSecurity
Execute CL
Scripts
Send e-mail Write to MSGQ Write to
SYSLOG
Send SMS,
SNMP,
Twitter, etc.
GUI enables simultaneously managing same subject
on several LPARs
Note comparison of User Profiles on 2 systems
Over the web single console (e.g. Twitter)
Note Alert Message
options and message as
received in Twitter
Visit us at
www.razlee.com
Thank You!
• Standard SQL access to MS SQL, Oracle, MySQL, Excel, CSV and other data sources
• Standard SQL statements, no APIs
• Native SQL integration with RPG, Cobol, C - /EXEC SQL
• Works interactively from Start SQL (STRSQL)
• Integrates with IBM Host Server Authentication
• No need for *SQLPKG even when accessing another IBM i
DB-Gate: Runs SQL 6 times faster for
non-i database access (on RL’s test system)
Oracle
MS SQL
MySQL
SQLite
PostgreSQL
SYBASE
Excel, CSV
and more…
IBM i DataBases
> SELECT * FROM PROD.CUST
> CREATE VIEW CORPDATA.MANAGERS AS
SELECT LASTNAME, DEPT FROM CORP.EM
WHERE JOB = 'MANAGER'
> DELETE FROM PROD.CUST WHERE ID = 78
===> ________________________________
COBOL/RPG/C
*...1....+....2....+....3...
C/EXEC SQL
C+ DECLARE C1 CURSOR FOR
C+ SELECT * FROM CORPDATA.DEPT
C+ WHERE JOB = 'MANAGER'
C/END-EXEC
Enter SQL Statements (STRSQL)
• Tracks all software changes with NO human intervention- total “foolproof”. Your auditors will love it.
• Tracks in real-time, relies on actual updates to production libraries
• Tracks Programs, Modules, Files, etc. object types including source and attributes
• Have a CMS? Change Tracker will record activities made outside the CMS (Change Management System)
• No CMS? Change Tracker satisfies all your auditor’s requirements
• Ideal for medium-small shops, essential for large enterprises
Change Tracker
Change Tracker
• Automatically tracks all PTF activities; apply, remove, current status
• Detailed information relates to the PTF (ID, licensed product, release level), transaction (what, when, by who) and all the objects installed by the PTF (name, type, modules)
• Classifies PTF data into site-specific products such as “Upgrade to TR5”
• Built-in, customizable reports and report generator for on-screen, *PRINT and e-mailed HTML, PDF, CSV output
• Multi-LPAR / Multi-Site reporting
PTF Tracker
PTF Tracker
• Audit trail of all database and application activity including accesses
• Focused on “before/after” changes to critical business items which may span multiple applications (Load Number, Order Number, etc.)
• Extends existing applications with additional application functionality without programming!
• Real-time alerts when data changes by more/less than pre-defined percentage or numeric thresholds
• Timeline history of changes to business items, e.g. all changes to a Mortgage
AP-Journal
AP-Journal