1

Capture 5250AP-Journal

with Business Itemsfor

GdP 2573636 / GdP 1813953*Special-Changes*

2

• Internationally renowned IBM i solutions provider

• Founded in 1983, 100% focused on IBM i

• Corporate offices in: US, Italy, Germany, Israel

• Installed in over 40 countries, more than 12,000 licenses

• IBM Business Partner, Integration Partner with Tivoli and Q1Labs

• Partnerships with other major global security providers:• Official partnerships with McAfee, RSA enVision, GFI SIEM, HP• OEM by Imperva SecureSphere• Proven integration with ArcSight, CA UniCenter, Splunk, Juniper…

• Worldwide distribution network

About Raz-Lee Security

3

Selected iSecurity Customers

Some Banking CustomersKUNDINKASSO FORENINGSSPARBANKERISONA BANKBURAJIRU BANKSVENSKA HANDELSBANKEN-LUXEMB.MIZUHO CORPORATE BANKMIZUHO BANKROYAL BANK OF SCOTLAND NUEVO BANCO DE SANTA FEKINKI OSAKA BANKBANK OF CHINAVENTURE BANKBANCO DI SARDEGNAFIRST GLOBAL BANKKANSAI URBAN BANKHSH-NORDBANK

Some 2013 CustomersTAIKO HEALTHINFO AGSOUTHERN WINE & SPIRITSBALLY TOTAL FITNESSWYOMING MACHINERYWILLIAM ADAMSBUTLER MACHINERYCATSECOMMERCEFOLEY EQUIPMENT COMPANYCAPITALAVESCOSANDS BETHLEHEM CASINOPANASONIC EXCEL STAFFSANYO ELECTRIC LOGISTICS

4

iSecurity Products Overview

EvaluationEvaluation

Compliance Evaluator for SOX, PCI, HIPAA…

Visualizer- BI forsecurity

Syslog, SNMP for SIEM

AuditingAuditing • Audit QAUDJRN, Status…• Real-time Actions, CL scripts• Capture screen activity • Central Admin of multiple

LPARS & systems• User Profile Replication• Change/PTF Tracker

ProtectionProtection • Firewall FTP, ODBC,… access• Obtain Authority on

Demand• Monitor CL Commands • Native Object Security• Anti-Virus protection

DatabasesDatabases • DB-Gate: SQL to non-DB2 DBs (Oracle, MS SQL,…)

• AP-Journal for DB audit, filter, archive, real-time alerts

• View/hide sensitive data • FileScope secured file editor

SecurityAssessmentFREE!

PCI, HIPAA, SOX…

Security Breach

Management Decision

5

• Full GUI and green screen - short learning curve, ease of use

• Visualizer Business Intelligence analysis

• Hundreds of built-in, customizable reports. Report/Query Generator and Scheduler produces print, screen, HTML, PDF, CSV e-mailed reports.

• Wizards, Real Time/Periodical, Alerts. All done on IBM i

• Sends SYSLOG, SNMP, Twitter, e-mail, messages

• Cross-enterprise reporting, definitions, logs

• Exceptional performance on all sizes of systems

• Unique products: Capture, Change/PTF Tracker, DB-Gate, Anti-Virus

• The most comprehensive IBM i security suite, with on-going product development

iSecurity - Characteristics

6

• In particolare, i file di log devono tracciare per ogni operazione di accesso ai dati bancari effettuata da un incaricato, almeno le seguenti informazioni:

• il codice identificativo del soggetto incaricato che ha posto in essere l'operazione di accesso;

•         la data e l'ora di esecuzione;•         il codice della postazione di lavoro utilizzata;• il codice del cliente interessato dall'operazione di accesso ai dati

bancari da parte dell'incaricato;• la tipologia di rapporto contrattuale del cliente a cui si riferisce

l'operazione effettuata (es. numero del conto corrente, fido/mutuo, deposito titoli).

New Italian regulation

7

• These solutions include detailed logging , in a special log information related to banking operations performed on the data bank , when consisting of or derived from the use of interactive systems operated by the employee , provided that it is not consultation of data in aggregate form, not attributable to the individual customer.

• In particular, the log files for each operation must trace of access to bank data carried by an agent, at least the following information:

• the identification code of the person in charge who has set up the access operation

• the date and time of execution;• the code of the workstation used ;• the code of the client involved in the transaction data access to

bank dell'incaricato ;• the type of contractual relationship of the client to which it relates

performed the operation (eg account numbers , credit / mortgage , deposit account ) .

New Italian regulation

8

•Screens: Capture with Business Item•DB files: AP-Journal with Business Item

• The Concept of both solutions is that Business Items are automatically extracted accuracy without any massive ongoing effort

• Business items examples are: Customer, Account, Item, Order, Insurance policy, Loan

iSecurity Unique Answers

9

• Runs on the IBM i

• Captures screen activity of Terminal & Terminal emulation

• Captures 24x80 and 27x132 screens

• Requires no user intervention

• Near zero performance impact

• 3-5KB per screen -> 3-5MB per user per day

Capture 5250

10

• CCTV cameras surround us in the street, lobby, and corridor

• Capture is a camera in the most important location - the computer!

• Capture records 5250 activity which is not “personal activity”

• Optional user awareness message at start of session (recommended)

Capture – The user’s / Employer’s point of view

Work-related activities are normally of higher quality when performed with the knowledge that all screen images are being recorded

The security aspect

Easy to explain and use as evidence

Legally accepted – data cannot be altered (WORM files)

11

• Capture All or Selective

• Selection of who to capture can be made according to:• Terminal name• User• IP• Subsystem

• Special command to force a start of Capture (e.g. when another iSecurity module identifies suspicious activity)

Capture

12

• Captured screen data contains for each screen:• Job, User, IP, Time • Display File name and library, Record format• Program name and library, Statement Id• High-level function (Menu, Command, Program…)• Context (QA/Production, which bank in the organization)• Screen data• Business Item name and data extracted from the screen (multiple)

• Data is kept in a convenient manner – one record per screen

• With its playback capabilities – Capture is:• Perfect solution for new regulation• Security which is understood able• Method to increase quality of work• indisputable problem analysis tool

Capture with Business Items – 100% Automatic

13

• Screen - with textual search in a single screen session or across multiple sessions

• Print

• HTML and Email

• User specified retention period (in days)

• Automatic backup mechanism

• Backup can be loaded and used while the system is working

Capture Playback Capabilities

14

• Captured screen data is accompanied by:• Display File name and library, Record format• Last program name and library, Statement Id• Last high-level function (Menu, Command, Program…) and name

• Information has different meaning in different context – production or test, and if production which company

• The context name will be automatically identified based on the Library List

Business Items Context Identification

15

• Each Business Item is defined by:• Name, attributes, description• “Clues” that help find it among DSPF fields (e.g. text included in the field

name or in the text, reference field…)

• Using these attributes all relevant occurrences of Business Item in DSPFs are displayed, and user can select from them

• A selected DSPF field includes• Display file & record format where it appears• Its location is by Position (row & column & Number of rows) • Last source change date of the display file

Business Items Identification

16

• Business items extraction can occur in delayed mode

• Before the process, Display file “Source change date” is checked to verify that the file has not changed

• Once a display file is processed for extraction, it is marked so

• Extraction builds a file of :• Business Item name• Value • Job Id• Frame Id

• A command can display the frames where a Business Item was used

Business Items Extraction

Major iSecurity Products: Firewall, Audit, AP-Journal

Firewall - Provides total protection of ALL company’s critical files, libraries, etc. from network intrusions, viruses, and unauthorized usage.

Audit – Enables easy auditing of ALL company’s critical files, users, jobs, objects, etc. Includes more than 200 built-in, customizable reports which can be scheduled to run at pre-set dates and times.

AP-Journal – Powerful, unique application security:• includes real-time threshold-activated alerts per application fields• changes to business-critical data are highlighted• displays both “before” and “after” data images• generates cross-application timeline reports of all data changes/updates• also monitors and reports on READ access to fields

Italian Law for Protecting Personal Data

• These rules require banks to establish systems for monitoring business risks and to verify the reliability and safety of the information systems, and to establish indicators of any anomalies (i.e. alerts) in order to assist subsequent audits.

• It is considered appropriate to require certain measures in order to:implement alerts to detect intrusions or unusual access to the bank’s data.

• The bank must activate specific alerts that identify abnormal behavior or risk related to operations carried out by the processor.

 • The tools used by the banks to monitor access to databases should produce log

files for all the applications accessed.

19

• Audit trail of all database and application activity including accesses for Read

• Focused on “before/after” changes to critical business items which may span multiple applications (Load Number, Order Number, etc.)

• Extends existing applications with additional application functionality without programming!

• Real-time alerts when data changes by more/less than pre-defined percentage or numeric thresholds

• Timeline history of changes to business items, e.g. all changes to a Mortgage

AP-Journal

AP-Journal Examples (for banking/financial)

• Provide the customer with a timeline report showing MORTGAGE history of the last 5 years. Include only important info.

• Send e-mail, SMS, SNMP, SYSLOG, Twitter alerts when the INTEREST_RATE changes by more than 0.2%.

• Who modified PAYMENTS between 20:00 and 06:00 or during corporate summer vacation?

• When did the tariff for overseas transactions change?

• Which users, who are not Managers, viewed the confidential PAYMENT_TERMS table since the last business day?

• What changes to the bank’s production libraries were made via nonapplication-specific (SOX mandated) utilities such as IBM DFU?

Alert After

AP-Journal Technical Overview

Receivers

Screen Print-out

Long-time storage for critical data

Email & HTML

Alert Before

DB1 DB2 DB3

ReportingSystem

ReportingSystem

Processing ofReceivers in

Real time(or at night)

C D

E F

GG

JournalDB-Reads

BA

Containers

Business Items

22

AP-Journal - Unique Application Security

• React in Real-Time• Message, e-Mail, SMS, Syslog, Twitter, CL Script• For irregular activity or as Application Extension (SMS the customer when order is

ready)

• Interconnect applications (no programming), time based:• Order history (items, payments, claims, ….)• Mortgage history (loaners, guarantors, real-estates, payments)

• Special support for Misys, JDE…• Bi-lateral data conversion capabilities between external and internal data• All outputs and inputs are in standard “human” format, all internal representations are according to system logic• Converts internal date representation to external “human” format• Support add/omit decimal point based on actual currency

• Controls READ access (PCI requirement)• Who read the Credit Card number (xxxx-xxxx-xxxx-xxxx)• Which credit cards were displayed on a certain user’s screen

23

Display Database Update

24

AP-Journal GUI: iSecurity navigation tree & Detailed Update transaction

25

AP-Journal

Update and Write operation details with Current and Before Values displayed

HTML Report

27

Integrated Business Intelligence

Intuitive Multi-Level Filtering

Use Summary Data for On-Line inspection

Drill down to LOG events

28

Visit us at www.razlee.com

marketing@razlee.com

Thank You !