Banks, for example, are adamant about not going on record with vendors and possibly divulging information that could threaten their network security. But this tight-lipped practice isn’t surprising or limited to the financial sector. Most businesses generally avoid endorsing individual vendor products because they use multiple vendor technologies and would then be barraged with additional requests for endorsements and testimonials. Which isn’t exactly a core business imperative.

The solution is to capture the success of the vendor in aggregate terms, such as the number and quality of customers the company has managed to attract, and the depth of the technology relationship with Novell. This Novell DeveloperNet® Case Study focuses on the outstanding business and technology accomplishments of Blue Lance, Inc., a longtime Novell NetWare development partner.

In partnership with Novell, Blue Lance developed the first secure, server-based audit trail technology. In 1996, the company was the first to develop consolidated reporting from multiple servers. In 1999, Blue Lance signed a strategic licensing agreement with Novell Consulting that enabled Novell consultants to provide greater network monitoring and asset protection capabilities to their clients through the use of Blue Lance’s LT Auditor+ software. The agreement established LT Auditor+ as Novell Consulting’s preferred tool for monitoring and managing Novell eDirectory/NDS activity and other network events.

Recent statistics regarding enterprise network security breaches may not surprise you. But they do indicate a growing need for server-based auditing solutions that enable enterprises to respond quickly to any kind of threat, anywhere on the heterogeneous enterprise network:

• 90% of computer-aided theft is attributable to individuals with at least some authorized access to the affected systems
• Less than 33% of organizations monitor file and directory activity, where corporate assets are stored, managed and manipulated
• 32% of corporations don’t know if they have been a victim of unauthorized access or misuse
• $200 billion in losses attributed to employees (Year 2000)

Many executives feel protected by firewalls and other intrusion detection systems. But what happens when they fail and an intruder successfully penetrates the network? Once a hacker has authenticated to your network, he is considered an “insider” by the system. The only way to know where the intruder goes and what the intruder does is to monitor his activity.

Many organizations view their primary security risk as coming from the Internet. But the other danger companies frequently overlook is within the enterprise itself. Employees, contractors and partners or clients with password access all pose potential threats. What about a disgruntled former employee who still has access to the network? Or an intern who accidentally overwrites your corporate directory trying to prove that he knows what programming software is all about? What about naïve employees who inadvertently provide sensitive network information to “official-sounding” voices on the phone?

As a network administrator, you can’t prevent every threat to your enterprise’s security. But, you can be ready to react. Attacks happen. Breaches occur. Assets are compromised. When they happen, the key to a good defense is having the base for a solid response. The only way to do that is to have a powerful tool protecting you from the inside out.

Knowing and managing exactly who is doing what, when, and where on the enterprise network is critical. A smooth-running infrastructure with minimal downtime and low operating overhead depends on it. With its excellent security model powered by Novell eDirectory, the NetWare 6 platform is a great foundation for building a secure network. But just having the best directory-enabled servers isn’t enough. Administrators must learn about, plan for, and use the tools that Novell and its development partners provide to make their unique implementations secure.

Network security isn’t enterprise-wide until there’s no place in an organization’s IT infrastructure for an Internet intruder or a hacker on the inside to hide their tracks. With LT Auditor+, you can know exactly who is doing what, when and where on your network.

Even the strongest operating system security features are ineffectual without a corporate-wide commitment to develop, implement and adhere to established security policies. Blue Lance customers are medium and large enterprises that have done the planning, design, and extensive preparation required to leverage a comprehensive, network-wide security auditing solution.

Blue Lance customers aren’t saying much about the LT Auditor+ product for obvious reasons. But there’s no secret to a successful deployment of LT Auditor+. It all starts with planning well before the product is deployed. To ensure successful implementation of LT Auditor+, Blue Lance provides staff on-site in three phases to conduct training, provide hands-on installation and configuration assistance, and followed by a review and analysis for the customer’s Security and LAN administrators.

After training, customers are responsible for developing and defining security policies and information needs in order to implement LT Auditor+. The "Implementation Plan" will be reviewed by Blue Lance, after which installation and configuration will be scheduled. During this period, Blue Lance assists customer personnel in installing, configuring and implementing LT Auditor+ based on the Implementation Plan.

After implementation, personnel will continue to work with and deploy LT Auditor+ across the enterprise and run regularly scheduled audit reports per the Implementation Plan. Blue Lance conducts on-site reviews and analyses of the LT Auditor+ implementations and assists customers in fine tuning the processes and reports produced by LT Auditor+ in order to best meet the needs of each customer.

Before, during and after the deployment of LT Auditor+, Blue Lance also provides telephone support on a priority basis to assist in any matter related to the installation, configuration and operation of LT Auditor+.

“Our customers buy for the technology, and stay for our service, says Peter Thomas, CTO for Blue Lance. “Our consulting engineers are on call 24 x 7, and regularly travel to our customers for custom installations, consulting, training and support. We also consult with clients on products, so as their needs change, our software grows with them.”

Why Novell Customers Are Buying LT Auditor+
“Customers choose LT Auditor+ for several reasons, but there’s a common theme,” observes Tommy Cathey, Strategic Relationship Manager for Blue Lance. “Companies with significant IT assets are discovering that when their people are aware their network activities are being monitored, internal network security incidents often decrease significantly. With LT Auditor+, you can identify groups of people in your organization who frequently handle sensitive files, deploy security policies to monitor those assets, and be alerted to any password or policy changes that could indicate a security threat.”

An audit trail is only valuable to an organization if it can be accessed quickly enough to respond to any circumstance or need. Administrators may need immediate answers in a disaster recovery situation or key application outage, or intricate details for a long-term investigation. And then the report must by readable and easy to interpret. With LT Auditor+ v8.0, security administrators have that knowledge at their fingertips, available in real-time whenever it is needed. Other security systems protect from the outside, leaving the network vulnerable from insider threats and successful intruders. With LT Auditor+, valuable assets are under constant surveillance, protected from the inside out.

Unlike other software that offers a “snapshot” of the network at set intervals, LT Auditor+ provides real-time monitoring and alerting on all events taking place on your network, so there are no blind spots in your surveillance activities. Audit logins/logouts, file application activity, directory services and server access across the enterprise - all from a single management console. The moment an event occurs, your security administrator will be immediately alerted. Even LT Auditor+ configuration and policy activities can be monitored; not even the security administrator is exempt from oversight.

Along with its rapid response capabilities, LT Auditor+ features powerful data filtering, and fast and easy forensics using the LT Auditor+ Report Generator. LT Auditor+ Report Generator is a component of LT Auditor+ v8.0 and it can also work in mixed Windows/NetWare environments using LT Auditor+ cross-platform consolidation technology.

LT Auditor+ v8.0 for NetWare assists in compliance with FDIC, OCC, GLB and HIPAA privacy regulations. It helps secure customer networks with features and benefits such as:

• Single Management Console with policy and filter exporting capabilities
• Enterprise-wide data consolidation into secure database for airtight audit trail and real-time monitoring of remote events
• Monitors all eDirectory/NDS changes, including trustee assignments
• Enhanced filtering capability for pinpointing specific areas of interest
• Real-time alerts using SNMP for e-mail, pager and network broadcasts
• Understandable, easy-to-read reports that can be scheduled to run automatically

“Many of our employees access business-critical information using over 30 applications every day. This means that they are required to login using a different password each time they access a different system,” said Caroline Dalton, program manager, BT. “With SecureLogin and eDirectory, Novell has provided us with a cost-effective solution that will allow single password access to network information across multi-platforms without comprising the authentication and authorization controls that the existing multiple passwords' policy offered.”

With some 360 servers in its internal network, ensuring anywhere, anytime access to file and print resources is no easy task. The cross-platform capabilities of NetWare 6 will bring BT's existing disparate network resources together as one Net and will enable them to seamlessly function as a unified system. NetWare 6 will also bring new benefits such as pure Internet-based file and print and anywhere, anytime access to documents from a Web browser to address the shift towards remote and mobile working.

With LT Auditor+ 8 running across BT’s NetWare 6 servers, BT security administrators will enjoy accurate, up-to-date information about who is accessing resources across the network.

Novell and Blue Lance enjoy a close development relationship that works for both companies. LT Auditor+ 8.0 is YES, Tested and Approved. “This certification for LT Auditor+ Version 8.0 is another step in our long-standing relationship with Novell,” notes Umesh Verma, president and CEO of Blue Lance. “We are strong believers in high quality testing procedures and performance demands, especially in the security realm.”

“As one recent example of the support Novell provides Blue Lance,” continues Tommy Cathey, “if Blue Lance had not been an Executive-level (now known as Advantage-level) member with easy access to Novell development support engineers who were already familiar with our product, we might have recently lost a large customer in Canada. Thanks to a quick response by the DeveloperNet team we fixed a small problem that could have been a deal breaker.”

“We had an instance with our software running on NetWare 6 in which an API callback wasn’t working. When the LT Auditor+ application launched, NetWare needed an answer to the question being asked by an NLM (NetWare Loadable Module): ‘Is LT Auditor+ multithread safe?’ LT Auditor+ didn’t recognize this question. After discussing this with the developers at Novell, we quickly corrected the problem. Our investment in DeveloperNet membership paid for itself with this one incident. Also the beta programs, access to key developers and knowledge base helps us develop our product around Novell's industry-leading networking products and solutions.”

*All other third-party trademarks are the property of their respective owners.