Novell Sentinel Log Manager

Automated Compliance and Security Management

Norbert Klasen
Senior Consultant

Schedule - Day 1

09:00 Introduction 09:30 Why Log Manager? 10:30 Break 10:45 Installation 11:15 Queries 12:00 Lunch 13:00 Event Source Management 14:00 Break 16:00 Wrap-Up

Novell, Inc. All rights reserved.

Schedule - Day 2

09:00 Data Management 10:30 Break 10:45 Actions and Rules 12:00 Lunch 13:00 Reporting 15:00 Integration with Sentinel 15:45 Q&A

Novell, Inc. All rights reserved.

Market Overview and Solution Architecture

Security Is a Major Concern

Security breaches on the rise, more costly, more visible

According to ITRC report, 303 breaches reported in 2009 as of 7/21/09 with over 12 million personal records exposed Almost no organization spared
> > > >

NYPD 80,000 records exposed FAA 45,000 UC Berkeley 160,000 Aetna 65,000

Regulation has been stepped up in response to these risks Today's tools are not up to the challenge of tomorrow's hackers

Novell, Inc. All rights reserved.

Costs of Compliance on the Rise

More frequent and cumbersome audits

More data needed Deeper and deeper into the org

More personnel are needed to analyze data Log files need to be stored and retained for significant periods of timeincreasing storage costs

Amount of log files constantly increasing

Novell, Inc. All rights reserved.

Where Does Log Management Fit?

Log management is a key element of many regulations

PCI-DSS requirement 10 HIPPA SOX Section 404 FERC

Log management also provides a holistic view of all IT systems

Helps ensure the network is hardened Administrators can spot weakness before it is exploited A starting point for a complete security strategy

Novell, Inc. All rights reserved.

Log Management Challenges

Log Management Shortcomings

Why does everyone groan when log management is mentioned? Vendors are not focused on reducing the cost of compliance

Vendors sell proprietary storage systems Require customers to buy expensive appliances Store data in proprietary formats

Novell, Inc. All rights reserved.

Log Management Issues Storage

Some log management vendors use proprietary storage systems. This causes problems including:

Dependence on vendor tools for reporting and search No way to analyze archived data without bringing it back into the vendor's device Difficult to prove that the data is unmodified

Some products have no mechanism for forwarding events in real-time, making it a data black hole

Your Data Here

1 0

Novell, Inc. All rights reserved.

Reporting Still Problematic

According to this years survey, reporting is still a challenge for organizations. The survey broke reporting into a number of different functions. Of those, Using log data to enhance other operations/cost reduction, was considered most difficult by 23 percent of survey respondents and difficult by an additional 35 percent. Other related items, including searching data and creating reports also ranked relatively high on the difficulty question.
-SANS Log Management Survey 2009

1 1

Novell, Inc. All rights reserved.

The Report Arms Race

Log Management vendors stockpile huge numbers of stock reports and label them as appropriate to a specific regulation, system or use case The vendor with the most reports wins? What does it actually take to create a compliance report?

Define the relevant events Format the data Customize the report for the specific needs of the organization with filters, etc.

1 2

Novell, Inc. All rights reserved.

Reporting and Search

What do these terms mean in the context of Log Management? Report:
A subset of the stored log data, defined and formatted according to a predefined set of criteria

Search:
A subset of the stored log data, defined and formatted according to an ad-hoc set of criteria

1 3

Novell, Inc. All rights reserved.

Typical Reporting / Search Architecture

Log Management Server
4. Report function uses the parsed data stored in an internal database
Reporting DB

Parsing Appliances / Agents

Parsed Data

2. A separate appliance / agent parses supported events for reporting

Raw Data

Log Archive

1. Raw data sent to the appliance is indexed and stored

Indexed raw files

5. Reports and searches can't be run against archives until data is reloaded into Log Management

3. Search function uses the indexed flat file data store

1 4

Novell, Inc. All rights reserved.

Novell Architecture

1 5

Novell, Inc. All rights reserved.

Log Management Issues Retention

Some log management tools collect all data

Why do they do this?

Vendors

Want to sell you more storage capacity Aren't intelligent enough to know which data to filter

Intelligent filtering can reduce the amount of storage used by the log management system They treat all data equally from a data retention standpoint

Archived or deleted based solely on age, not value or retention policy

1 6

Novell, Inc. All rights reserved.

Log Management + SIEM

Vendors love to tout their real-time capabilities Mediocre log management + mediocre SIEM does not equal great software Novell started with SIEM (Novell Sentinel )

Built a log management product that drew on its strengths Not trying to shoehorn SIEM on top of log management We perform exceptionally well with both use cases

Once you have log management + SIEMthen what?

How do you get actionable data?

1 7

Novell, Inc. All rights reserved.

Identity-Aware Security

Best way to extract high value from data is to tie events to identities Gartner weighs in:

Organizations should implement user activity monitoring as part of a strategy to manage external and internal threats and for regulatory compliance. Organizations that wish to employ SIEM technology for user activity monitoring must evaluate the level of integration that is provided by the SIEM vendor for the specific event sources in the environment, but should plan for extensive customization in order to implement monitoring for user activity and the application layer.
Novell, Inc. All rights reserved.

1 8

Building Identity-enabled Security

Identity-aware Security and Compliance Monitoring Role-based Provisioning Account Synchronization Password Management Incident Response Real-time Monitoring Log Management

Identity Management
1 9

Security Monitoring

Novell, Inc. All rights reserved.

Qualifying Questions & Product Positioning

Getting into a conversation about log management

Most organizations have something for log management today

Homegrown tool or competitive offering

Start by asking what they are using for log management, and if they are happy with it

We can make a strong business case for Sentinel Log Manager against any competitor If they're using an in-house tool, it's costing them to maintain it, they aren't getting the most out of their logs, and probably wasting money on extra storage as well

If no log management today, ask how they are meeting the requirements of the relevant regulation to their industry

PCI-DSS, HIPPA, SOX all have log retention requirements

2 1

Novell Inc. All rights reserved

Continuing the Conversation

Ask how their last audit went

How long did it take to satisfy their auditor when it came to log files? Was it easy to get all the data together?

Are they storing log data longer then they need to

Might be spending more to store their log files than they need to Could be tired of paying for proprietary storage systems for their logs Can also talk about whether the data is stored in proprietary formats

Are they worried about customer data

Can they quickly and easily prove who has historically had access to it How prepared are they to determine the root cause of a data breach...that happened 6 months ago?

Does their vendor have the capability to integrate log management with identity management?

2 2

Novell Inc. All rights reserved

What to Look For

Want:

Stay away from:

Homegrown log management, Splunk or LogLogic Existing investments in Novell I&S infrastructure Worried about data security Tough regulatory environment Heterogeneous environment

Currently using ArcSight or RSA (we can win against them, but not worth your time when they are the incumbent) Compliance or security is not a priority Conversations about netflow analysis

2 3

Novell Inc. All rights reserved

Sales Advantages

Sentinel Log Manager can win in any sales situation

Best-of-breed point solution for log management Starting point for a larger conversation about SIEM Building block for identity aware security infrastructure Suitable for large or small deals

Late to market, but capitalizing on the mistakes of competitors

This product can win against any competitive product Getting a large share of marketing dollars Dedicated people who are supporting the product

Organizational support behind this product

2 4

Novell Inc. All rights reserved

Resources

There is a lot of help available to help you If you're not sure where to get what you need, contact

Brian Singer (PMM) - bsinger@novell.com Jason Arrington (PM) - jarrington@novell.com Technical Forum - http://forums.novell.com/novell-productsupport-forums/sentinel/ John Haberland - jhaberland@novell.com

If you need help with pricing or licensing

2 5

Novell, Inc. All rights reserved.

Sentinel Log Manager - Pricing

Instance based pricing Designed to allow direct comparison to competitors Three tiers of pricing:

500 EPS: List price $25,00 (new) 2500 EPS: List price $40,000 7500 EPS: List price $80,000

SAP, Mainframe, other high-end devices require a separate license

2 6

Novell Inc. All rights reserved

Log Management vs. SIEM

Log Management is sometimes referred to as Security Information Management or SIM Security Event Management or SEM is focused on real-time monitoring, alerting, incident response
SEM
Event correlation Robust alerts Incident response Dashboards Data enrichment Filtering

Log Management
Data collection Ad-hoc query E-mail alerts Reports Compression Forensics Data integrity Unknown log support Data retention Raw log forwarding

2 7

Novell, Inc. All rights reserved.

How does SLM relate to Sentinel?

With the release of Sentinel RD and Sentinel Log Manager we now have a full line of SIEM products:

Novell Identity Audit Log Management for Novell products Sentinel Log Manager event collection, storage, and reporting for all log sources Sentinel Rapid Deployment single box Sentinel for smaller organizations or regional deployment, with no external software required Multi-Platform Sentinel Enterprise class, multi-platform

Goal is to provide a progression for our customers solve the immediate tactical problem, then upsell to the eventual solution

2 8

Novell Inc. All rights reserved

Product Positioning Log Manager

Event collection & storage for all log sources

Lot of Ad-hoc querying and Reporting for all log sources No real-time event correlation and workflow requirements No need for Identity Tracking

2 9

Novell Inc. All rights reserved

Product Positioning Sentinel RD

Real-time event monitoring, correlation, workflow and reporting

Small to medium size organizations Regional deployments Low event rates (no more than 2500-3000 total EPS) Customers do no want to use third party commercial database SLES platform only

3 0

Novell Inc. All rights reserved

Product Positioning Sentinel

Real-time event monitoring, correlation, workflow and reporting

Enterprise Scale rollout High event rates Customer prefers commercial database component (MS-SQL or Oracle) Multi-platform needs

3 1

Novell Inc. All rights reserved

Feature Comparison
Feature or Capability
Platform support - SLES Single-event filters and alerts Reporting and ad-hoc search Data collection: Novell Identity products

Identity Audit / Log Manager / Sentinel

Id. Audit

Log Manager

Sentinel

Platform support: Windows*/RedHat*/Solaris* Report creation and modification Identity-enhanced reports and dashboards Data collection: SUSE Linux and Novell OES

Real-time user activity dashboard High-speed, multi-event correlation Real-time threat dashboard with Advisor Data collection: Industry-wide products Manage Raw Event Storage
3 2

Novell Inc. All rights reserved

Feature Comparison
Feature or Capability
Platform support - SLES Platform support: Windows*/RedHat*/Solaris* Platform support, multiple platform installation Platform support, Oracle or MS SQL Web Launching of Client ad-hoc search Web Client Report Jasper Report Crystal Server Real-time user activity dashboard High-speed, multi-event correlation Real-time threat dashboard with Advisor Remediation Managing Raw Event Storage
3 3

Log Manger/ Sentinel RD / Sentinel

Log Manager Sentinel RD Sentinel

Novell Inc. All rights reserved

SIEM Graduated Maturity Model Novell Entry Points

Sentinel Entry Point Upsell Sentinel-RD Entry Point Upsell Log Manager Entry Point Upsell Identity Audit Entry Point

3 4

Novell Inc. All rights reserved

Competition

Selected Players
ArcSight
>2007 >Both

Market share 18.6%, Revenue 91.3M SEM and Log Management (ArcSight Logger) Market Share 11.0%, Revenue 61.4M Log Management / SEM appliance

RSA
>2007

>Combination

NetForensics
>2007 >Both

Market Share 6.9%, Revenue 34M SEM and Log Management (nFX Log One) Revenue $20M, Log Management only Revenue $19.5M, Released Log Management in 2008 (QRadar

LogLogic
>2007

Q1

Labs

>2007

SLIM)
3 6

Novell Inc. All rights reserved

RSA enVision

Former Network Intelligence current #2 SIEM vendor Products considered combination SIEM / LM Competitive talking points:

Mediocre at both the SIEM and LM use cases Gartner refers to it only as good enough No way to move from single-box to multi-site solution Multi-site solution requires a minimum of 3 appliances per location, so at least 6 for a 2 site installation UI is poorly designed and unresponsive click, then waaaaait Proprietary database makes it impossible to prove that the data is unmodified No option to filter out unwanted data buy more EMC storage

3 7

Novell Inc. All rights reserved

RSA enVision Pricing

Simple pricing they sell boxes NO upgrade path from ES to LS rip and replace Basic LS pricing scheme, with approx. US street prices:

Application Server: $56k Database Server: $56k Local Collector: $56k or $86k Remote Collector: $25k or $46k 60% of production list for standby system 60% of standby list for test system

3 8

Novell Inc. All rights reserved

LogLogic

Historic leader in Log Management space Recently acquired Exaprotect for SEM functionality Competitive talking points:

Flagship product stagnant in recent years Face major challenges integrating acquired technology; new technology was not a market leading SEM product Viability concerns rumors of staff cuts Hardware appliance has lower EPS rates than our solution Database for reporting, flat files for search / retention No Syslog-SSL support

3 9

Novell Inc. All rights reserved

ArcSight

Current leader in overall SIEM / Log Management mkt Publicly traded, pure-play SIEM vendor In-depth Logger product review here:
http://www.sans.org/reading_room/analysts_program/loggerReview_Jan09.pdf

Competitive talking points:

Standalone Log Manager does almost nothing by itself SmartConnector appliance needed to convert raw info into ArcSight's CEF event format for reporting, etc. Reputation for upcharging after the sale separate licenses are needed for Loggers, SmartConnectors, per-CPU charges for ESM Server, per-user charges for ESM console, etc... Similar architecture to LogLogic, with separate DB and flat file data store Clunky search interface hit next after each page of results

4 0

Novell Inc. All rights reserved

Arcsight overview

Recognized leader in SIEM Three main products

Arcsight Event Security Manager (ESM) Software Arcsight Logger Hard Appliance Arcsight Express Standalone SEM / LM Appliance (new)

Reputation for being very expensive, upcharging after the initial sale Introduce their Logger initially, then upsell the rest of their products

4 1

Novell Inc. All rights reserved

SenSage

Historical competitor to LogLogic Now refers to their technology as a Log Data Warehouse HP offers an appliance based on SenSage Competitive Talking Points

Huge Black hole problem once the data goes into SenSage it never comes out Now claim to offer real-time SEM capability but we've never seen it in a deal Viability concerns common to all small independent vendors

4 2

Novell Inc. All rights reserved

Appliances

Most Log Management products are sold pre-loaded on hardware appliances Not specialized hardware a Dell blade with a different faceplate Bundled OS may or may not be hardened - RSA enVision is generic Windows 2003 Server Sentinel Log Manager has three deployment options:

Software SLES11 based installation package Soft Appliance Self-installing ISO with OS + Sentinel Virtual Appliance Pre-configured VMWare ESX Image

4 3

Novell Inc. All rights reserved

High EPS Rates

LogLogic and Arcsight have devices that claim 50-100k EPS on a single device These boxes are NOT Log Management devices all they do is store and archive data Customers need to copy the data from the archive back to a Log Management box for reporting, search Better to leave the data in place and do distributed search Real-world Maximum EPS for a single device:

Arcsight Logger: 5000 EPS LogLogic LX: 4000 EPS RSA enVision ES Series (Standalone): 7500 EPS Novell Sentinel Log Manager: Over 10000 EPS in testing, plan to certify at 7500 EPS

4 4

Novell Inc. All rights reserved

Arcsight Pricing

Originally had a Server / Collector model like Sentinel Currently they typically sell Arcsight Logger appliances Basic pricing scheme, with approx. US street prices:

ESM server, priced per CPU - $24k, or $30k including DB ESM pattern discovery, per CPU - $13k Data collection per source (Rarely) Comparable to Sentinel Arcsight Loggers based on event load, geographic needs, and number of devices (more common) - $60k / each Connector Appliances for parsing raw data into CEF - $18k Additional licenses for HA, web console, content subscription services, content packs, identity integration, etc.

US federal price list: http://var.immixgroup.com/contracts/sewpIV_pricing.cfm? client_id=19&contract=NNG07DA20B

Novell Inc. All rights reserved

4 5

Arcsight Pricing (example)

New York Security Operations Center
4x ESM CPU @ $30624 (with Oracle) 4x Discovery @ $13,398 4x ESM HA @ $15,312 3x @ $60,580 1x E7100s IdentityView @ $66,990 3x @ $18,640 1x Connector PCI Compliance Insight Total: $237,600 package @ $22,330 Total: $326,656

900 Devices 12,000 EPS

3x E7100s @ $60,580 3x Connector @ $18,640 Total: Total: $237,600 $237,600

Rome

Overall: $783,276
1x E7100s @ $60,580 1x Connector @ $18,640 Total: $79,220 2x E7100s @ $60,580 1x Connector @ $18,640 Total: $139,800

Paris

300 Devices 4,000 EPS

4 6

700 Devices 3,000 EPS

Novell Inc. All rights reserved

RSA enVision Pricing (example)

New York Security Operations Center

900 Devices 12,000 EPS1x LS A60 @ $56,245

Rome

1x LS D60x @ $56,245 1x LS L610 @ $86,118 1x LS L605 @ $56,245 1x LS L610SB @ $56,625 1x LS L605SB @ $36,983 Total: $291,836

2x LS A60 @ $56,245 1x LS D60x @ $56,245 1x LS L605 @ $56,245 1x LS L605SB @ $36,983 Total: $261,963

Overall: $1,014,750
1x LS A60 @ $56,245 1x LS D60x @ $56,245 1x LS L605 @ $56,245 1x LS L605SB @ $36,983 Total: $205,718 1x LS A60 @ $56,245 1x LS D60x @ $56,245 1x LS L610 @ $86,118 1x LS L610SB @ $56,625 Total: $255,233

Paris

300 Devices 4,000 EPS

4 7

700 Devices 6,000 EPS

Novell Inc. All rights reserved

Novell Sentinel Pricing (example)

New York Security Operations Center
1x Sentinel RD Base Package @ $65000 2x Server Component @ $30,000 3x @@ $60,580 2XE7100s HA / Lab $17,500 3x @ Pack $18,640 1x Connector PCI Solution @ Total: $237,600 $25,000 Total: $185,000

900 Devices 12,000 EPS

2X 7500 EPS SLM @ 3x E7100s @ $60,580 $80,000 3x Connector @ $18,640 Total: $237,600 Total: $160,000

Rome

Overall: $505,000
1X 7500 EPS SLM license @ $80,000 Total: $80,000 1X 7500 EPS SLM license @ $80,000 Total: $80,000

Paris

300 Devices 4,000 EPS

4 8

700 Devices 3,000 EPS

Novell Inc. All rights reserved

How to win vs. ArcSight

Do:

Don't:

Talk about Identity

Allow statements to go unchallenged

ArcSight 4 includes Identity and Role Correlation, so they will try to talk Identity. We have the advantage here!

For example, they now say they have database independent correlation, which is provably false in a POC.

Highlight their database dependence

Only play defense

If the ArcSight database goes down, their data collection, dashboards, correlation, and alerts all stop working. Show this in a POC.

ArcSight reps are very aggressive we need to drop our own landmines and not play from our heels.

Leverage the Novell relationship

Ignore the hardware

ArcSight usually has no incumbent presence.

Apples to apples, Sentinel does more with far less hardware cost.

Focus on scalability and TCO

Let them marginalize Sentinel

Shift the focus in the POC to the Event Per Second rate try to get it above 1000 EPS.

With Novell customers, they try to position Sentinel as only relevant for Novell products

Bring in partners

Confuse marketing with capability

ArcSight doesn't generally partner well. We can win by leveraging those relationships.

For example, they try to pass off the same report as applicable to multiple regulations.

4 9

Novell Inc. All rights reserved

How to win vs. RSA / EMC enVision

Do:

Don't:

Make the data relevant

Worry about the database

Talk about the need to add business relevance to the raw data coming from the devices.

RSA will focus on anti-database spin, but iSCALE mitigates any DB disadvantages.

Box them in

Concede the ease of use argument

A multi-site enVision deployment requires at minimum 6 hard appliances

Expand the customer's perspective

Sentinel 6.1 RD / SLM improves our ease of use dramatically. The greater number of devices required for enVision makes it tougher to manage for an enterprise implementation

Sentinel is designed to grow with the customer's needs while keeping hardware and management costs down. They just keep selling more and more boxes

Compare apples to oranges

RSA tries to be both a Log Manager and a SEM with the same device, and isn't very good at either job

Make Sentinel the standard

Focus on the number of reports

Position Sentinel's use of standard reporting, storage and hardware as a positive. We aren't writing our own proprietary DB or selling a box.

They will try to impress the customer with a gigantic number of reports. But those reports are proprietary and can't be customized, and are very security/IT control-centric.

Focus on correlation

enVision's is weak and hard to use

5 0

Novell Inc. All rights reserved

Novell Sentinel Log Manager

Solution: Novell Sentinel Log Manager

Reduces the cost of compliance

Use your own storage and hardware Log files compressed 10:1 on-the-fly Open data formatno lock-in Quickly and easily create formatted reports from searches 100s of reports available to satisfy PCI-DSS, HIPPA, SOX and much more Increased productivityactually USE your log management tool for security management!

Solves the problem of pre-canned templates

Actually easy to use

5 2

Novell, Inc. All rights reserved.

Novell Sentinel Log Manager

Based on the Novell advanced Sentinel SIEM product Designed to combine quick out-of-the box ROI with the ability for future expansion Intuitive, AJAX-based interface Compressed, file-based data store with signatures for data integrity Out of the box reports and ad-hoc indexed searching Easy integration with Sentinel and the Novell Compliance Management Platform for full SIEM functionality with the Novell unique identity integration

5 3

Novell, Inc. All rights reserved.

Data Collection

Out-of-the-box support for Syslog and native collection from other protocols Syslog:

Support for UDP, TCP, and SSL including authentication and custom certificates Auto-detection of event source type: PIX, Linux, Solaris, etc. Universal syslog collector for unrecognized syslog events Uses pluggable Novell Sentinel connector framework additional protocols configured using the Event Source Management interface

Other Protocols:

5 4

Novell, Inc. All rights reserved.

Reliable TCP and Secure SSL

5 5

Novell, Inc. All rights reserved.

Data Collection Syslog

5 6

Novell, Inc. All rights reserved.

Data Collection Other Protocols

5 7

Novell, Inc. All rights reserved.

Novell Sentinel Log Manager

Data Storage and Archiving

All data is stored in the same storage system Data is automatically compressed to minimize storage requirements10:1 ratios are typical Connects to SAN / NAS to expand archive capacity Custom retention policies can be defined based on the value of the information and/or a specific mandate Intuitive graphical interface shows data usage trends and any potential problems Online and Archive refer to storage location only; search and reporting functions work with both

5 8

Novell, Inc. All rights reserved.

Novell Sentinel Log Manager

Data Storage and Archiving

5 9

Novell, Inc. All rights reserved.

Reporting and Search

Reports and searches run against the same data Search results contain hyperlinks to quickly drill down and refine the search criteria Web 2.0 tools allow search results begin to appear almost immediately, then automatically update as additional results are found without the need to click to the next page Query and search span online and archived data seamlessly Once click converts a search into a reusable report

6 0

Novell, Inc. All rights reserved.

Seamless Search
Search UI Online Storage Compressed Offline Storage (SAN or NAS)

All other systems, must bring storage online to search time consuming and cumbersome Novell Sentinel Log Manager can search compressed, offline storage on the fly

6 1

Novell, Inc. All rights reserved.

Novell Sentinel Log Manager

Reporting and Search

6 2

Novell, Inc. All rights reserved.

Novell Sentinel Log Manager

Reporting and Search

6 3

Novell, Inc. All rights reserved.

Novell Sentinel Customers

Telecom Argentina

U.S. Navy Cyber Defense Operations Command

Cite Media Holding Group

6 4

Novell, Inc. All rights reserved.

In Summary

Log management does not have to be cumbersome and expensive

Despite what other vendors may offer

Novell Sentinel Log Manager

Provides fast ROI Ships with reports that you need for PCI-DSS, HIPPA, SOX and more Stores data in a non-proprietary flat file, on any storage medium, on any file-system Is available as a simple install on any hardware that meets the minimum specifications Is built on the enterprise tested Sentinel

6 5

Novell, Inc. All rights reserved.

Unpublished Work of Novell, Inc. All Rights Reserved.

This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.