|
Viruses have been on the attack for more than 20 years, and the cost of dealing with them is escalating. Too many malcode (malicious code) attacks by viruses, worms, Trojans and the like are breaking through today's most prevalent system defenses - Antivirus (AV) programs. It is time for the next generation of virus prevention. This whitepaper will discuss the full impact of virus disasters and what historically has been done to combat the problem. It will show how ISS' new Virus Prevention System (VPS) represents a quantum leap in preemptive protection. Finally, it will show how VPS fits into a layered protection strategy, providing protection at the host/desktop and at the gateway.
The Very Real Threat of Virus Attacks
In 2004, virus disasters increased 12 percent, although 99 percent of those surveyed had AV protection in place. The average cost of recovery increased more than 40 percent last year, to $130,000 per incident. It also took longer to recover: 7 more person days - a 25 percent increase - bringing the average time for full recovery to 31 person days.
The 2004 ICSA Labs survey polled only a handful of the number of businesses operating in the United States today. This report states: "Respondents in our survey historically underestimate costs by a factor of 7 to 10." If the full impact of a virus attack could be calculated, the costs would be astronomical - lost data and lost sales, customer dissatisfaction or breaches of confidentiality, employee downtime, increased network administration workload and system repair, to name a few. As the survey put it, "Based on the dollars reported,... complete cost of recovery would be in the range from $900,000 to more than $5,000,000 (in total costs of recovery alone)."
Even with firewall and Antivirus protection in place, virus attacks can penetrate network security defenses. It can take hours, sometimes days, for traditional AV vendors to create a virus update. Add to this the time it takes for an organization to test the update, distribute it to all their systems and make it available to their remote laptop populations, and the whole signature update process can take days or weeks. During this waiting period, organizations' critical assets are exposed and at risk.
Andreas Marx of AV-Test.org, a worldwide security software testing organization based in Germany, has published studies on Antivirus response times. A February 2004 test measured how long it took 23 traditional AV vendors to come up with updates to combat four viruses: Dumaru.Y, MyDoom.A, Bagle.A and Bagle.B. According to AV-Test.org data, these are the average lag times for each program during the test period:
Average Antivirus Vendor Response Time
The top two AV vendors averaged more than 26 hours to respond to the threats.
What business can afford to wait that long for an effective virus update? Just one infected PC can easily reproduce at least 10 copies of the virus per second; exponentially, a virus can propagate worldwide in a matter of minutes. Because of the amount of time it takes to deliver, test and deploy signature updates, the window of exposure can extend from 7 to 30 hours - and that degree of risk should be unacceptable to any company.
Nevertheless, businesses have been forced to settle for less-than-adequate security solutions because, until recently, the industry didn't know what it didn't have - a preemptive choice.
The Evolution of Antivirus (AV) Technology
In the early days of computer viruses, combating viruses, worms and Trojans was relatively straightforward. But as Internet threats have became more sophisticated through the use of social engineering and hybrid attacks,"first-generation" Antivirus protection has become too cumbersome and impractical.
Any next-generation virus prevention technology must leverage the strengths and overcome the weaknesses of earlier methods. In developing new solutions, several criteria should be weighed, including:
- How well does it stop known attacks?
- How well does it stop unknown attacks?
- What is the potential for false positives?
- What is the likelihood of collateral damage?
- How frequently must it be updated or tuned?
- How much time and expertise is required for initial set-up?
- How much ongoing change management is required?
|
