ROI of Zero-Hour Anti-Virus Defense

New technologies are becoming available that catch viruses very quickly: before you've received the anti-virus (AV) signature from conventional AV suppliers. They're worth considering adding as a second layer of defense, after conventional AV.

We're aware of at least four vendors with such technology: MessageLabs, MailFrontier, IronPort, and Avinti. We wrote about Avinti's unusual detection method recently.

This is important; during 2004, viruses have propagated much more rapidly than in the past. This has made obvious a window of exposure — typically 6-to-8 hours — before you've been able to put in protection against a new virus.

The cost argument for these "zero-hour" defenses is simple, yet powerful:

  1. Suppose you get hit about every two months with such a virus.
  2. Suppose that before your AV tool starts filtering it out, it's received
    in email by 10% of your users.
  3. Suppose that just 2% of those users open them (ie, 0.2% of all users).
  4. Now suppose the cleanup cost is a conservative $200 per user.

For a 1,000 users organization, that's a cost of $400 per outbreak,
or $2,400 per year. Or about $2.40 per user per year. So if the
zero-hour AV solution ends up costing substantially less than that,
you're getting a good ROI. Plus less disruption in the office.

Authors: David Ferris and Richi Jennings
with thanks to IronPort's Tom Gillis for the idea

Post a comment

You must be logged in to post a comment. To comment, first join our community.