Security Basics mailing list archives
Re: Resources expended to AV management solution.
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Wed, 12 Aug 2009 15:17:52 -0400
On Wed, 2009-08-12 at 10:23 -0300, Paul Halliday wrote:
I am just looking for experiences with regards to what kind of resources a medium sized company or .edu (lets say 1000-5000 machines) expends towards managing their AV solution.
Depends, are we including recovery when vendors bork their heuristic engine? ;-) http://www.theregister.co.uk/2009/08/12/ca_auto_immune_update/ My experience has been, this is a difficult number to tie down as resources tends to get sprinkled across a large number of job descriptions. Its also going to vary depending on how much control you have. Can users disable AV? Do you run a different vendor solution with a second set of signatures at all network entry points (e-mail, HTTP, etc.)? To be honest, the largest portion of the expenditure is when the solution does not work. Client deployment, signature updates, etc. can be pretty well automated. What requires a lot of skilled hands on time is recovery from a Malware outbreak. In other words, the cost of failure is a much higher percentage of the overall cost than normal administration. Also, some of these costs tend to be hidden. Its difficult at best to fight Malware with a signature based solution when we are seeing 10,000+ variations per day. So non-desktop people should be involved in the process as well. Does the firewall team review the outbound connection logs during off-hours to try and spot call home Malware? If so, what's this time worth? Is the IDS team managing Malware signatures? How much additional overhead does this create? If you have not considered it already, you really should look at an application control solution. Far easier to administrate than AV in my experience, and its far more successful at controlling Malware (thus reducing the cost of failure). I have a write up here if you are interested: http://www.chrisbrenton.org/2009/07/proactive-cyber-defence-seminar/ HTH, C --- www.chrisbrenton.org ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Resources expended to AV management solution. Paul Halliday (Aug 12)
- Re: Resources expended to AV management solution. Chris Brenton (Aug 12)
- Re: Resources expended to AV management solution. Ramki B Ramakrishnan (Aug 26)
- Re: Resources expended to AV management solution. John Morrison (Aug 25)
- Re: Resources expended to AV management solution. Chris Brenton (Aug 12)