- TalkBack 5 of 10:
- Next »
- « Previous
- Thread View
- Flat View
- Understanding survey results
-
Firstly, the survey questions were as follows;
19.Please estimate (in U.S. Dollars to a maximum of US$1,000,000) how much [[6]] cost your company: (include costs for actual server damage and downtime, lost staff/employee productivity, lost sales, transaction impairment, partner/distributor impairment, meetings/executive briefings, customer loss, credibility impact/loss of trust, etc.)
So as you can see, they weren't asked for the cost strictly as it relates to man-hours alone, nor should they have been.
Historically, that number, as given by a technical person, is under-estimated 7-fold. That's because they don't consider all of the other costs involved (such as those listed in the question,) or don't have a decent handle on what those other impact costs actually are (do you know how much your company makes per hour for the entire company being able to work at their computers?)
As for "eradicating a specific virus on all of your computers" allegedly in an hour or two, well, that's a very idealistic number. May well be realistic in your organization; hat's off to you if that's the case. Unfortunately, for many, it isn't. The median number of computers in impacted organizations responding to our survey was 5,000. The average number was 18,654.
Of those, let's accept that not all were present at the moment in time the IT Admin had the script ready to be pushed...some were roving, some were simply off, and others were at remote locations (not necessarily part of an automated intranet.) These require "special" handling, possibly in person (or by someone else.)
Also consider the situation where your network is currently being overwhelmed by bot probe traffic. Your push may, or may not, make it to the target systems. Some were continually rebooting...pushing a WMI script to them is about as useful as wishing they were fixed.
How does your automated mechanism (whatever you're using) actually receive confirmation that the entire, note: ENTIRE, "fix" has been applied?
I could go on and on to explain many reasons that eradicating a specific virus on all of your computers does, not should, but does take more than an hour or two...regardless whether the "proper tools are used."
Suffice it to say we agree on several points;
1. Good tools exist. Whether or not they are proper is a matter of your organizations needs, expertise, etc... It also greatly depends on the availability of information (specific details as to just what needs to be done by the tool to, for example, eradicate a worm.)
2. Cost of impact is, obviously, not simply the hourly rate of a single admin.
3. It takes some amount of time to eradicate a worm, and, that amount varies for a variety of reasons.
Now let me ask you a question:
During the virus/worm outbreak at your organization which you're experience is based upon (e.g. that it only takes an hour or two), which worm was that, and how many computers did you push your script to?
Just curious. For example, from our Zotob survey, the largest number of "infected" computers amongst those who said they spent less than 80 hours to remediate was 1000, but the average was only 73. For the balance (who spent 80 hours or more) the average was 2335 while the largest was ~10,000.
Cheers,
Russ Cooper
Senior Information Security Analyst
Microsoft SME
Cybertrust, Inc. - Posted by: NTBugtraq Posted on: 10/27/05 You are currently: a Guest | Members login | Terms of Use
malicious payloads vs. remote controlled botnets
nynetsec | 10/26/05
|
|
I won't consider them a fool but...
Grayson Peddie | 10/26/05
|
|
These numbers are BS
toadlife | 10/26/05
|
Maybe not...
gfeier | 10/27/05
|
Understanding survey results
NTBugtraq | 10/27/05
|
Hello Russ
toadlife | 10/27/05
|
|
correction
toadlife | 10/27/05
|
|
correction
toadlife | 10/27/05
|
|
A beautiful piece if coding!
An_Axe_to_Grind | 10/27/05
|
|
Zotob damage deep but not widespread
bryanpeabody | 02/22/06
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Finally, an easier way for Small and Mid-Sized Companies to Run Their Business Applications: IBM Smart Business IBM From the PC to the Internet to every piece of hardware and software in ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
> Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
