Damballa is banging the anti-botnet product drum (also known as monitoring the network) as they try to differentiate from anti-virus and anti-malware issues:
A study by Damballa demonstrated that the typical gap between malware release and
detection/remediation using antivirus is 54 days. The study was comprised of over 200,000 malware samples scanned by a leading industry antivirus tool over six months. The study also revealed that:
• Almost half of the 200,000 malware samples were not detected on the day they were
received
• 15% of the samples remained undetected after 180 days
Over a month to respond seems unusually high. What do they mean typical? Is that an average so new viruses might take 60 days but blends or mutations might take 10…?
30,000 samples undetected. I always used to try and present the cost of an incident per system to management. If you take a conservative estimate and consider a replace/repair order costs no less than $30, with roughly a third or so of the malware actually causing an order to be placed, that’s a $9 million hit just for the undetected samples. Ouch; better monitor the network.