I know from a personal perspective I have a few programs for personal use that I use on a regular basis that unfortunately require Windows XP.
In a cost savings move on my part I will be using the combination of Symantec Endpoint IPS, ESET NOD32 Antivirus, and Malwarebytes active protection with EMET 3.0 installed with the "all" profile set. This machine will not be used for web browsing, sitting behind a separate firewall, and should have only exposure to the exisiting patched Windows 7 machines that will be on my own network, thus I feel fairly confident that this one machine should be safe for some time.
Since no one antivirus vendor/solution/or company will be able to protect an unsupported OS from every vulnerability out their, I plan on using Symantec Endpoint's IPS in conjunction with other vendors software, inorder to hopefully cover as much of my exposure as possible. This is not meant to be a knock aginst Symantec or any other company, it is just a fact that no one entity can completely protect an unsupported operating system.
If I was doing the same in a production enviroment or felt the need to purchase new hardware at this point, I would simply use VMware Workstation(PC)/Fusion(Mac) and create an isolated Windows XP VM. A person could even install Endpoint 12.1.4 on it and manually update the Antivirus and IPS defintions without the VM ever being exposed to an outside network.
levd,
If your company will not be able to migrate away from Windows XP before April 2014 deadline, I strongly recommend that you contact Microsoft and pay the extra money to buy your company some time to move away from XP. If you need Windows XP for specific applications, like myself, I would suggest installing Windows 7 or newer on the machine and taking advantage of software like VMware's unity feature to run those applications in the Windows 7 enviroment.
If the issue is budget, well, I would suggest you consider asking those who make the budget decisions how much your businesses security is worth....(hopefully not in a rude way) as running an unsupported OS in a production enviroment for many large companies may cost them much more in the long run.