Enterprise security firm CrowdStrike this week lost a legal battle aimed at stopping independent security testing and advisory firm NSS Labs from publishing its findings.
CrowdStrike on Friday sought a temporary restraining order and preliminary injunction in Delaware to stop NSS from publishing its full Advanced Endpoint Protection Group test, which includes an assessment of CrowdStrike's Flacon product. The federal court denied CrowdStrike's request on Monday, and NSS Labs on Tuesday published its test results.
The NSS report, which is only available to paying subscribers, examines products from Carbon Black, CrowdStrike, Cylance, ESET, Fortinet, Invincea, Kaspersky, Malwarebytes, McAfee, SentinelOne, Sophos, Symantec, and Trend Micro. The NSS calls it "the industry's most rigorous test to date of leading Advanced Endpoint Protection (AEP) solutions."
CrowdStrike disagrees with that assessment. In a blog post Tuesday, the security firm accused NSS of "unlawfully accessing" its software and improperly testing its product. The company said it hadn't seen the test results but was simply "making a stand against what we believe to be unlawful conduct."
"CrowdStrike values independent testing and we initially engaged NSS to conduct a private test of our software," the company wrote. "We soon learned their methodologies were deeply flawed."
As one may be able to surmise, CrowdStrike scored poorly on the test. NSS gave CrowdStrike's product a "below average" rating of 73.2 percent in terms of "security effectiveness," according to a copy of the report obtained by PCMag. The testing firm cautioned buyers from using the Falcon product, noting that it offers only "limited value" for the money.
Related
- The Best SaaS Endpoint Protection Software of 2016The Best SaaS Endpoint Protection Software of 2016
CrowdStrike, however, argued that NSS made "basic" testing errors, like labeling Firefox, Skype, and other legitimate software as malicious, "leaving us with no confidence in their testing methodology or ability."
"As a result, we decided not to participate in a public test and expressly declined NSS' later request to conduct public testing," CrowdStrike wrote. "After explicitly telling NSS on multiple occasions that they were prohibited from using our software for public testing, they colluded with a reseller and engaged in a sham transaction to access our software to conduct the testing."