CrowdStrike, NSS Labs resolve court battle over product testing

NSS Labs has admitted that CrowdStrike Falcon product test results were “inaccurate.”

Researcher creates SMBdoor based on NSA malware for security purposes New experimental backdoor highlights an OS section that antivirus products are not looking at.

CrowdStrike and NSS Labs have settled a legal dispute over tests relating to the CrowdStrike Falcon endpoint protection solution.

In a statement, CrowdStrike said "CrowdStrike and NSS Labs have resolved the lawsuits between them pursuant to a confidential settlement agreement."  

As part of that settlement, NSS issued a corrective statement concerning the firm's past analysis of the CrowdStrike Falcon, tested by the cybersecurity guidance company both privately and publicly.

Security 101

How to protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read More

Originally, NSS included the product in its first Advanced Endpoint Protection (AEP) Test Reports and Security Value Map, published in February 2017.

See also: NSS Labs files lawsuit over alleged CrowdStrike, Symantec, ESET product test conspiracy

The antivirus and cybersecurity solutions of 13 vendors were analyzed, including Carbon Black, ESET, Malwarebytes, SentinelOne, and CrowdStrike. In total, nine were "recommended," while one was "security recommended," one was deemed "neutral" and two were given a "caution" rating.

CrowdStrike's Falcon was one of two products given a value estimate of "below average," with an overall effectiveness rating of 73.2 percent and a score of 99 percent for evasion techniques.

While NSS said the report "was in the public domain to provide transparency and help enterprises understand the factors behind the results," CrowdStrike disputed the results.

CNET: Apple has a secret facility for stress-testing iPhone parts

The cybersecurity vendor then launched a lawsuit against NSS in a US Federal District Court and requested that the report be withheld prior to public release. CrowdStrike alleged that NSS' testing practices were "deeply flawed" and errors were made including "labeling legitimate software such as Firefox, Skype, and Java, digitally signed by vendors, as malicious."

In addition, CrowdStrike said that the Falcon's prevention settings were turned off during the test, an analysis which was also labeled "incomplete" after CrowdStrike suspended access to the software on suspicion of NSS colluding with a reseller to obtain entry.

A year later, NSS filed an antitrust lawsuit against CrowdStrike, Symantec, and ESET, alleging that the organizations were actively conspiring to restrict independent product testing.

However, NSS has now admitted its own conduct was not exemplary -- at least, in CrowdStrike's case.

TechRepublic: Nessus expands vulnerability scanner offerings to 16 IPs in commercial environments

In a statement, NSS said testing of the CrowdStrike Falcon platform "was incomplete and the product was not properly configured with prevention capabilities enabled."

NSS added that the results were "not accurate" and therefore the solution's effectiveness score, caution rating and total cost of ownership have been retracted. The results have been wiped from the report, alongside press releases and blog posts posted by the company in connection to the 2017 report and legal dispute.

"NSS extends its sincere apology to CrowdStrike for the publication of inaccurate test results of CrowdStrike's Falcon Platform," NSS said. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0