SaaS-y security outfit CrowdStrike falls out of love with test lab

Tries – and fails – to have court suppress review of its Falcon product

Updated SaaS-y endpoint protection outfit CrowdStrike has failed in an attempt to prevent the publication of a review detailing its software's qualities.

CrowdStrike makes “Falcon”, a platform that combines an agent running on endpoints with a cloudy analytical engine to spot and squash malware and other nasties.

Falcon made the list of endpoint security products that testing outfit NSS Labs decided it would include in a roundup it intends to release this week. But when CrowdStrike got wind of its inclusion, it took issue, and headed off to court for a restraining order against the publication of the Falcon review.

As the decision [PDF] by the US district court of Delaware explains, CrowdStrike paid NSS to test Falcon in private, and the two had a row over the nature of the tests the lab conducted. Ultimately, CrowdStrike insisted that the lab results were kept under wraps.

NSS tried to conduct new tests to CrowdStrike's satisfaction, but that appears to have failed: during a third round of benchmarking, CrowdStrike was still upset, and demanded NSS keep quiet.

When it became clear NSS was going public with its report, off to court they went. The district judge was asked to consider whether NSS had breached its contract with CrowdStrike (no) or breached a contract CrowdStrike had with a reseller called Constellation (again, no). NSS had obtained the Falcon software from Constellation when CrowdStrike tried to stop the lab from using its software.

CrowdStrike's third argument was that releasing the review would mean NSS effectively misappropriated revealed trade secrets. That argument failed because the court felt NSS's tests kept secrets safe, and that a review would not divulge any confidential details.

This left a final test of whether publishing the review would cause “irreparable harm” to CrowdStrike's reputation, which the software company contended would be the result of NSS's inevitably-inaccurate assessment of its wares. Again the court felt the argument could not stand, because the dispute was over a breach of contract, and any harm caused by publishing the report is not related to the contractual wrangling.

And the decision said that even if NSS got its facts wrong, it would suffer more harm than CrowdStrike because “NSS would be enjoined from disclosing likely true and legitimately obtained data, undermining a critical aspect of NSS's presence in the marketplace.” CrowdStrike, the district judge argued, can easily contend NSS's work by releasing its own data.

All of which will make life interesting at the RSA Conference in San Francisco on Tuesday morning US time, where NSS plans to release its research.

Grab some popcorn! ®

Updated to add

You can now buy NSS's reports here, including its dossier on CrowdStrike. From this graph, taken from the Falcon review, CrowdStrike's product doesn't fare particularly well. Meanwhile, antivirus veteran Vesselin Bontchev has posted some thoughts on the debacle here.

"CrowdStrike values independent testing and we initially engaged NSS to conduct a private test of our software," CrowdStrike blogged on Tuesday to explain its legal action.

"We soon learned their methodologies were deeply flawed. For example, they made basic errors including labeling legitimate software such as Firefox, Skype, and Java, digitally signed by vendors, as malicious – leaving us with no confidence in their testing methodology or ability.

"After explicitly telling NSS on multiple occasions that they were prohibited from using our software for public testing, they colluded with a reseller and engaged in a sham transaction to access our software to conduct the testing."

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2022