Confidential settlement includes an apology from NSS for ‘incomplete, inaccurate’ results
Security vendor CrowdStrike late last week said it had “confidentially” settled its two-year-old legal dispute with testing firm NSS Labs sparked by a a poor review of its Falcon AV and endpoint detection and response platform.
The Lowdown: The legal dust-up stems from a February 2017 report from NSS Labs that deemed CrowdStrike’s Falcon offering inferior to most competitors and gave the product a “caution” rating. CrowdStrike complained the NSS results were flawed and filed suit in federal court in an attempt to halt the report’s release.
The Details: The drama around the CrowdStrike-NSS dispute was heightened in the channel when it was revealed that NSS allegedly obtained Falcon illegally from a reseller partner to conduct its tests. Last Friday’s settlement closes the books on the matter between NSS and CrowdStrike, but leaves intact a follow-up suit by NSS against AV vendors Symantec and ESET, as well as the Anti-Malware Testing Standards Organization (AMTSO). That suit alleges the organizations conspired to thwart third-party testing of antivirus products.
As part of the settlement, NSS Labs issued an official mea culpa, saying its testing of the CrowdStrike Falcon platform “was incomplete and the product was not properly configured with prevention capabilities enabled.”
“In addition to the results having already been acknowledged as partially incomplete, we now acknowledge they are not accurate and confirm that they do not meet our standards for publication,” NSS said.
“The security effectiveness score, caution rating, and total cost of ownership of the testing of the CrowdStrike’s Falcon Platform are not accurate and are hereby retracted,” the NSS statement said. “NSS extends its sincere apology to CrowdStrike for the publication of inaccurate test results of CrowdStrike’s Falcon Platform.”
Background: Earlier this month, CrowdStrike registered with the U.S. Securities and Exchange Commission for a proposed initial public offering of Class A common stock under the ticker symbol CRWD. Goldman Sachs, J.P. Morgan, Bank of America Merrill Lynch, and Barclays will lead the proposed offering, the company said.