Cybersecurity analyst fires triple lawsuit at Symantec, CrowdStrike and ESET
NSS Labs claims vendors are refusing to have their products tested effectively and are trying to restrict its access
Cybersecurity testing firm NSS Labs has filed a lawsuit against Symantec, CrowdStrike and ESET, accusing the vendors of failing to reveal flaws in their products.
In the anti-trust suit, NSS claims that the vendors have conspired to prevent the independent testing of their products. Anti-trust legislation is designed to prevent monopolies on a given market and promote fair competition.
All three vendors are members of the Anti-Malware Testing Standards Organisation (AMTSO), which has a mandate to standardise testing methods.
However, NSS CEO Vikram Phatak claims AMTSO members are instead "actively conspiring to prevent independent testing that uncovers product deficiencies to prevent consumers from finding out about them".
"Further, vendors are openly exerting control and collectively boycotting testing organisations that don't comply with their AMTSO standards - even going so far as to block the independent purchase and testing of their products," he added.
"In addition, a number of vendors such as CrowdStrike have conspired to prevent testing of their products by placing clauses in their end-user licensing agreements that make testing of their products subject to their permission. This unethical and deceptive behaviour hampers transparency and hinders consumers in their ability to assess whether a product delivers on its promises."
CRN contacted Symantec, CrowdStrike and ESET for their response to NSS' legal action.
ESET said: "We are aware of the allegations stated in the blog post from NSS Labs; however we have yet to receive official legal communication. As legal proceedings appear to have been initiated, we are unable to say more at this time, beyond the statement that we categorically deny the allegations.
"Our customers should be reassured that ESET's products have been rigorously tested by many independent third-party reviewers around the world, received numerous awards for its level of protection of end users over many years and are widely praised by industry-leading specialists."
CrowdStrike launched a stinging attack on NSS, suggesting that the firm favoured vendors that spent money with it.
"NSS is a for-profit, pay-to-play testing organisation that obtains products through fraudulent means and is desperate to defend its business model from open and transparent testing," it said. "We believe their lawsuit is baseless.
"CrowdStrike supports independent and standards-based testing—including public testing—for our products and for the industry. We have undergone independent testing with AV-Comparatives, SE Labs, and MITRE...
"We applaud AMTSO's efforts to promote clear, consistent, and transparent testing standards."
Symantec did not responded to CRN's request for comment at the time of publication.
NSS Labs said that, in the past, vendors that refused to take part in product testing would see their reputation damaged and sales hit.
With this in mind, vendors have now decided to boycott testing en masse, seeking to protect their reputations as a group, it claimed.
"If a group of vendors agree ahead of time to boycott an independent test lab - say a lab they cannot get to do their bidding - then each is insulated from criticism by being one among many," Phatak added.
NSS also said that being a "direct target of a conspiracy" has caused it "substantial damage", including the loss of market share.
The firm also clashed with CrowdStrike last year, after the vendor scored poorly in one of NSS' tests and went on to criticise the testing methods.
Update
Since publication, NSS Labs has contacted CRN to respond to comments made by CrowdStrike.
CEO Phatak said: "We are where we are because we refused to be pay-to-play, and CrowdStrike knows it.
"Their smear tactics are par for the course. They should be ashamed of themselves."
AMTSO also stated: "The AMTSO is disappointed by the antitrust lawsuit raised by a member organisation, and we categorically deny all claims made against us.
"NSS is a member of AMTSO, and one of their employees was an important member of the working group that developed the standard.
"Rather than trying to use the legal system to tear down what we all built together, we encourage NSS to bring its concerns back to the table and engage with the rest of AMTSO membership to make our industry better."