NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO

[steven36]

NSS Labs vs. CrowdStrike, Symantec, ESET and the Anti-Malware Testing Standards Organization

 

 

Advancing Transparency and Accountability in the Cybersecurity Industry

 

On September 18, 2018, NSS Labs filed an antitrust suit against CrowdStrike, Symantec, ESET and the Anti-Malware Testing Standards Organization (AMTSO). You might be asking yourself, why?

 

NSS Labs’ mission is to advance transparency and accountability in the cybersecurity industry. We filed this suit because some vendors have not been living up to their responsibility to protect consumers and they know it, and they’re trying to prevent the public from knowing it too. If you are in the cybersecurity industry, it won’t surprise you to hear that vendors often know about their products’ deficiencies yet don’t reveal them to consumers. What should shock you is that they are actively conspiring to prevent independent testing that uncovers those product deficiencies to prevent consumers from finding out about them.

 

Keep in mind that these actions are not occurring in a vacuum. When a customer unknowingly relies on a flawed security product it can have serious consequences – from financial losses to physical safety. We filed this suit because we believe it’s important to bring the actions of some antivirus (AV) vendors to light and shine a spotlight on several bad behaviors in the cybersecurity industry. In short, some vendors have not been living up to their responsibility to protect consumers and they know it. Exposure to cyber risks is worsening daily and the implications are staggering. Given the pervasiveness of cyberattacks and the resulting impacts to our society, it is more critical than ever for cybersecurity products to do what they promise.

 

Just a few weeks ago, Kirstjen M. Nielsen, Secretary of Homeland Security stated that the breadth, scope and consequences of cyberattacks exceeds the risk of physical attacks and these attacks have moved past the epidemic stage and are now at a pandemic stage. The World Economic Forum estimates global losses due to cybercrime at US $0.5 Trillion in 2017 and these losses are projected to grow even more rapidly. 

 

But what does this have to do with our lawsuit?

 

NSS Labs frequently uncovers product deficiencies during our independent tests. We tell customers about those deficiencies. As you can imagine, this can hurt a vendor’s sales. So, what is a vendor to do?  Some (the good ones) fix their products. Others try to avoid being tested. But being the sole vendor refusing to be tested is bad for sales.…However, if a group of vendors agree ahead of time to boycott an independent test lab – say a lab they cannot get to do their bidding – then each is insulated from criticism by being one among many. You hopefully see where this is going.

 

The actions of the parties named in this suit were conducted by and through their participation in the Anti-Malware Testing Standards Organization (AMTSO), an organization that claims its purpose is to establish standards “for fair and useful testing.” What they neglect to tell you is that their version of “fair and useful” tests are driven by the same security vendors whose products are being tested; not a neutral, independent third-party setting a higher bar for the security vendors and the industry. They claim to try to improve testing but what they’re actually doing is actively preventing unbiased testing. Further, vendors are openly exerting control and collectively boycotting testing organizations that don’t comply with their AMTSO standards – even going so far as to block the independent purchase and testing of their products.

 

In addition, a number of vendors such as CrowdStrike have conspired to prevent testing of their products by placing clauses in their end user licensing agreements (EULA) that make testing of their products subject to their permission. This unethical and deceptive behavior hampers transparency and hinders consumers in their ability to assess whether a product delivers on its promises.

 

Out of necessity, consumers trust their security vendors to do right by them but in reality, they often have no way to know if they should. Which is why at NSS Labs we have a saying, “If it is good enough to sell, it is good enough to test.” 

 

Many of you reading this have relied on NSS Labs tests and insights to guide your decisions. We strive to earn your trust every day and do not take your trust for granted. It is our hope that our actions today mark an important step forward in advancing transparency and accountability in the cybersecurity industry.

 

Thank you for your continued support.

Vikram Phatak, CEO of NSS Labs

 

Source

 

[steven36]

NSS Labs lawsuit takes aim at Crowdstrike, Symantec and ESET

 

In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including Crowdstrike and Symantec, of conspiring to undermine its testing efforts.

 

NSS Labs announced Wednesday it had filed an antitrust suit against Crowdstrike, Symantec and ESET over what the testing firm claims is an extensive, coordinated effort to prevent the company from testing leading antimalware products.

 

The NSS Labs lawsuit, which also named the Anti-Malware Testing Standards Organization (AMTSO), alleges Crowdstrike, Symantec, ESET and the AMTSO worked in concert to impede NSS Labs' ability to test their products. In a scathing blog post, NSS Labs CEO Vikram Phatak accused the antimalware vendors and the AMTSO of trying to suppress negative product reviews from NSS Labs.

 

"We filed this suit because some vendors have not been living up to their responsibility to protect consumers and they know it, and they're trying to prevent the public from knowing it too," the blog post read. "If you are in the cybersecurity industry, it won't surprise you to hear that vendors often know about their products' deficiencies yet don't reveal them to consumers. What should shock you is that they are actively conspiring to prevent independent testing that uncovers those product deficiencies to prevent consumers from finding out about them."

 

The NSS Labs lawsuit, Phatak wrote, was filed in the hopes of "advancing transparency and accountability" in the antimalware and cybersecurity spaces.

 

Phatak claimed the vendors "are openly exerting control and collectively boycotting testing organizations that don't comply with their AMTSO standards -- even going so far as to block the independent purchase and testing of their products." He further claimed that the AMTSO standards are not neutral and are instead driven by the antimalware vendors themselves in an apparent effort to produce beneficial results.

 

The AMTSO is a non-profit organization founded in 2008 to "improve the business conditions related to the development, use, testing and rating of anti-malware products and solutions." The organization has more than 50 member companies, including Crowdstrike, Symantec and ESET.

 

According to the AMTSO's website, a testing lab that wants comply with the AMTSO Standard for a specific antimalware test "must provide AMTSO with formal notification and publish a detailed test plan prior to starting the test. This process is intended to provide vendors an opportunity to review the test plan and provide their input, highlighting any potential issues with the test design."

It's unclear if NSS Labs participated in the AMTSO's process.

 

In addition to the AMTSO, Phatak's blog post about the NSS Labs lawsuit specifically criticized Crowdstrike as one of many vendors that have implemented clauses in end user licensing agreements (EULA) to prevent organizations from testing the products without the vendor's permission. Crowdstrike filed a lawsuit in federal court against NSS Labs earlier this year to prevent NSS Labs from releasing a report on its advanced endpoint protection product tests, in which Crowdstrike was given a "caution" rating; the court denied Crowdstrike's request.

 

Source

[DKT27]

Seems to be that their results are not available for free for public viewing though.

[steven36]

53 minutes ago, DKT27 said:

Seems to be that their results are not available for free for public viewing though.

NSS LABs  test is not free , because the truth is not free lol Just like the products they test are not freeware.. There do testing for Enterprise (Global 2000 companies) and these big Enterprises pay them to test to find out the truth.

 

Quote

 

• NSS Labs has a longstanding history in security product testing and research. Security professionals from many of the world's largest and most demanding enterprises rely on trusted insights from NSS Labs. The company empowers enterprises by providing them with timely, relevant information on which to base their purchase decisions.

• NSS Labs had the foresight to recognize that objective security information would become an overlooked premium in a crowded market of more than 1,500 security vendors. The company leveraged its unmatched and well-respected foundation in security product testing, along with its enterprise research and global threat analysis capabilities, to deliver the CAWS Continuous Security Validation Platform. CAWS substantiates the effectiveness of enterprise security controls and uncovers unmitigated risks to enterprise systems. Using fact-based threat data and risk information, CAWS enables businesses to strengthen their cyber risk posture, continuously validate their security controls, and take timely action to mitigate threats to their operating systems and applications.

• NSS Labs’ core technology strengths and brand recognition differentiate the company from others in the market. Over the years, NSS Labs has worked to advance transparency and accountability in the cybersecurity industry. No other company today has the unique qualifications and insight into the challenges and essential security needs of enterprises and practitioners.

In less than 300 words, summarize the achievements of the company in the nominated category

NSS Labs is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. The company continues to make significant strides toward its mission to advance transparency and accountability within the cybersecurity industry. Key milestones and achievements include:

• NSS Labs continues to evolve its CAWS 3.0 continuous security validation platform. CAWS leverages NSS Labs’ unmatched expertise in security testing, along with the company’s extensive research and global threat analysis capabilities. CAWS measures the ongoing effectiveness of security controls, providing a real-time scorecard that helps business leaders substantiate their security investments. Businesses can also leverage the threat data delivered by CAWS to strengthen their cyber risk posture and mitigate threats to their operating systems and applications.

• NSS Labs continuous to perform independent group tests of the top security technologies used by Global 2000 companies. Reports from these rigorous tests offer vendor-neutral analysis and provide the industry’s most comprehensive review of security effectiveness, performance, and total cost of ownership to inform decision-making. Products evaluated in 2017 include advanced endpoint protection (AEP) products, data center firewalls (DCFWs), next generation firewalls (NGFWs), web application firewalls (WAFs), and web browsers.

• The company has earned industry recognition on the merits of its technology innovation and business execution. Recent accolades include honors from the Austin Business Journal, Austin Chamber of Commerce, Austin Inno, Golden Bridge Awards, Inc. Magazine, the Network Products Guide, and Red Herring.

 

https://cybersecurity-excellence-awards.com/candidates/nss-labs

Quote

 

Update:

Symantec told ZDNet, "As this is a pending litigation, we have no comment."

 

An ESET spokesperson said the cybersecurity firm is yet to receive any official, legal communication, and as such, "we are unable to say more at this time, beyond the statement that we categorically deny the allegations."

 

"Our customers should be reassured that ESET's products have been rigorously tested by many independent third-party reviewers around the world, received numerous awards for their level of protection of end users over many years, and are widely praised by industry-leading specialists," the spokesperson added.

 

When asked whether the companies named were the only entities involved, Phatak told ZDNet, "Those vendors (CrowdStrike, Symantec, ESET) and the vendor-driven AMTSO are named because they are the ones who are leading the conspiracy. There are other unnamed co-conspirators and their involvement will be determined during the course of this antitrust case."

 

"We are where we are because we refused to be pay-to-play and CrowdStrike knows it," the executive added. "Their smear tactics are par for the course. They should be ashamed of themselves."

 

ZDNet has reached out to AMTSO and will update if we hear back.

 

https://www.zdnet.com/article/nss-labs-files-lawsuit-against-crowdstrike-symantec-eset-amtso/