CrowdStrike attempts to sue NSS Labs to prevent test release, court denies request

Last week, before the start of the RSA conference in San Francisco, CrowdStrike filed for a restraining order and injunction in a federal court, seeking to prevent NSS Labs from releasing the results of a recent NSS’ Advanced Endpoint Protection (AEP) group test.

The court, ruling that CrowdStrike failed to demonstrate success on merits, sided against the security vendor on Monday.

In April of last year, CrowdStrike entered into an agreement with NSS Labs to conduct private testing of their Falcon platform. According to CrowdStrike, NSS Labs failed to perform the tests in an accurate and acceptable fashion. NSS Labs conducted additional testing, in order to address the reported shortcomings, but CrowdStrike was still less than impressed.

According to court documents, on January 18 – the court documents state the year as 2016, but this is likely an error – NSS Labs notified CrowdStrike they were planning a public test of the Falcon software.

CrowdStrike, upon learning that the results of the test would be released during the RSA conference, went to a U.S. District Court in Delaware and demanded a restraining order and injunction preventing the report’s release.

The court’s ruling memo, obtained by Salted Hash, states “CrowdStrike alleges that ‘a negative report shouted from the stage at the RSA Conference would damage’ CrowdStrike’s reputation, resulting in irreparable harm.”

CrowdStrike says NSS Labs breached their contact, and that any information released as part of the test results could have only been obtained via private testing, which would go against NSS Labs’ stance of never disclosing data related to private tests.

The court wrote it was “not convinced that NSS used confidential information it obtained during the private test to conduct the public test,” adding that it was also not convinced that NSS Labs failed to maintain confidentiality of CrowdStrike’s data.

The second claim that CrowdStrike made is that NSS Labs interfered with a contract between them and a reseller (Constellation), where NSS Labs obtained a copy of Falcon.

“CrowdStrike alleges that NSS knew of the Terms and Conditions which did not permit ‘third parties to access or use the Products,’ and prohibited ‘any competitive analysis on the Products.’ CrowdStrike further alleges that NSS sought a third-party with access to the Falcon software and induced that third-party to provide it access to the software, violating the Terms and Conditions of which NSS was aware,” the court documents state.

The court disagreed, and NSS Labs says it wasn’t required to click through any terms and conditions prior to accessing the Falcon platform for the public test, and as such it couldn’t have known about the terms of the contract between Constellation and CrowdStrike. If anything, the court added, it was Constellation that breached its contract. The court also ruled against CrowdStrike when it came to the claim of misappropriation of trade secrets related to the violated contract.

“CrowdStrike contends that NSS’s report will ‘cast the Falcon tool in a poor light, and a cursory analysis of the two private reports shows that the public report will be inaccurate.’ An inaccurate ranking of Falcon among its competitors will, according to CrowdStrike, decrease sales and revenues,” the court noted, when discussing why it ruled against CrowdStrike on the claim of irreparable harm.

“Accordingly, even if NSS breached the Private Agreement with CrowdStrike, any harm resulting from that breach is not related to the harm CrowdStrike purports it will suffer here upon disclosure of the public report.”

The court ruled that nothing in the NSS Labs report counts as a trade secret, and none of the data in the report came from the private tests.

In a blog post on the case published Tuesday,, CrowdStrike made the same claims as they did when they filed the complaint last week.

“CrowdStrike filed suit in U.S. Federal District Court against NSS Labs to hold it accountable for unlawfully accessing our software, breaching our contract, pirating our software, and improper security testing. Regardless of test results (which we have not seen), CrowdStrike is making a stand against what we believe to be unlawful conduct.”

CrowdStrike says that NSS Labs made a number of errors, including listing legit software (Skype, Firefox, and Java) as malicious, which left them with no confidence in their testing methodology, prompting them to decline a public test.

“After explicitly telling NSS on multiple occasions that they were prohibited from using our software for public testing, they colluded with a reseller and engaged in a sham transaction to access our software to conduct the testing.”

They then preempted any negative results in the forthcoming test by stating that anything NSS Labs publishes is “incomplete and materially flawed.”

“To be crystal clear, the results of the report are unknown to us at this time and irrelevant, we are suing NSS because of their illicit activity, breach of contract and misappropriation of our intellectual property.”

While CrowdStrike may file other suits, the court has already ruled against them on everything listed in the blog, and stated that “Plaintiffs have failed to demonstrate a likelihood of success on the merits and irreparable harm…”

NSS Labs will release their report later today during the RSA conference.

If any of this seems familiar, that’s because the claims made by CrowdStrike against NSS Labs mirror those made by Cylance, in a story we published yesterday here on Salted Hash.

Both companies contend that the labs violated terms and conditions by using a third-party, leading to the claim of pirated software, and both accused the labs of conducting improper testing.

But some security professionals have a bone to pick with NSS Labs, which is clearly demonstrated in this thread on Twitter.

The court documents are below: