Security Admin (NetSec)
2017-02-16 19:25:50 UTC
http://www.securityweek.com/crowdstrike-sues-nss-labs-prevent-publication-test-results
From Article:
"There are two primary issues here: is it possible to conduct fair comparative tests for advanced endpoint protection products (aka, machine-learning or next-gen AV); and is the law a valid method of preventing them?"
The article has various opinions about this, with additional links to opinions.
I offer my $0.02
It would appear that based on the NSS Lab admission that "The Falcon Host's final rating may have been different had it completed the test." that Crowdstrike may have a legitimate beef.
When deploying Palo Alto devices with Wildfire enabled, I would inevitably get asked the question as to whether or not traditional AV was needed. This came up even more as Palo Alto introduced host-based protection via "traps."
What I have found is that many of these so-called "next-gen" protection mechanisms are quite good at protecting against unknown aka "0day" threats. However, they tend to fall short in protecting against old threats, like the nth version of MyDoom. Signature-based solutions still have their place, and until the next-gen vendors like Crowdstrike can protect against both, signature-based AV may still be needed.
From Article:
"There are two primary issues here: is it possible to conduct fair comparative tests for advanced endpoint protection products (aka, machine-learning or next-gen AV); and is the law a valid method of preventing them?"
The article has various opinions about this, with additional links to opinions.
I offer my $0.02
It would appear that based on the NSS Lab admission that "The Falcon Host's final rating may have been different had it completed the test." that Crowdstrike may have a legitimate beef.
When deploying Palo Alto devices with Wildfire enabled, I would inevitably get asked the question as to whether or not traditional AV was needed. This came up even more as Palo Alto introduced host-based protection via "traps."
What I have found is that many of these so-called "next-gen" protection mechanisms are quite good at protecting against unknown aka "0day" threats. However, they tend to fall short in protecting against old threats, like the nth version of MyDoom. Signature-based solutions still have their place, and until the next-gen vendors like Crowdstrike can protect against both, signature-based AV may still be needed.