Sophos Slams Cylance In Blog Post As Market For Endpoint Security Heats Up

The fight is on in the endpoint security market, and Sophos is the latest vendor to throw punches at next-generation endpoint security startup Cylance.

In a blog post Thursday, Kendra Krause, Sophos vice president of global channels, highlighted a recent presentation by Dan Schiappa, senior vice president and general manager of the End User Security Group, in which the executive said Cylance and other next-gen endpoint players have made some "bold statements" about their technology, but claimed that partners and customers are ultimately ending up with less protection for a higher cost. [Editor's Note: Sophos Friday evening removed the original blog post and replaced it with a new one attributed to a different writer that generally discusses next-gen security products but removes all references to Cylance and Schiappa. CRN has reached out to Sophos for comment on the post's removal and will update this story if we hear back]

"By adding Cylance to an equation, an IT organization is getting less protection and more false positives and a lot more expense. For what? I'm not really sure. The next time you hear Cylance or any other next-gen endpoint company talk about their protection, make sure you do your own research," Schiappa said.

[Related: CRN Exclusive: Sophos CEO On Knocking Out The Competition With Security Heartbeat]

Sponsored post

Sophos isn't the only major endpoint security vendor to slam Cylance. In December, Symantec also wrote a blog post about the company, comparing the two technologies and criticizing the startup.

Cylance has been on a growth tear recently, most recently landing $100 million in Series D funding in June. The company has seen 1,089 percent product billings growth and 785 percent customer growth since it started in 2012. Like Sophos, Cylance is 100 percent channel and has seen growing momentum with partners in the endpoint security market.

Schiappa said Sophos tested its technology against Cylance among different categories of malware. For example, the company ran 100 different types of executable malware against Cylance Protect and Sophos on different machines. He said both companies did a "good job" stopping executable malware, but said Cylance has been known to "slant the playing field to make sure their product looks good" in competitive comparisons.

When run against nine different types of malware, Schiappa said, Sophos matched Cylance on one category (executable malware), beat the company's solution in three (MS Office files, PDFs, JavaScript) and stopped malware Cylance failed to stop in five categories (Malicious URLs, Phishing, Unauthorized Apps, Removable Media and exploits).

"No matter what kind of exploit we threw at it, whether it's a new threat or a nasty ransomware sample, Cylance Protect continues to struggle while Sophos simply protects," Schiappa said. "If we look at the scorecard for the 'Nasty Nine,' it should make anyone think twice about considering Cylance Protect for endpoint security."

Schiappa also slammed Cylance's claims to work without being connected to the Internet and doesn't require prior knowledge of specific malware. He said Sophos found those claims to be untrue. Sophos did not provide additional comment to CRN beyond the blog post.

"Once again, we stress to you the utmost importance of not trusting ANY vendor's claims (including Cylance) and TO TEST FOR YOURSELVES," the planned Cylance blog post said. "Believe the math!"

Bill Strub, co-founder of St. Paul, Minn.-based NaviLogic, a Cylance partner, said the Sophos test was "not the same level of performance that we've seen" with the product. He said he has only seen one instance where a downloader made it past the Cylance system, only later to be caught as it began to download malware to the environment.

In an email comment to CRN, Nick Warner, Cylance senior vice president of worldwide sales, said the attacks from Sophos, Symantec and other anti-virus companies are the "highest form of praise." He said Cylance's partner relationships are "vital to what we do" and "we look forward to another banner year as we work with the proven security partners we've signed on."

’Frankly, we take these propaganda campaigns from Legacy AV as the highest form of praise," Warner said. "Each one of these so-called tests has been proven to be completely rigged, which is a testament to how hard it actually is to come close to CylancePROTECT’s efficacy on a level playing field."

NaviLogic's Strub said competition in the endpoint security market is definitely "heating up."

"I think until something is as effective from their other products, they will continue to find areas of attack," Strub said. He said proofs of concepts, which Cylance offers for free, are a good way to help customers decide which products they should invest in.

Justin Kallhoff, CEO of Infogressive, a Lincoln, Neb.-based Cylance and Sophos partner, said he usually advises that clients adopt both vendor solutions, as Cylance's anti-malware capabilities are complementary to Sophos' multi-featured solution, which includes UTM, DLP, web filtering, IPS, USB protection and firewall.

Kallhoff said that in his experience, Cylance "consistently" finds malware in environments running competitive solutions, including Symantec, Vipre, Trend, McAfee, Malwarebytes, ESET, Panda, Windows Defender, Kaspersky and Webroot.

"It's Infogressive's recommendation [clients] should run both products simultaneously as they're both effective and give customers defense-in-depth which is our core philosophy," Kallhoff said in an email.