Sophos Slams Cylance In Blog Post As Market For Endpoint Security Heats Up

Printer-friendly version Email this CRN article

The fight is on in the endpoint security market, and Sophos is the latest vendor to throw punches at next-generation endpoint security startup Cylance.

In a blog post Thursday, Kendra Krause, Sophos vice president of global channels, highlighted a recent presentation by Dan Schiappa, senior vice president and general manager of the End User Security Group, in which the executive said Cylance and other next-gen endpoint players have made some "bold statements" about their technology, but claimed that partners and customers are ultimately ending up with less protection for a higher cost. [Editor's Note: Sophos Friday evening removed the original blog post and replaced it with a new one attributed to a different writer that generally discusses next-gen security products but removes all references to Cylance and Schiappa. CRN has reached out to Sophos for comment on the post's removal and will update this story if we hear back]

"By adding Cylance to an equation, an IT organization is getting less protection and more false positives and a lot more expense. For what? I'm not really sure. The next time you hear Cylance or any other next-gen endpoint company talk about their protection, make sure you do your own research," Schiappa said.

[Related: CRN Exclusive: Sophos CEO On Knocking Out The Competition With Security Heartbeat]

Sophos isn't the only major endpoint security vendor to slam Cylance. In December, Symantec also wrote a blog post about the company, comparing the two technologies and criticizing the startup.

Cylance has been on a growth tear recently, most recently landing $100 million in Series D funding in June. The company has seen 1,089 percent product billings growth and 785 percent customer growth since it started in 2012. Like Sophos, Cylance is 100 percent channel and has seen growing momentum with partners in the endpoint security market.

Schiappa said Sophos tested its technology against Cylance among different categories of malware. For example, the company ran 100 different types of executable malware against Cylance Protect and Sophos on different machines. He said both companies did a "good job" stopping executable malware, but said Cylance has been known to "slant the playing field to make sure their product looks good" in competitive comparisons.

When run against nine different types of malware, Schiappa said, Sophos matched Cylance on one category (executable malware), beat the company's solution in three (MS Office files, PDFs, JavaScript) and stopped malware Cylance failed to stop in five categories (Malicious URLs, Phishing, Unauthorized Apps, Removable Media and exploits).

"No matter what kind of exploit we threw at it, whether it's a new threat or a nasty ransomware sample, Cylance Protect continues to struggle while Sophos simply protects," Schiappa said. "If we look at the scorecard for the 'Nasty Nine,' it should make anyone think twice about considering Cylance Protect for endpoint security."

Schiappa also slammed Cylance's claims to work without being connected to the Internet and doesn't require prior knowledge of specific malware. He said Sophos found those claims to be untrue. Sophos did not provide additional comment to CRN beyond the blog post.

CRN obtained an advance copy of a blog entry that Cylance said it was planning to post Friday, in which Cylance claimed that the Sophos test was filmed at a partner's testing lab and with further analysis asserted that some functions were not enabled during the test. It said policies for Auto Quarantine with Execution Control and Memory Protection Enabled in Block Mode except for Malicious Payload were enabled, but "all other features were not enabled" during the video filming.

Printer-friendly version Email this CRN article