Webroot Sues CrowdStrike, Kaspersky, Sophos, Trend Micro
‘Legitimate licensing discussions start with a phone call, not a lawsuit. This type of action is something I would expect from a patent troll, not cybersecurity companies,’ a CrowdStrike spokesperson tells CRN.
Webroot has accused endpoint security rivals CrowdStrike, Kaspersky, Sophos, and Trend Micro of violating six or seven patents associated with internet security and malware detection.
The Broomfield, Colo.-based subsidiary of OpenText claims that four of its largest competitors have implemented Webroot’s patented technology around network security and endpoint protection into their flagship products and platforms, according to complaints filed March 4. The lawsuits come more than two years after Webroot parent Carbonite was acquired by OpenText, who’s also a plaintiff.
“Plaintiffs bring this action to seek damages for and to ultimately stop Defendants’ continued infringement of Plaintiffs’ patents,” Webroot wrote in four separate U.S. District Court filings. “As a result of Defendants’ unlawful competition in this District and elsewhere in the United States, Plaintiffs have lost sales and profits and suffered irreparable harm, including lost market share and goodwill.”
Sophos declined to comment, while Webroot didn’t immediately respond to requests for comment. Kaspersky said it’s reviewing the issue.
OpenText said in a statement that it “brings these lawsuits to protect its intellectual property investments and to hold these parties accountable for their infringement and unlawful competition ... OpenText intends to vigorously enforce its intellectual property rights.”
Trend Micro COO Kevin Simzer told CRN that “desperate times, call for desperate measures. Perhaps OpenText is struggling with the less-than-successful assets they have acquired over the years, so they need to transform into a patent troll type of company. We will vigorously defend ourselves.”
The civil complaints against CrowdStrike, Kaspersky, Sophos and Trend Micro were filed by Webroot in the Western District of Texas - a popular destination for patent litigation - with each running well over 100 pages.
“Legitimate licensing discussions start with a phone call, not a lawsuit,” a CrowdStrike spokesperson told CRN in an emailed statement. “This type of action is something I would expect from a patent troll, not cybersecurity companies that should be laser-focused on protecting their customers, not suing competitors.”
The lawsuits were ridiculed on social media Monday, with security researcher Kevin Beaumont writing on Twitter, “Things I learn: Webroot and OpenText are patent trolls against the cybersecurity industry … They’re basically trying to patent the endpoint security industry.” OpenText has been litigious over the past decade, filing 25 suits against everyone from Motorola and Box to Alfresco and Hyland Software.
Webroot’s valuation has lagged behind its endpoint security rivals, with the company being sold to Carbonite in 2019 for $619 million. In contrast, CrowdStrike is currently worth $41.63 billion, Trend Micro is worth $8.18 billion, while Sophos was sold to private equity firm Thoma Bravo in 2020 for $3.9 billion. Kaspersky is privately held and saw revenue increase by 3 percent in 2020 to $704 million.
The company alleges that some of its competitors best-known products infringe on Webroot patents, including: CrowdStrike’s Falcon Platform and Falcon Endpoint Protection; Kaspersky Total Security and Endpoint Detection and Response; Sophos Intercept X Advanced with EDR and XDR; and Trend Micro Apex One and Smart Protection Network. Webroot previously sued BrightCloud Technologies in 2015.
CrowdStrike, Kaspersky and Trend Micro are each accused of violating the same six Webroot patents, while Sophos also allegedly infringed upon a seventh Webroot patent. Webroot said its patented technology transformed the way malware detection and network security were conducted, reducing the shortcomings that plagued signature-based security products that relied on human analysis.
“Instead of relying on human analysts, Plaintiffs’ patented technology enabled and automatic and real-time analysis, identification, and neutralization of previously unknown threats, including new and emerging malware, as well as advanced polymorphic programs,” Webroot wrote in the lawsuits.
Two of the patents all four companies are accused of violating cover systems and processes related to real-time and advanced classification techniques for as-yet unknown malware. Webroot said its two advanced malware detection patents were issued by the United States Patent and Trademark Office (USPTO) in 2013 and 2014.
The third and fourth patent all four companies allegedly infringed upon provide forensic visibility into computing devices in a communication network by analyzing network events and creating audit trails, according to Webroot. The forensic visibility patents were issued by the USPTO in 2017 and 2019.
The fifth patent all four companies are accused of infringing upon covers a technique to prevent undesirable software and other computer exploits from executing and was issued in 2019. The sixth patent all four vendors are accused of violating addresses and improves upon conventional approaches to malware detection in computer networks and computer network operation and was issued in 2020.
And the seventh Webroot patent which only Sophos is accused of violating was issued in 2013 and is focused on improved techniques for detecting and classifying malware. Specifically, Webroot said the patent covers unconventional and novel distributed system architectures such as remote computers that may be allocated to threat servers with central servers sitting behind them.
“Defendant offers and sells the Accused Products,” Webroot wrote in the lawsuit against Sophos. “These products provide and implement malware detection, network security, and endpoint protection platforms for individuals and enterprises and incorporate Plaintiffs’ patented technologies.”