Ages ago, I had written about this gem I had found in the End User License Agreement for Palo Alto Networks equipment. Itâs still there in more or less the same form it was back in 2014:
2.c. Use Restrictions: You shall not: [...] vi. Disclose, publish or otherwise make publicly available any benchmark, performance or comparison tests that you (or a third part contraqcted by you) run on the Products, in whole or in part;
And while NSS Labs is, sadly, no longer around to run afoul of thisâthey ceased operations on 15 October 2020 due to Covid-19âPalo Alto Networks is still around and still using the legal system to suppress published comparisons of their products to competitors. Their current target: Orca Security, who dared to compare their products against Palo Alto Networkâs equivalent offerings and post the result of their findings on the Internet.
As Orca Security Co-founder and CEO Avi Shua points out:
Itâs outrageous that the worldâs largest cybersecurity vendor (its products being used by over 65,000 organizations according to its website), believes that its users arenât entitled to share any benchmark or performance comparison of its products. According to its boilerplate contract terms that prohibit âdisclosing, publishing, or otherwise making publicly available any benchmark, performance, or comparison testsâ of its products, youâre in violation even if you publish the results of an internal comparison of Palo Alto Networks against other products as part of your procurement process. The same goes for the hundreds of Palo Alto Networks reviews on various sites that include G2 Crowd, Capterra, and Gartner Peer Insights. It means that only benchmarks approved by Palo Alto Networks can be published.
Of course, this is from the same company that, on average, takes more than four months to fix reported security vulnerabilities against their product. Explains why pentesters donât even know their firewalls are there.
Disclaimer: In the interest of transparency, which I believe is a good thing, I know several people at Orca Security as they used to be co-workers at my current employer, Check Point, who did not offer an opinion on this matter. These are just my own thoughts.