santiago silver - Fotolia
Independent product testing firm NSS Labs ceased operations last week, citing negative effects from COVID-19, but former employers say the company's financial struggles and turmoil predate the pandemic.
In October 2019, NSS Labs was quietly acquired by Consecutive Inc., a private equity firm based in San Francisco. Neither the testing firm nor Consecutive publicly announced the deal at the time, but SearchSecurity, which first reported the acquisition in February, obtained documents that showed that NSS Labs merged with an unnamed subsidiary of Consecutive.
At the time, both NSS Labs and Consecutive declined to say what subsidiary the testing firm had merged with, nor did they explain why the acquisition was not publicly announced.
Former NSS Labs CEO Jason Brvenik said earlier this year that the acquisition was "a simple transaction and restructure" designed to better position the company moving forward. George Symons, managing director of Consecutive, said in a statement to SearchSecurity that his firm saw "a strong future for the company as it delivers a critical service to the security market."
But 12 months later, NSS Labs closed.
"Due to COVID-related impacts, NSS Labs ceased operations on October 15," the company's website reads.
However, former employees of the testing firm told SearchSecurity the company was experiencing financial struggles long before the pandemic struck. They also said there were warning signs from Consecutive's acquisition that indicated the testing firm's days were numbered.
The former employees, who spoke on the condition of anonymity, said they were informed of the Consecutive agreement months after the deal was completed last October. And even after being notified of the acquisition via shareholder letters, the former employees said the specifics of the agreement were kept secret and neither company acknowledge repeated requests for information about the transaction.
Even more upsetting, former employees discovered the value of their shares in the testing firm had been diluted or outright cancelled, resulting in share being worth fractions of pennies.
The letters to shareholders, signed by Brvenik, did not explain why the value of their shares plummeted. SearchSecurity obtained a copy of a letter that was received by a former employee who owned tens of thousands of shares in NSS Labs common stock.
"Pursuant to the merger agreement, each share of Company Capital Stock held by a Stockholder immediately prior to the effective time of the Merger was cancelled and automatically converted into the right to receive certain consideration pursuant to the Merger Agreement," the letter said.
In an accompanying document, the total value of the former employee's shares was listed at under $1.
"Due to processing costs, we would appreciate if you forego any payment below $25.00," the document said. "All amounts not paid out will be aggregated and donated to a nationally recognized charitable organization."
Former employees say the secrecy around the acquisition and the drastically reduced value of NSS Labs shares for former employees were red flags for the company's condition. One former employee said several staff members last year were laid off or left NSS Labs out of concern their positions were going to be eliminated.
Another former employee told SearchSecurity the company was seeking additional funding. "They were running out of cash," the source said.
NSS Labs' last round of investment, according to the company's website, was in 2016 when it received $16 million from Delta-v Capital and LiveOak Venture Partners.
In addition to financial concerns, NSS Labs was also coming off of contentious and high-profile legal battles with some of the biggest security vendors in the industry. The testing firm was embroiled in a lengthy dispute with endpoint security vendor CrowdStrike over negative test results regarding CrowdStrike's Falcon platform in 2017.
In 2018, NSS Labs filed an antitrust suit against CrowdStrike, Symantec, ESET and the nonprofit Anti-Malware Testing Standards Organization (AMTSO). The suit alleged that the defendants engaged in a conspiracy to prevent NSS Labs from independently testing the three vendors' products.
Last year, NSS Labs and CrowdStrike agreed to a confidential settlement regarding both the 2017 testing dispute and the 2018 antitrust allegations. In December, the testing firm dropped its antitrust suit against ESET, Symantec and the AMTSO.
Former employees who spoke to SearchSecurity said they don't know what the CrowdStrike settlement entailed or how much money was spent in legal fees in the last three years. However, some said the antitrust suit was an ill-advised move that was essentially unwinnable and likely cost a significant amount of money for a cash-strapped company.
Consecutive's status is unclear; the company's website does not list any investments or holdings.
Consecutive did not respond to requests for comment.