The Gately Report: AI Provides Massive Opportunity for Check Point Partners
Plus, a Russian nation-state group steals Microsoft source code.
![Check Point partners get AI opportunity Check Point partners get AI opportunity](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfd48ef8df71b5110/652622fe4523b7ad4a2c6256/AI-Robot.jpg?width=700&auto=webp&quality=80&disable=upscale)
Tatiana Shepeleva/Shutterstock
Channel Futures: Has this been the biggest CPX 2024 in terms of partner participation?
Francisco Criado: So we started in Bangkok in Thailand and we had CPX there. From there, we went to Vienna where we had EMEA, and then now this was for the entire Americas. And we'll do some other events. There will be a sub-CPX that we'll do in Canada and other geographies, but this is really the big one where we get the majority of our distributors, partners and customers. It has been an unbelievable ride going to all three. This is my first year at Check Point, and with the leadership, the way we're repositioning ourselves as a platform company, the solution innovation, both organic and inorganic through acquisition, and a new partner program, just the energy level has been fantastic. The feedback has been great, very upbeat, and it's across the board, even internally at Check Point.
CF: Harmony SaaS, security appliances and more were announced during CPX 2024. What types of new opportunities do these create for partners?
FC: So for partners, the more comprehensive the portfolio, the better and more complete security posture they can provide to their customers. So for them, these are upsell and cross-sell opportunities. They can provide more value. And it's just a more comprehensive approach as they look at securing these environments. And the other thing, too, because we have this comprehensive portfolio and it is so complete because we have the collaboration, especially within our ThreatCloud, that allows us to really differentiate ourselves among our competitors, the way that we can collaborate in less than 2 seconds, all the different enforcement points are notified if there's a vector that's trying to be compromised. It's something that I think stands out with Check Point, and it's a huge value as both a partner and a customer as they're implementing a Check Point solution.
CF: What sort of feedback did you receive from partners at CPX 2024?
FC: Awesome, very positive feedback. And I think part of this is that we haven't been together physically on a scale like this in roughly four years. So I think everybody coming together just feels good. But in addition to that, when they see some of the new leadership, they see the innovation, they see the effectiveness of our security solutions, they see how much more recognition we've gotten in the market, everybody seems very enthusiastic and really excited. So I'm looking forward to a couple quarters and seeing the impact this has within our partner ecosystem and in our customers.
CF: In January, Check Point launched a new partner program. What's been the reaction from partners? Are they taking advantage of all that's available?
FC: You always hope you're doing the right thing and there's no crystal ball. But I'll tell you the feedback has been overwhelmingly positive. And what I keep telling partners is there's more. This is progress; it's never perfection. So they're going to keep on seeing improvements to the partner program. Now we're starting to see some great lead indicators as we've rolled things out. One of the things in the partner program is that we started to really focus on some of our dormant partners. So we gave them access. We democratized access to our tools and resources, and registration, and started doing digital marketing to this partner set. And in a six-month period, we activated over 100 new partners. That provided significant year-over-year revenue.
We have partners that are starting to take advantage of the free certification. So they're asking for vouchers to use at our authorized training centers. The pricing grid is pretty new. So we're just starting to get partners to register and start using our new pricing grid. We're going to have a tight management system because we want our partners to take full advantage. So the certification is a good example where I'm going to start looking at all the partners, and who hasn't yet met their certification to make sure that they take advantage and they build that competency, and they have the skills and the knowledge to be able to provide the right solutions.
CF: What do you hope partners can take with them from CPX 2024 and make use of in their businesses?
FC: I'm hoping that they can, first of all, see the new Check Point. They see this transformation. They see the innovation and the efficacy of our solutions because we really do stand apart right now. And a good example is we really do use AI. These are tangible, real solutions. So they can take that and start to really implement that into their own security practices. So again, they can provide the right and optimal security posture to their customers.
CF: Gil Shwed stresses prevention first and zero trust. Are partners embracing these with their customers?
FC: Absolutely. That's one of our main differentiators. We're prevention, instead of detect and try to remediate. So that's something that our partners have been embracing as we're trying to be more aggressive and really make sure that message is getting out to the market. So we've gotten a lot more industry recognition, there's been a lot more marketing from Check Point just in general to make sure we can get that word out, because we truly believe we have the best security. We just want to make sure that the partners and customers know that.
CF: Speaking of recognition, the latest Miercom test shows Check Point delivers a 99.8% block rate on new malware. In addition, Check Point’s Infinity Platform has been ranked as the No. 1 zero-trust platform in the latest Miercom Zero Trust Platform Assessment. What does this industry recognition mean to partners?
FC: Those are amazing statistics. Partners, they're busy and they’re moving fast. They're working with a lot of different vendors. Partners are extremely smart, but people are also fast-forgetters. So I think we need to keep on telling our story so that they remember. It's so impactful when customers see those statistics. They really don't believe them [initially], but once they validate that these are legitimate statistics, it's extremely compelling and it makes it a much faster sales cycle. For our partners, it's pretty compelling. As a customer, if you have a vendor that can stop 99.8% of threats and everybody else is roughly on average in 40%, it's a pretty significant gap. It's not like there's a small margin of difference. Right now I feel like we have a nice innovation gap compared to some of our peer vendors.
CF: What do you find most surprising and dangerous about the current threat landscape?
FC: I think the fact that it's changing all the time is probably the biggest, and just the innovation from the bad actors and the hackers, and the nation-states. I give them credit. There's a lot of innovation on that side. And then all this with generative AI is just a force multiplier for them. So we need to do the same on our side as we're protecting these environments, and protecting businesses and protecting people. How do we stay ahead? How do we sharpen our tools and make sure that we're using everything, including generative AI, to make sure that we're protecting? And generative AI has democratized some of the skill sets necessary to really be dangerous within an organization. There was a high level of sophistication that was required previously. And now, using generative AI, you can launch a distributed-denial-of-service (DDoS) attack as a 12-year-old. It's not that complex. You don't have to be too technical. So I think that's probably the scariest thing for me. And it's going to keep on changing and it's going to keep on getting a lot more interesting as generative AI keeps on progressing.
CF: Beyond CPX 2024, what can partners expect from Check Point? What’s next for you?
FC: We have so many more things that are in the pipeline that we're looking at as it comes to partner programs. So I’ve spent so much time with partners over these last three CPXs – distributors, partners, traditional and nontraditional folks that have been with Check Point for decades, and new partners – and I've gotten a lot of feedback. There’s been a lot of positive changes to the partner program, and they've given me a lot of ideas that have also helped me validate the things that we think we want to do and then given us some new ideas. So I would just say that this is going to continue to change, but we're really proud of this big first step that we've made with the new partner program.
I'm just so looking forward to 2024. I'm looking forward to seeing the impact within our partner ecosystem and how that looks just in the market with our customers. And ultimately, we're all serving the customers. Being a channel person, I'm so proud to also work for a company that's 100%-channel where 95%-plus of security revenue flows through the partner ecosystem. To me, it validates our strategy. And I just want to re-emphasize our commitment to the channel.
In other cybersecurity news …
In January, we reported that Nobelium aka Midnight Blizzard, the Russian nation-state hacking group behind the massive SolarWinds attack, targeted Microsoft, compromising a small number of email accounts, including those belonging to senior staff.
Now, Microsoft says Midnight Blizzard has gained access to some of its source code repositories and internal systems.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft wrote in a blog. “This has included access to some of the company’s source code repositories and internal systems. To date, we have found no evidence that Microsoft-hosted, customer-facing systems have been compromised."
It's apparent that Midnight Blizzard is attempting to use secrets of different types it has found, Microsoft said. Some of these secrets were shared between customers and Microsoft in email, and as it discovers them in its exfiltrated email, it has been and is reaching out to these customers to assist them in taking mitigating measures.
“Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as tenfold in February, compared to the already large volume we saw in January 2024,” it said. “Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”
Tim Callan, chief experience officer at Sectigo, said it’s worth noting that this exploit originates with the same basic credential compromises that “we see in nearly all attacks of this nature.”
“Once the attacker has inappropriate access, a whole host of additional malicious activity becomes possible,” he said. “Stronger authentication methods, including PKI-based authentication, are our single most powerful defense against these breaches.”
John Bambenek, president of Bambenek Consulting, said whenever something like source code is stolen, incident responders have to start thinking about how that information can be used to attack the organization and customers.
“Ironically enough, secrets being part of the data being stolen makes this work a little easier,” he said. “Attackers naturally gravitate towards credentials so defenders can put more strict monitoring on the underlying accounts to look for misuse (after rotating the keys or passwords, of course). That seems to be what’s driving the additional insights Microsoft provided. However, unlike traditional expulsion events in incident response where you simply close all the doors opened by an attacker, source code and secret theft requires ongoing monitoring, remediation and response months after the breach was mitigated.”
The global secure access service edge (SASE) market reached a significant milestone in 2023, breaking the $8 billion barrier with 31% growth to $8.4 billion.
That’s according to Dell’Oro Group. Zscaler was the overall market leader in terms of revenue. The six leading SASE vendors – Zscaler, Cisco, Palo Alto Networks, Symantec/Broadcom, Fortinet and Netskope – accounted for 65% of the market revenue, highlighting a consolidation trend and suggesting the market's move towards maturity.
The increasing necessity for secure cloud and remote work solutions largely fueled the strong growth. As businesses globally adjust to a digital-first environment, the heightened investment in SASE highlights a shift towards integrated security frameworks. Zscaler's new revenue leadership position in the SASE market underscores the dynamic nature of the cybersecurity industry, with innovation and customer needs driving competitive shifts.
"As enterprises worldwide navigate the complexities of remote work and cloud integration, the preference for comprehensive SASE solutions becomes more pronounced," said Mauricio Sanchez, senior research director of enterprise networking and security at Dell’Oro Group. "The market growth in 2023 highlights the importance of SASE in modern cybersecurity strategies and reflects the industry's confidence in these platforms to provide robust, scalable protection.”
![Dell'Oro Group's Mauricio Sanchez Dell'Oro Group's Mauricio Sanchez](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta390a84168cc7c08/6523f96dd03b4f3f28908b23/Sanchez-Mauricio_DellOro-Group-2022.jpg?width=700&auto=webp&quality=80&disable=upscale)
Dell'Oro Group's Mauricio Sanchez
Additional highlights from Dell’Oro Group’s Fourth Quarter 2023 SASE and SD-WAN Quarterly Report include:
The secure service edge (SSE) segment of the SASE market crossed the significant threshold of $4 billion by maintaining a year-over-year growth rate of over 30% for the fourth consecutive year.
The SD-WAN segment saw its revenue surpass $3 billion. However, after six years of growth of over 30% per year, the increase slowed to 28% in 2023, indicating a post-pandemic recalibration of enterprise spending.
Single-vendor SASE solutions surged ahead of multi-vendor offerings, driven by vendor consolidation and a growing enterprise preference for single-vendor engagements.
The global SASE market is highly competitive, Sanchez said.
“I’m still tracking over 30 vendors,” he said. “In particular, the SSE side of security is still storming and forming. The top five SSE vendors – Zscaler, Symantec/Broadcom, Palo Alto Networks, Cisco and Netskope – controlled 74% of the market, a slight decrease from 2022, suggesting that the SSE market is still in a dynamic growth phase. The big vendors are differentiated by the scale and breadth of their offerings on both the networking and security sides. I see it as the reason Zscaler has jumped into the SD-WAN market.”
The slowing growth of the SD-WAN market is due to the cyclical impact of the pandemic, Sanchez said. During the early phase of the pandemic, supply chain disruptions and significant fiscal stimuli led enterprises to place unusually large orders due to concerns over hardware supplies, resulting in a spike in vendor backlogs.
“Throughout 2022, there was a substantial increase in hardware supply, starting modestly but expanding significantly by year's end, leading to an overwhelming influx,” he said. “Faced with staffing shortages to manage this rapid hardware arrival, these enterprises paused further SD-WAN purchases to focus on deploying the equipment they had already received.”
CrowdStrike is acquiring Flow Security, a cloud data runtime security solution, for a reported $200-$220 million.
With the acquisition of Flow Security and by bringing data security posture management (DSPM) to the CrowdStrike Falcon Extended Detection and Response (XDR) platform, CrowdStrike can discover, classify and protect data in all states from the risk of exposure, wherever it moves or resides.
The purchase price will be paid mostly in cash, with a portion delivered in the form of equity subject to vesting conditions. The proposed acquisition should close during CrowdStrike’s fiscal first quarter, which ends April 30, subject to customary closing conditions.
“CrowdStrike was born in the cloud and pioneered cloud-native cybersecurity,” said George Kurtz, CrowdStrike’s founder and CEO. “We have been consistently recognized as the strategic leader in cloud security by delivering the outcomes customers need most from a single, unified platform. With the acquisition of Flow Security, we’re expanding our cloud leadership by protecting data in all states as it flows through the cloud, and are redefining the future of data protection by securing data from code, to application, to device and cloud.”
![Crowdstrike's George Kurtz Crowdstrike's George Kurtz](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltafb44d1e3bfc782a/6525c909bbb3383a51cc836e/Kurtz-George_Crowdstrike.jpg?width=700&auto=webp&quality=80&disable=upscale)
Crowdstrike's George Kurtz
Through this, CrowdStrike will provide visibility into critical cloud data flows, insight into how data interacts with applications, and the ability to detect when sensitive data is at risk or unintentionally leaving an environment.
“Since our founding, Flow Security has focused on removing the complexity of securing the massive amounts of critical data businesses manage daily,” said Jonathan Roizin, Flow Security’s CEO. “We saw that the market lacked a solution that provided comprehensive protection of the flow of data as it traversed SaaS applications, on-premises, cloud infrastructure, third-party APIs, etc., and that this lack of visibility and control presented a critical risk to the enterprise. We look forward to working with the cloud security leader, CrowdStrike, to bring to market the most extensive cloud data protection solution.”
CrowdStrike is acquiring Flow Security, a cloud data runtime security solution, for a reported $200-$220 million.
With the acquisition of Flow Security and by bringing data security posture management (DSPM) to the CrowdStrike Falcon Extended Detection and Response (XDR) platform, CrowdStrike can discover, classify and protect data in all states from the risk of exposure, wherever it moves or resides.
The purchase price will be paid mostly in cash, with a portion delivered in the form of equity subject to vesting conditions. The proposed acquisition should close during CrowdStrike’s fiscal first quarter, which ends April 30, subject to customary closing conditions.
“CrowdStrike was born in the cloud and pioneered cloud-native cybersecurity,” said George Kurtz, CrowdStrike’s founder and CEO. “We have been consistently recognized as the strategic leader in cloud security by delivering the outcomes customers need most from a single, unified platform. With the acquisition of Flow Security, we’re expanding our cloud leadership by protecting data in all states as it flows through the cloud, and are redefining the future of data protection by securing data from code, to application, to device and cloud.”
![Crowdstrike's George Kurtz Crowdstrike's George Kurtz](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltafb44d1e3bfc782a/6525c909bbb3383a51cc836e/Kurtz-George_Crowdstrike.jpg?width=700&auto=webp&quality=80&disable=upscale)
Crowdstrike's George Kurtz
Through this, CrowdStrike will provide visibility into critical cloud data flows, insight into how data interacts with applications, and the ability to detect when sensitive data is at risk or unintentionally leaving an environment.
“Since our founding, Flow Security has focused on removing the complexity of securing the massive amounts of critical data businesses manage daily,” said Jonathan Roizin, Flow Security’s CEO. “We saw that the market lacked a solution that provided comprehensive protection of the flow of data as it traversed SaaS applications, on-premises, cloud infrastructure, third-party APIs, etc., and that this lack of visibility and control presented a critical risk to the enterprise. We look forward to working with the cloud security leader, CrowdStrike, to bring to market the most extensive cloud data protection solution.”
Artificial intelligence (AI) presents a massive opportunity for Check Point Software Technologies partners to grow revenue while improving their customers’ cybersecurity.
That’s according to Francisco Criado, Check Point’s vice president of global partner ecosystem organization. We caught up with him at last week’s CPX 2024 in Las Vegas.
AI took center stage at CPX 2024, and Gil Shwed, Check Point’s CEO and founder, said the company incorporates AI into all of its cybersecurity solutions.
“I think the message for partners is that as they're looking at providing the optimal security posture for their end customers, we have the bad actors that are using AI, so as partners and [Check Point] help these customers build that optimal security posture, we should be leveraging AI as well or else we're going to be behind,” Criado said. “And I think one of the main messages is that AI isn't new to Check Point. We've been using it in our ThreatCloud for many years. We have over 50 AI engines, and now we're expanding that to other parts of our solution portfolio. We announced our Infinity AI Copilot, super excited about that. And then in addition to that, there are other areas like our brand-spoofing solution. There are a lot of things that the human eye can’t catch, so we have to use AI to be really efficient in how we protect those environments.”
Mission for Check Point Partners
Check Point partners need to start developing AI practices and monetize AI within their businesses, Criado said.
Check Point's Francisco Criado
“In the Americas, over 50% of partners believe that they're going to be able to monetize AI within the next couple of years,” he said. “I think that's a really interesting statistic. So I'm just looking forward to seeing the innovation. This is something where you don't want to be laggard. This is a time of transformation in the industry and you want to be in front of that transition so you can take advantage and maximize your market share as a partner with your end customers.”
Scroll through our slideshow above for more from Criado and more cybersecurity news.
About the Author(s)
You May Also Like