The Gately Report: Check Point Betting Big on MSSPs, More Channel Improvements Coming
Plus, the SEC adopts rule requiring the reporting of cyberattacks in four days.
pixs4u/Shutterstock
Channel Futures: What have you been up to since taking this role?
Check Point’s Francisco Criado: When I came over to Check Point, normally when you transition to a new job, I feel like you have a little bit of a lull, and at Check Point that was not the case. I definitely hit the ground running. They’ve kept me really busy. I’ve spent a lot of time learning the Check Point engine. So I’ve done a lot of listening and learning. I’ve spoken to my network of partners, both the traditional and nontraditional. So speaking with a lot of integrators, MSSPs, CSPs and whatnot, and analysts and distributors, just going around the horn and really starting to form some opinions. I’ve socialized those opinions and we’re now looking at driving change within Check Point and our channel approach when it comes to both strategy, program and go-to-market.
CF: In May, Check Point announced it has extended its Cloud Firewall to secure Microsoft Azure Virtual WAN. Will this provide new opportunities for partners?
FC: We do a lot of strategic partnerships and co-sell in markets. So this is an example of one of them. We do this pretty regularly with the cloud hyperscalers. So this example of Microsoft is a great one. Azure Virtual WAN is a pretty interesting hub-and-spoke architecture, so you’re connecting multiple Azure regions. It’s on premises, it’s remote user and it’s other clouds. And as you do this, we’ve teamed with Microsoft where I believe it’s a one plus one equals three, where now we’re securing it with our CloudGuard integration. So with this new solution, the users are going to benefit from advanced threat protection and multilayered network security with the combination of both Microsoft Azure WAN protected by CloudGuard. And really the goal here is providing that secure connectivity, but also increasing operational efficiency within that environment.
CF: What role are partners playing in Check Point’s financial growth?
FC: At Check Point, we’re a 100% channel company, so our partners are our everything. They’re who’s driving our growth in the market. I identify what I call my big rocks. And my biggest rock is how we look at our overall channel strategy and program. So there are a lot of changes in the industry and in the business environment; it’s really marked by heightened competition. And what we see on our side is that customers have increased expectations. They don’t just want a transaction. They’re looking for a holistic solution and they want partners that are specialized; they’re SMEs and they can really create a much more personalized experience.
And then as you look at the rise of nontraditional partners, influencers and the sales cycle, we want to track those types of partners. We want to make sure they’re working with Check Point. And then with all the advancements in technology every single day, it makes it more complicated. It’s more complex. It increases the threat landscape. So we’re trying to address all these programs, all of these challenges with our new program. So as I’ve met with partners, analysts, even other vendors, we’re looking at making some significant changes to drive this growth that we’re looking for through our partners. So we’re looking at enhancing the customer experience, increasing our competitive advantage here at Check Point, and having a program that’s extremely competitive and easy, and predictable for our partners.
Partners follow the money, so we want to show them not only that we have the best solutions in market, but they can make money working with Check Point, investing in a Check Point practice. And then in addition to that, capturing emerging opportunities. A lot of folks think of Check Point as a network security vendor. We’re much more than that.
CF: Is economic uncertainty impacting Check Point? And what is Check Point doing to help partners that are being impacted by economic uncertainty?
FC: Security is interesting. I always have a lot of gratitude that I’m in the technology space. No industry is completely immune to macroeconomic uncertainty, but tech usually fares pretty well and especially cybersecurity, because at the end of the day most customers are not willing to skimp on investment when it comes to their security posture. It seems like cybersecurity is going to be pretty flat to a possible increase this year, at least based on the feedback that I keep on receiving. So we’re pretty optimistic.
And then in addition to that, as you look at some of the acquisitions and how we’ve enhanced our portfolio, there’s just more that we can offer. So as we engage with our partners, and you look at digital transformation, movement to cloud and hybrid cloud environments, the remote workforce and endpoints, and how this threat landscape has gone from protecting the data center to protecting the user, from code to cloud, we have these comprehensive solutions that we believe presents a huge opportunity for Check Point and our partner ecosystem.
CF: What are you hearing from partners in terms of their latest needs?
FC: From a solutions perspective, there’s still a lot on the endpoint, on the user connecting securely to the network and a ton around cloud. I’m excited that we’ve expanded our portfolio here with our CloudGuard solutions where if it’s on premises, cloud, a public cloud or hybrid cloud environment, we have the ability to do it under one platform, which is a differentiator for Check Point in market.
If you look at it from a programmatic perspective, I did work at a partner for a couple of years, but most of my career in the channel has been in distribution, so I’ve seen a lot of programs. I’ve seen some false starts. I’ve seen some great programs. I’ve seen what works and what doesn’t work. And we are putting the best of breed as we look at our Check Point programs. So I would say expect to see announcements through the rest of this year and going into next year. We may have some big splashes, but this is going to be more of a launch when ready approach. We don’t want to hold things back. We want to give our partners access to these great things as we get them done.
CF: Can you give us a preview of what’s coming?
FC: We want to democratize access to tools and systems. So as you look at our partner types and even some partners that might have been more of a transactional nature with Check Point, we want to make sure that they have access to all the great resources at Check Point. The other place where it’s become a much bigger and more relevant part of our business is in the SMB space. We’ve had a lot of success here and we want to have more success. So when it comes to very specific solutions, pricing strategy, stocking strategies with our distribution partners, I’d say more to come there.
Also, as you look at users, actual end customers, and partners, how do they want to engage with the vendor? Is it personal? Is it one on one? Is it more in a digital manner? So we’re looking more at how we use digital interaction with our partner community. We want to give them real-time access to training, even on their mobile app, access to experts and even being able to do things like register opportunities so we can start working on them collectively together even sooner in the sales cycle.
And from an end-customer perspective, they want these more personal specialized interactions with partners — not all the time, but most of the time. So we’re going to create some programs and we’re going to reward our partners for investing in becoming specialized with Check Point so that we can have these better experiences with our customers. And then general things. We’re looking at when it comes to our tiers, when it comes to pricing, how do we create a simpler, more predictable program that gives our partners fast access to competitive pricing so we have better SLEs to them and they have better SLEs to their customers? [So] they have very clear visibility in how they can make money with Check Point. We’re going through a lot of transformation right now. We can’t wait to start socializing what we’re doing and how we’re improving the go to market with our partner ecosystem.
CF: Has your background in distribution given you an edge in this role?
FC: I loved working in distribution. It’s so interesting where they sit in the ecosystem because they see the vendors, the partners, traditional and nontraditional engagements in the ecosystem. They’re going through a lot of digital transformation. I got to work with so many different vendors and so many different areas, it wasn’t just cybersecurity. I worked in cloud, data analytics, IoT, data center and endpoints. I got to work across the board to see what works within partner communities when it comes to programs, but also looking at segmentations of partners and how to best leverage them in our go-to-market that we’re putting together, and also just how partners like to work with vendors. Some vendors do it well and other vendors have challenges. So at least I can bring that experience to the table as we start to reshape our program.
CF: What do you find most dangerous about the current threat landscape?
FC: What’s not dangerous? It’s always changing. It’s no secret that you’re never going to have a 100% security posture. But you’re weighing the cost versus benefit and looking at the risk when that comes to your business. I know it’s the buzzword, but artificial intelligence (AI) brings a whole other level of complexity into the equation. You have novice hackers or folks that aren’t even hackers that can become hackers now. And before, when it came to simple things like phishing and spear phishing, you see some grammatical errors and something kind of seems off. But ChatGPT is unbelievably grammatically correct.
In addition to that, there’s malware development and different exploits. So AI has almost been in a bad light recently with all the press, it’s been on the news a lot. But you can use AI as a huge advantage. We’ve been doing it for a long time. We started using AI roughly in 2014. We used it in our ThreatCloud. It’s the brains behind all of our solutions. We have 30 years of data. We’ve been around for a long time. So when it comes to AI, data and large language models (LLMs), the more data and the more history you have is a competitive advantage. We have billions of calls a day going to our ThreatCloud. It’s making billions of decisions and we’re using over 40 AI engines to help deliver solutions through our partner ecosystems that are going to protect consumers and customers in the market.
CF: What can partners expect from Check Point during the remainder of 2023?
FC: I would say partners are going to see a higher level of engagement from Check Point. So that’s going to be everything from how we’re reshaping our channel strategy and go-to-market, to just how we engage in the field. So if you’re a partner, if you’re a customer, it’s all hands on deck right now. We want to be engaged as possible and close to our partners as we’re trying to deliver best-in-class security to market.
In other cybersecurity news …
The U.S. Securities and Exchange Commission (SEC) has adopted a rule requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis information regarding their cybersecurity risk management, strategy and governance.
A four-day requirement for reporting will start from the time a cyber incident was determined to be “material.” They will be required to describe the material aspects of the incident’s nature, scope and timing, as well as its material impact or reasonably likely material impact on the registrant.
The disclosure may be delayed if the U.S. Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety, and notifies the commission of such determination in writing.
“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC chair Gary Gensler. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies and the markets connecting them.”
Nakul Goenka, risk officer at ColorTokens, said the SEC’s decision is a “significant step in the right direction.”
“These breach disclosure rules will help give CISOs a seat at the table,” he said. “Companies should start preparing and thinking about their policies, procedures, organizational structure and tool sets immediately. While the rules do offer flexibility to determine what is considered a ‘material’ incident and hence reportable, we might also see some litigation based on decisions taken by the management teams. It will be interesting to see how these rules are actually implemented and whether the benefits will outweigh the costs and burden.”
Dave Gerry, Bugcrowd‘s CEO, said transparent and timely disclosure is now a clear mandate by the SEC.
“Cybersecurity, at the board level, is a must have and CISOs will need direct communication lines with the board,” he said. “To be in a position to responsibly comply, it’s imperative that organizations have the process, plans and policies in place to identify, assign criticality to an incident and quickly mitigate/remediate the weakness exploited to ensure they can meet the four-day reporting requirement.”
Ken Deitz, CSO/CISO of Secureworks, said it’s clear the SEC wants more transparency around cybersecurity and is trying to drive up expertise in governance of cybersecurity programs for boardrooms.
“Key to compliance with the reporting requirements will be determining what is material,” he said. “I predict it will take some time for the courts to draw the line more precisely around materiality for cybersecurity incidents. Companies that wish to avoid becoming a test case for the SEC should plan to err on the side of transparency and disclosure. Companies should consider outlining how they will determine materiality of any cybersecurity incident as part of their risk management disclosures in their 10-K form.”
U.S. government contractor Maximus is the latest to confirm it has been a victim of the Clop ransomware gang’s MOVEit Transfer attacks. Maximus partners with state, federal and local governments to provide communities with health and human service programs.
In an SEC filing, Maximus said it uses MOVEit for internal and external file sharing purposes, including sharing data with government customers pertaining to individuals who participate in various government programs.
“The company believes that the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting this MOVEit vulnerability,” it said. “The company is cooperating with law enforcement regarding this cybersecurity incident.”
Based on the review of impacted files to date, Maximus said it believes those files contain personal information, including Social Security numbers, protected health information and/or other personal information, of at least 8 million to 11 million individuals to whom the company anticipates providing notice of the incident.
Maximus has been notifying its customers, as well as federal and state regulators, and it will provide appropriate notifications to individuals affected by this incident.
The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program, reported that about 645,000 people with Medicare across the United States had information that was potentially exposed during this breach.
Ray Kelly, fellow at Synopsys Software Integrity Group, said this massive exploit of the MOVEit vulnerability is yet another demonstration of the importance of securing the software supply chain when it comes to data privacy. The key takeaway for business leaders is clear—just a single vulnerability in one piece of a third-party vendor’s software can lead to the compromise and exposure of personally identifiable information (PII) across every organization that vendor services.
“Organizations should ensure that any third-party vendor performs regular security assessments across their entire portfolio and infrastructure, and also meets compliance policy standards such as the General Data Protection Regulation (GDPR) and the Sarbanes-Oxley Act (SOX),” he said. “Unfortunately, adopting these practices is not a silver bullet and does not ensure your organization’s protection against a future ransomware attack via the software supply chain.”
Hackers allegedly connected to the North Korean government are using fake U.S. military job-recruitment documents to lure people into downloading malware staged on legitimate, but compromised, South Korean e-commerce sites.
That’s according to the Securonix Threat Research (STR) team. It has been monitoring a new attack campaign tracked as STARK#MULE. The campaign appears to be targeting Korean-speaking victims.
The entire malicious infrastructure used in the STARK#MULE campaign is centered around legitimate compromised Korean e-commerce websites. The websites allowed the threat actors to blend in with normal traffic to evade detection when it comes to delivering malware stagers, and managing full on command and control on the victim’s machine.
The final stage of the attack chain ends with a persistent malware embedded into the target’s machine, which runs on a scheduled task and immediately opens communication over HTTP.
Mike Parkin, senior technical engineer at Vulcan Cyber, said if the attribution is correct, this would be another in a long series of cyber threats coming out of North Korea targeting South Korea.
“Cyberattacks have been a common tool in North Korea’s arsenal for years and this appears to be an evolution of that,” he said. “The noteworthy part is use of a legitimate, though compromised, website to deliver a new strain of malware.”
A successful social engineering attack, which is what this starts with, requires a good hook, Parkin said.
“Here, it appears the threat actor has succeeded in creating subjects that are interesting enough for their targets to take the bait,” he said. “It shows the attacker’s knowledge of their target, and what is likely to pique their interest.”
North Korea is one of several nations that are known to blur the lines between cyber warfare, cyber espionage and cybercriminal activity, Parkin said.
“Given the geopolitical situation, attacks like this are one way they can lash out to further their political agenda without having a serious risk of it escalating into actual warfare,” he said.
Zac Warren, EMEA chief security advisor at Tanium, said the attackers have set up a complex system that allows them to pass for legitimate website visitors, making it difficult to detect when they transmit malware and take over the victim’s machine. They also employ deceptive materials that purport to offer information on U.S. Army and military recruitment, much like honeypots. By tricking the receivers into opening the documents, the virus is unintentionally executed.
“Due to its advanced methodology, cunning strategies, precise targeting, suspected state involvement and difficult virus persistence, STARK#MULE is absolutely significant and we need to pay attention,” he said.
Hackers allegedly connected to the North Korean government are using fake U.S. military job-recruitment documents to lure people into downloading malware staged on legitimate, but compromised, South Korean e-commerce sites.
That’s according to the Securonix Threat Research (STR) team. It has been monitoring a new attack campaign tracked as STARK#MULE. The campaign appears to be targeting Korean-speaking victims.
The entire malicious infrastructure used in the STARK#MULE campaign is centered around legitimate compromised Korean e-commerce websites. The websites allowed the threat actors to blend in with normal traffic to evade detection when it comes to delivering malware stagers, and managing full on command and control on the victim’s machine.
The final stage of the attack chain ends with a persistent malware embedded into the target’s machine, which runs on a scheduled task and immediately opens communication over HTTP.
Mike Parkin, senior technical engineer at Vulcan Cyber, said if the attribution is correct, this would be another in a long series of cyber threats coming out of North Korea targeting South Korea.
“Cyberattacks have been a common tool in North Korea’s arsenal for years and this appears to be an evolution of that,” he said. “The noteworthy part is use of a legitimate, though compromised, website to deliver a new strain of malware.”
A successful social engineering attack, which is what this starts with, requires a good hook, Parkin said.
“Here, it appears the threat actor has succeeded in creating subjects that are interesting enough for their targets to take the bait,” he said. “It shows the attacker’s knowledge of their target, and what is likely to pique their interest.”
North Korea is one of several nations that are known to blur the lines between cyber warfare, cyber espionage and cybercriminal activity, Parkin said.
“Given the geopolitical situation, attacks like this are one way they can lash out to further their political agenda without having a serious risk of it escalating into actual warfare,” he said.
Zac Warren, EMEA chief security advisor at Tanium, said the attackers have set up a complex system that allows them to pass for legitimate website visitors, making it difficult to detect when they transmit malware and take over the victim’s machine. They also employ deceptive materials that purport to offer information on U.S. Army and military recruitment, much like honeypots. By tricking the receivers into opening the documents, the virus is unintentionally executed.
“Due to its advanced methodology, cunning strategies, precise targeting, suspected state involvement and difficult virus persistence, STARK#MULE is absolutely significant and we need to pay attention,” he said.
Check Point Software Technologies is going all in with MSSPs and believes MSSP is the future of the vendor‘s channel.
That’s according to Francisco Criado, vice president of Check Point’s global partner ecosystem organization. He joined the company in March and replaced Frank Rauch, who served more than four years as the vendor’s head of worldwide channel sales.
Criado previously was with TD Synnex and has a long history in distribution.
Last fall, Check Point launched its global MSSP program. It offers an integrated security portfolio, automated processes and access to hundreds of company experts and researchers.
Check Point’s Francisco Criado
“We’re making big bets with MSSP,” Criado said. “I really believe it’s the future. I believe it’s a consumption model that’s going to be relevant for a long time. The analysts say it’s about a $51 billion market; I believe it could be even bigger. We have great technology that now we’ve put into a different consumption model. We have true consumption. There are a lot of vendors that are using pooled licenses, and we have a true MSSP consumption model, which I think is an advantage in the marketplace. You’ll continue to see enhancements; in fact, for our channel ecosystem, expect some pretty significant enhancements when it comes to pricing strategy, go-to-market and ease of doing business with Check Point to really accelerate that opportunity in market.”
Changes Coming for Check Point Partners
Criado said the biggest change partners will see under his leadership is a modernization of the vendor’s channel program and go to market.
“We want to make it easier to do business with Check Point,” he said. “We want to activate all the influencers and the sales cycle. And we want it to be a very simple, clear, predictable model where partners have easy access to consistent market competitive pricing so they can win deals fast with Check Point.”
For the second quarter of 2023, Check Point reported a 3% increase in total revenue — $589 million compared to $571 million for the year-ago quarter. It also reported $238 million in profit, compared to $209 million the year prior.
The vendor also reported increases in total revenue and profit for its first quarter of 2023.
See our slideshow for more from Check Point and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like