The Gately Report: Check Point Invests More in MSSP Partners, VMware Patches Security Flaws
Also, Barracuda sees a new spike in ransomware attacks.
![More investment More investment](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt574303b24b9035f9/65241ac8df06b5099b25963c/19-Moer-Investment.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Check Point’s midyear report shows a 42% global increase in cyberattacks, with ransomware as the No. 1 threat. Is there a message in that for partners?
Check Point’s Frank Rauch: I think there are a couple different messages. One, they still need us. Customers still need us. The threat landscape is not only growing in size, but it’s also growing in complexity. We’re seeing multivector attacks where it’s not just the customer that’s getting attacked, it’s the customer’s customer, and maybe even further down the chain. Therefore, how do the partners invest? They can invest with us in managed services because there just aren’t enough skilled people to be able to support these complex security environments.
Especially on the small end of the customer base, we’re seeing incredible growth in the SMB segment because they’re looking for solutions that are easy to deploy. And when you look at our Quantum Spark and the associated security suites that we sell with it … you plug it in, and you’re up and running. If you don’t choose to go [with] managed services, it’s a good way to do it yourself. If you need an MSSP, we’re onboarding many MSSPs every week, and we’re seeing a big uplift in that business.
CF: It’s now been six months since the start of the war in Ukraine. Has the war impacted Check Point, and has Check Point taken any action in response?
FR: I think on a macro level, it’s impacted everybody around the world. I don’t think Check Point is any different than that. Obviously we care about the people in Ukraine, and we’ll support them and continue to support them in any way we can. I think our situation isn’t that different. Obviously the Eastern European part of our business and our competitors’ business probably has changed a little bit because of it, because of the economics, because of the war, etc. But I wouldn’t consider it necessarily material economically.
CF: The pandemic appears to be waning. How did it impact Check Point and its partners? And are things back to normal now?
FR: I don’t know how you define “normal.” I don’t think the baseline will ever exist like it did before the pandemic. We’ve learned how to do things virtually. We’ve learned how to conduct virtual meetings, effective virtual meetings. We’ve learned how to be able to manage our own workforce and help our partners virtually do virtual marketing events, etc. I think some of that’s going to stick around; there’s no doubt about it. I had an opportunity a few weeks ago to be able to go over to Israel. It was just so great to see so many people in the office and the way they’re keeping people safe. We’re doing daily testing for people that are going in the office, etc. And it was just a great experience to be face to face.
CF: There’s constant talk of recession right now. Have you heard any concerns from partners? And if so, what are you telling them?
FR: I would have expected it. I had dinner last night with seven MSSPs … and they varied in location from all over the United States and into Canada, and coast to coast. And realistically they were all bullish on it. We see security as still a priority on companies’ spend list. I don’t think we’re immune to any recession or any economic downturn. But right now, at least, what we’re hearing from the partners is they’re very bullish.
CF: What are partners’ latest pain points? And how are you helping them with those?
FR: So their latest pain point is how do we move more quickly? And maybe it’s a little bit of just coming out of the pandemic, I’m not really sure. But we’re helping them in a number of different ways. We’re constantly communicating with them, doing quarterly business reviews. We’ve enhanced our joint business planning process. We have the campaign marketplace, which is extremely successful in terms of having them create demand. And we still are very committed to the channel. As far as I know, we’re probably one of the only companies in the industry that are 100% channel. We’re probably the only company that’s been 100% channel for 23 years. Partners trust us. And that trust is showing up in some of the growth and some of the momentum that we have in the market. And we’re also trying to be able to fill in different needs that the partners have. The MSSP program is a good example. And the Avanan and Spectral acquisitions are another good example.
We’re working with them on really creative initiatives. A really solid example of that is the work we’re doing with Deloitte regarding the smart factory that they have in Wichita, Kansas, where we’re actually being able to walk customers through an operating factory that shows us with a number of our partners in the factory together, basically securing in this case the IoT and the operational technology (OT) environment.
Finally, we’re helping them with Infinity. Infinity really helps partners sell the customers a solution that’s flexible, comprehensive and manageable. Partners are saying, “Hey, Check Point has the best security all the way from cloud to endpoint, to email, etc. We’re seeing platform growth.
CF: Is Check Point attracting new partners, and if so, what’s bringing them to Check Point?
FR: I can’t necessarily give you an exact number, but I can tell you yes, our partner base is growing. There’s no doubt about it. It’s growing significantly year over year. And it has for as long as I’ve been here. What’s attracting them? I think predictability in a kind of unpredictable environment. And when I say predictability, I’m not just talking about 100% channel. That’s absolutely part of it. But it’s the predictability of that. They’re selling their customers something that works.
Where you hear some issues with our competitors, and I’m not one to disparage anybody, but literally Check Point has a clear track record, never taking a direct order and having the best security in the industry. When you combine both of those with the marketing campaigns, the MSSP announcement that’s coming up, which has been previewed to some partners, the work we’re doing with the cloud marketplaces, Azure, Google, AWS, etc., partners are looking for companies that check a lot of the boxes, not just check one or two of the boxes, and Check Point’s presenting that opportunity.
CF: What are some of the details of the upcoming MSSP program expansion?
FR: Basically we’re investing in the MSSP program. We’re investing in training. We’re investing in onboarding. We’re investing in simplification of contracts, pricing and more. And we’re investing in the routes to market that the partner will have, whether they decide to buy off a marketplace or a next-gen distributor, whether they want to be an MSP and basically use our solution as part of that, whether they want to deliver an appliance onsite or whether they want to do it centrally, whether they want to have their own security operations center (SOC), whether they want to outsource managed detection and response (MDR) or do it themselves. We’re going to have a lot of options and I believe we’re going to be very competitive.
CF: What can partners expect from Check Point in the coming months, and into 2023?
FR: You can expect us to be predictable and consistent for No. 1. So basically everything we build on, we don’t expect any of that to change. Partners can expect greater investment, more flexibility of investment. Partners can expect more services, more options in terms of the way we go to market. And basically connecting with this, whether you call it an omnichannel or how that channel is changing, we’re going to keep up with it. We’ve publicly talked about how we’re hiring more salespeople. And I think with the theater leaders, we have some of the best leaders right now and the most partner-friendly leaders that have ever been at Check Point. I think that management team together is going to make a huge difference.
In other cybersecurity news …
VMware has released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.
VMware Tools was impacted by a local privilege escalation vulnerability. Updates are available to remediate this vulnerability in affected VMware products.
The vulnerability could be exploited by attackers to escalate privileges on a compromised system.
“A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine,” VMware said.
Mike Parkin is senior technical engineer at Vulcan Cyber.
“Even with cloud migrations, VMWare remains a staple of virtualization in many enterprise environments, which makes any privilege escalation vulnerability problematic,” he said. “While VMWare describes it as a local vulnerability, applying to a non-privileged local user with access to the Guest OS, it is unclear from the release whether it requires access through the VMWare virtual console interface or whether a user with some form of remote access to the guest OS, such as remote desktop protocol (RDP) on Windows or shell access for Linux, could exploit the vulnerability. Console access to a Guest OS should be limited, but there are many use cases that require logging into a virtual machine as a local user. Fortunately, VMWare has provided patches for affected versions which should be deployed as soon as practicable.”
John Bambenek is principal threat hunter at Netenrich.
“VMWare (and related) systems manage the most privileged systems and compromising them is a force multiplier for threat actors,” he said. “Luckily, this requires an attacker to already have local admin access. However, it does highlight the need to have behavioral analytics to detect credential abuse and the need for an insider threat program to detect problem employees who may abuse their already legitimate access.”
Veriff, an online identity verification provider, has rolled out its new Revenue Expansion with Veriff (R.E.V.) Partner Program to provide a
clear path to support its growing ecosystem of partners.
The program is designed to support partners in sales and marketing, along with providing partners with Veriff’s IDV platform to help meet the demands of end customers to combat identity theft and fraud.
The R.E.V. program can be tailored to meet the needs of a specific partner type based on their own business. In addition, it offers flexibility to support the partner as their business grows.
Manuel Solis III is Veriff’s head of global partnerships and alliances. He said this is Veriff’s first partner program.
“Veriff has matured as a company and creating this new partner program to enable businesses from around the world to meet the demands of the identity verification market is key to this next stage of growth,” he said. “The need comes directly from our global partners, who are looking to work with an identity verification solution that can provide not only a great product, but have a flexible partner program that can fit their business goals and objectives.”
Veriff’s partner ecosystem includes application developers, marketplaces, VARs, SIs, consultants and cloud service providers. Whether partners are looking to earn revenue through reselling, finding new opportunities with their existing customer base or providing a new service offering like Veriff’s platform, the program provides all the necessary support, collaboration and tools to open up new revenue streams and opportunities to promote growth in their business.
“With Veriff’s in-house partnership team, we have collected valuable feedback from our strategic and global partners to better understand what a successful partnership program looks like and what they know would help their business scale at speed,” Solis said.
Barracuda‘s fourth-annual threat research report on ransomware shows a new spike in ransomware attacks .
The new report looks at ransomware attack patterns that occurred between August 2021 and July 2022.
Highlights include:
In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries. Those are education, municipalities, health care, infrastructure and financial.
Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack.
The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.
While attacks on municipalities increased only slightly, Barracuda analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the health care and financial verticals tripled.
Ransomware attacks on automobile, hospitality, media, retail, software and technology organizations also increased.
Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses.
Fleming Shi is Barracuda‘s CTO.
“We continue to see many successful attacks against VPN systems without stronger authentication schemes,” he said. “The rapid shift to remote work due to the COVID-19 pandemic exposed this as an area of weakness for many organizations. It makes sense that cybercriminals would continue to try to exploit these vulnerabilities, but businesses have had plenty of time to improve their authentication which is why it’s surprising that this remains such a common vulnerability.”
Increased attacks against critical infrastructure show cybercriminals’ intent to inflict greater damage beyond the impact on the immediate victim, Shi said.
“The criminals are betting on the victim’s urgency for recovery leading to paying the ransom,” he said. “Given the current geopolitical climate, these attacks will likely increase fueled by hacktivism.”
Artificial intelligence (AI) is becoming more critical to effectively fight the types of attacks that cybercriminals are deploying, Shi said. Rule-based security solutions are going to be weak against these type of attacks and the ways they are evolving. As sophisticated attacks span multiple attack surfaces, it requires AI both to drive efficacy and to understand the behavior of these attacks.
Shi said the report does include some encouraging signs. Those include:
Law enforcement intervening in ransomware attacks more frequently, and new levels of cooperation between the United States and the European Union to fight ransomware.
Fewer victims paying the ransom, and standing firm with improved defenses.
Collaboration with the FBI and other law enforcement is also making an impact.
“I believe the attacks on critical infrastructure were a wakeup call for authorities, pushing them to take action, and the agreements between different nation states and government leaders has created a collaborative environment for cracking down on these crimes,” he said.
A Plex media streaming platform data breach has exposed usernames, email addresses and encrypted passwords.
In a letter shared with Bleeping Computer, Plex said it discovered unusual activity on one of its databases. It launched an investigation and determined that a third party accessed a limited subset of data. It said credit card and other payment data are not stored on its servers and were not vulnerable in this breach.
Plex said it has addressed the method the third party employed to gain access to the system. It also is asking all users to immediately reset their account passwords.
Lisa Plaggemier is executive director of the National Cybersecurity Alliance (NCA).
“While there isn’t a clear assessment of how many users were affected, the fact that the company wants all users to change their passwords suggests that it could be wide ranging and possibly affect all users,” she said. “The company claims that personal financial information like credit cards and other payment data were not stored on their servers at all and were not vulnerable in this incident. In addition, the company claims that passwords were hashed and secured even though they are requesting password changes for all users. While the company is publicly saying these recommendations are being out of an abundance of caution, third-party data breaches can have severe long-term effects, including financial losses, legal battles, exposure of sensitive data and harm to a company’s reputation. While the examination of the data breach, and the possible consequences, are in the early stages, users of the streaming platform should continue to pay attention and monitor for updates throughout the investigation.”
Unfortunately, these attacks are becoming far too common, Plaggemier said.
“Cybercriminals are always trying to target third parties to gather as much sensitive and wide-ranging information as possible,” she said. “Businesses and consumers should go in with the mindset that they will eventually be subjected to an attempted breach, so implementing proactive security measures, such as the incorporation of encryption, password managers and MFA is a necessity in this day and age.
Geoffrey Fisher is Tanium‘s senior director of integration strategy.
“It appears Plex has put forth a sound incident response, and what appears to be many security best practices, but suffered an additional blow due to resources issues that further crippled their system when users attempted to change credentials en masse,” he said. “What’s interesting is the potential fallout stemming from the tech savviness of Plex’s subscriber base and how they will respond to this breach. There could be implications down the road.”
Ultimately, this intrusion reinforces the seemingly age-old adage to avoid the reuse of passwords, Fisher said.
“As a call to action, users should heed the recommendation to change their Plex credentials and utilize the available multifactor authentication (MFA),” he said. “More importantly, they should ensure they never reuse passwords across applications or platforms. This can’t be overstated because a successful attack can happen against any organization, so it’s important to do your part with password variations to mitigate the fallout.”
A Plex media streaming platform data breach has exposed usernames, email addresses and encrypted passwords.
In a letter shared with Bleeping Computer, Plex said it discovered unusual activity on one of its databases. It launched an investigation and determined that a third party accessed a limited subset of data. It said credit card and other payment data are not stored on its servers and were not vulnerable in this breach.
Plex said it has addressed the method the third party employed to gain access to the system. It also is asking all users to immediately reset their account passwords.
Lisa Plaggemier is executive director of the National Cybersecurity Alliance (NCA).
“While there isn’t a clear assessment of how many users were affected, the fact that the company wants all users to change their passwords suggests that it could be wide ranging and possibly affect all users,” she said. “The company claims that personal financial information like credit cards and other payment data were not stored on their servers at all and were not vulnerable in this incident. In addition, the company claims that passwords were hashed and secured even though they are requesting password changes for all users. While the company is publicly saying these recommendations are being out of an abundance of caution, third-party data breaches can have severe long-term effects, including financial losses, legal battles, exposure of sensitive data and harm to a company’s reputation. While the examination of the data breach, and the possible consequences, are in the early stages, users of the streaming platform should continue to pay attention and monitor for updates throughout the investigation.”
Unfortunately, these attacks are becoming far too common, Plaggemier said.
“Cybercriminals are always trying to target third parties to gather as much sensitive and wide-ranging information as possible,” she said. “Businesses and consumers should go in with the mindset that they will eventually be subjected to an attempted breach, so implementing proactive security measures, such as the incorporation of encryption, password managers and MFA is a necessity in this day and age.
Geoffrey Fisher is Tanium‘s senior director of integration strategy.
“It appears Plex has put forth a sound incident response, and what appears to be many security best practices, but suffered an additional blow due to resources issues that further crippled their system when users attempted to change credentials en masse,” he said. “What’s interesting is the potential fallout stemming from the tech savviness of Plex’s subscriber base and how they will respond to this breach. There could be implications down the road.”
Ultimately, this intrusion reinforces the seemingly age-old adage to avoid the reuse of passwords, Fisher said.
“As a call to action, users should heed the recommendation to change their Plex credentials and utilize the available multifactor authentication (MFA),” he said. “More importantly, they should ensure they never reuse passwords across applications or platforms. This can’t be overstated because a successful attack can happen against any organization, so it’s important to do your part with password variations to mitigate the fallout.”
Check Point Software Technologies is expanding and enhancing its program for MSSP partners with more flexibility and simplicity.
That’s according to Frank Rauch, Check Point’s head of worldwide channel sales. Check Point will formally announce the MSSP program changes in the coming weeks.
Earlier this month, Check Point reported a 9% year-over-year increase in total revenue for the second quarter of 2022. It also reported nearly $174 million in profit compared to $186 million for the year-ago quarter.
In a Q&A, Rauch talks about how Check Point partners are fueling the company’s growth.
Channel Futures: What role did partners play in Check Point’s total revenue growth in the second quarter?
Check Point’s Frank Rauch
Frank Rauch: If you look inside the earnings announcement, you can really see the strength in subscription growth. And you can also see the growth in cloud and Check Point Harmony, so basically our cloud security and remote workforce security. We’ve had big pushes with the partners all year and I think we’re seeing good return on investment. The push has come from a whole bunch of different angles. We’ve had a number of different meetings, briefings on this subject, road map and discussions. We have incentives at the rep level and we have incentives at the partner level. And we also have a campaign marketplace ready to launch campaigns for demand generation that are really helping them attract new customers and to be able to cross-zone upsell to the existing base.
I would say finally, some of the acquisitions are definitely helping. Avanan has been just a pleasure to work with. Partners are embracing the email security and win rates are astronomical with the partners on Avanan. And with Spectral, we’re starting to see early signs, but it’s the same type of thing. Once we get the partner to accept a solution, once they start to do trials, proofs of concept, we’re starting to see incredible win rates on both.
Scroll through our slideshow above for more from Rauch and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like