CHECK POINT CPX360 — Check Point Software Technologies‘ new global channel chief is anxious to get started working with partners and improving the company’s channel program.

Frank Rauch, global head of worldwide channel sales, spoke with Channel Partners Wednesday at Check Point’s CPX360 conference in Las Vegas. He joined the company last month and previously was vice president of VMware‘s Americas partner organization.

Thursday will be partner day at the conference.

“I’ve known Check Point over the last three-and-a-half to four years as we developed our security and networking over at VMware, running an $8 billion channel for HP and running a $3 billion channel for VMware,” Rauch said. “I think I can do a couple of different things. I think I can improve the channel program, not that it’s bad at all right now, but I think we can make it better. And I believe that some of the relationships that I have worldwide — we can be able to leverage [those].”

Check Point’s Frank Rauch

Rauch said he’s been meeting partners that have been with Check Point for 20 years, “and they’ve been doing a great job,” but he wants to “mechanize the channel to be able to evolve our current channel into the cloud, into mobility, and to be able to talk about things like Infinity, which is a much more comprehensive solution.”

“And then eventually … to be able to recruit born-in-the-cloud partners and to be able to recruit mobility partners to be able to serve markets that we’re not serving right now,” he said. “And finally to be able to form great alliances, like I was able to do over at VMware with AWS, with Azure, with some of the mobility partners. It’s just a great opportunity.”

Also Wednesday, Check Point released new research titled, “Under the Hood of Cyber Crime: the Rise of Stealthy and Targeted Cyber Attacks.” It examines the continuous rise of the underground malware-as-a-service industry.

Maya Horowitz, Check Point’s director of threat intelligence and research, said malware attacks now comprise entire organizations as opposed to rogue individuals.

“It no longer means just being the script kiddie who writes his or her own malicious code and uses it against some targets,” she said. “There’s the person who would code the malware, another person who would create the attack vector and a whole different person who would use these tools for the actual attack, and of course other people who would take the money out of the bank account. It means there are more people involved in this industry and more types of people. So not only the very, very technical people, but others as well, and everyone can utilize these tools to create their own tailor-made attacks without being a techie at all.”

And cybercriminals no longer are limiting their communication to the dark web, but using the clear web and messaging apps, Horowitz said.

“There are groups over Telegram where they communicate and share tools, sell tools – and not just the malware – but also, for example, there are ads for people looking for insiders, so ‘I’m looking for an insider based in that bank who can install my malware on a computer from within,'” she said. “For me that’s surprising because you would think they prefer to hide on the dark web, but actually Telegram [offers] anonymity so you can stay anonymous on there as well. It all goes back to how easy it is to be a threat actor today.”

These cybercriminal organizations work like any other company and communicate like regular people, Horowitz said. One group, for example, is specifically for …

… Iranian hackers so it’s all in Persian and includes about 100,000 people, she said.

In terms of ransomware, in 2018 it became more sophisticated because the threat actors realized that fewer people pay the ransom, she said.

“So they decided to just make these attacks more targeted because there are specific organizations [that] would more likely pay the ransom, especially if they attack specific assets within their environment,” Horowitz said. “If it’s a hospital and the backup servers are down, there’s a good chance they would pay and pay more. There are attacks in which victims pay about $200,000, while with WannaCry, which was a huge attack with hundreds of thousands of victims, they only gained $150,000 in total. So when you do put more effort into an attack and do something that’s more unique, that’s more advanced, chances are from one attack you can get more money. So we see both, but the majority of the attacks are just using very common tools.”

One positive note in the research is that while there are more attacks, some of them use the same tools, and so “for us it sometimes means it’s actually easier to create the defense,” she said.

“As a security company, we have to chase after [fewer] types of tools,” Horowitz said. “Of course, there are still hundreds of malware families that we see every single day, but it’s actually good in some ways if they collaborate and share, or get lazy.”

Yariv Fishman, Check Point’s head of cloud security product management, said IoT attacks grew by more than 200 percent last year.

“IoT devices have no protection, cannot be updated and cannot protect themselves,” he said. “Those devices extend the attack surface because there’s no defense, and … there’s no visibility into those devices, so you can’t protect if you don’t know where they are.”

The sixth generation of threats encompasses IoT, and combating it involves having a comprehensive view of devices to see where they’re coming from and who they are communicating with, Fishman said.

“If I know how a device is supposed to act and find an anomaly, I can block that device,” he said.

Check Point is CompuQuip Cybersecurity‘s flagship product, and the company offers a portfolio of managed security products. Richardo Panez, its director of sales, said his company’s customers are concerned about visibility, understanding what’s going on in their environment and “getting clear input into what has taken place, what incidents could have potentially taken place, what has been stopped and when it’s been stopped.”

“Now they’re at a stage where they have five or six cybersecurity tools and they need to get some visibility across those tools … so we’re helping them with that,” he said. “We counted about 200 customers and we have not had an incident in all of 2018.”