Check Point Russia and CIS

The delivery of products of the Israeli company Check Point to Russia and the CIS began in 1997. The company carries out all sales in the country only through partners.

Parent Company

Main article about the company: Check Point Software Technologies

Check Point Partner Program

More: Check Point Partner Program

History

2024: NGFW Check Point discovered a vulnerability that allows you to steal user accounts

FSTEC warned at the end of May that a vulnerability in the disclosure of information BDU:2024-04175^[1] was discovered in the Check Point Quantum Gateway and Check Point Spark firewalls^[2]which received a danger level high enough for this type of defect - 7.5 out of 10 on the CVSSv3 scale. We are talking about a vulnerability in the Mobile Access of the Check Point firewall, which includes password authentication functionality.

It turned out that under certain conditions, remote users have the ability to access local files, which can contain, among other things, fairly easily decryptable password hashes for Active Directory. As a result, attackers not only get the opportunity to go through the firewall, but can also access the credentials of users of the entire Active Directory domain.

The vulnerability is related to unauthorized access to VPNs through old local accounts with password-only authentication, "Denis Bandaletov, head of network technologies at Angara Security, explained to TAdviser. - This is a very rare and outdated authentication method that we never recommend for use. Instead, we advise you to transfer authentication to certificates.

According to the SayberOK company, vulnerable can be following versions of Check Point firewalls: R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20. According to the company, there are about 1,700 such devices in Russia.

At the moment, the vulnerability has received a high level of CVSSv3 criticality: 7.5, - said TAdviser Sergey Gordeichik, CEO of SayberOK. - We assess this vulnerability as the most critical (the "storm" criticality level) and requiring urgent elimination, since technical details have already been published on publicly available resources that allow it to be exploited.

It should be noted that the exploitation of the vulnerability has already been discovered by mnemonic AS^[3] - the specified defect in Check Point products, according to them, has been in operation since April 30. The company transferred data on the vulnerability in the Mobile Access blade to the manufacturer, and Check Point promptly released fixes on May 27. Each user can download them from the manufacturer's website for their own version of the firewall.

At least two versions of vulnerable firewalls are in the state register of certified information protection tools FSTEC. In particular, a series of devices under the control of version R77.30 (certificate numbers 4208 and 4209) was certified by Altex-Soft. This certificate is valid until January 28, 2025. In addition, a series of devices with version R80.XX (certificate number 4537) were certified by Certified Information Systems Group. This certificate is valid until May 5, 2027. The lucky owners of these devices should contact their suppliers to get fixes as quickly as possible.

source = FSTEC remote control

If the user company is faced with the indicated problem, the action algorithm is quite simple, "Dmitry Shkuropat, head of information protection at the cloud provider Nubes, told TAdviser. - Firstly, you always need to install up-to-date updates. It is necessary to monitor the patches produced by the manufacturer, fortunately, in the field of information security, if some vulnerability is found in the device, vendors release a patch in a fairly short time that closes it.

In cases where vulnerabilities found in protective equipment are used as an attack vector, it is primarily important to be ready quickly and without compromising the security of other systems to temporarily exclude such a vulnerable means of protection from use in infrastructure, "said Pavel Zykov, an expert at the Solar Cyber ​ ​ Threat Research Center 4RAYS Solar Group of Companies. - If the publication of the vulnerability caught by surprise, then, as in the case of any other product critical to the infrastructure, it is necessary to suspend the use of the vulnerable product as quickly as possible, install the necessary updates or apply the measures proposed by the vendor for temporary elimination, and then be sure to check the entire infrastructure using known indicators for compromise.

In the FSTEC message itself, the following recommendations are indicated: change the password of the Check Point security gateway account in Active Directory; limit the ability to connect local accounts to a VPN with password-only authentication. CyberOK experts have proposed more advanced recommendations: limit access from the Internet to VPNs and enabled Mobile Access blades; install hotfix^[4]; and check the web server log for queries like: <host>POST/clients/MyCRL.

Albert Antonov, OSINT Team Leader of the SOC CyberART Innostage Cyber ​ ​ Threat Countermeasures Center, recommends that you do the following after installing the fixes:

{{quote "Initiate a search for traces of exploitation of the vulnerability by CVE-2024-24919 analyzing web request logs for malicious POST requests to the "/clients/MyCRL" directory, for example:

If found, you must initiate an investigation into the incident.}}

2020

Check Point is the first foreign manufacturer of CII protection solutions in the Russian Federation

On November 23, 2020, it became known that Check Point passed the certification of the Federal Service for Technical and Export Control (FSTEC) by the fourth level of trust, so that the vendor's products can be used to protect critical information infrastructure ( CII ) facilities and state IT systems that do not process information with state secrets, and in industrial networks.

According to Kommersant, Check Point became the first foreign manufacturer to pass the FSTEC tests for compliance with the requirements for the 4th level of trust in technical information protection tools.

For certification, it is necessary to provide source codes to Russian laboratories, conduct testing for vulnerabilities, and test methods are limited for distribution and not all foreign vendors can receive them, Denis Pashchenko, head of IT security consulting at Step Logic, told the publication.

Check Point became the first foreign manufacturer of CII protection solutions in the Russian Federation

Many foreign companies receive a level 6 certificate, for which the provision of code is not required, only functional tests are carried out, said Svetlana Ashkinazi, Trend Micro Russia certification manager.

According to Pashchenko, having received a certificate, Check Point has a significant advantage in the market for means of protecting KII facilities. The permitted products of foreign vendors will significantly facilitate the transition to domestic software and equipment, confirms Softline's KII protection specialist Maxim Prokhorov.

As one of the sources on the market told Kommersant, by November 23, 2020, FSTEC has developed the following update of the requirements, in which domestic components will be needed to obtain a certificate. At the end of the validity of the received certificate, Check Point will have to pass a new certification according to more stringent requirements, the source added.^[5]

Participation in TAdviser IT Security Day

Check Point Software Technologies has partnered with the IT Security Day 2020 online conference: What tasks are now most important for the information security sector, which will be held by Tadviser on June 30.

Participants will discuss modern information security requirements, tell you how large cyber incidents affect the market and how to ensure zero-day security in modern realities. The world's leading IT and service providers will share their expertise.

{{quote 'Valery Denisov, information security engineer at Check Point Software Technologies, will talk about the tasks that are now most relevant for the information security sphere.

"Modern business is going through an era of spontaneous and abrupt change. We see crisis situations, we see that users are massively switching to new services, to new ways to access corporate resources. Questions arise: how to protect corporate resources if all employees work from home, how to use cloud services when working remotely, "says Valery. - Companies should introduce new technologies that allow them to flexibly change, scale and improve existing business processes. All of this poses new challenges and challenges for management. "}}

2019: Participation in TADviser SummIT

Check Point Software Technologies, the world's largest network cybersecurity vendor, is attending the TAdviser SummIT conference for the first time. As part of the summit, the company will share with market participants why cyber threats are becoming more relevant in the digital world, what fifth-generation attacks are and what preventive measures should be taken to protect their business. At the company's booth, you will learn how to order a free audit of your infrastructure, get acquainted with the key solutions for protecting your company's information infrastructure.

2015

In rubles, annual growth was about 50%

At the end of the year, the regional office fulfilled its goals, demonstrating growth not only in rubles, but also in dollars, according to the company itself. In rubles, annual growth was about 50%. More than a third of all sales (37%) in Russia in 2015 fell on new Check Point customers from both the commercial and public sectors.

The company also continues to expand its staff, which began in 2015. The number of employees of the Check Point representative office has grown over the year and now amounts to 40, including a team in the CIS.

Check Point localizes the production of its products in Russia

Check Point plans to localize the production of its products in Russia, Vasily Diaghilev, head of the company in Russia and the CIS, told TAdviser in June 2015 . According to him, already in 2015, Check Point expects to present a localized solution on which it will be possible to put the label "made in Russia."

Diaghilev explains that now his company in Russia has a product (firewall) in which VPN connection encryption complies with GOST. This is usually required by state customers, whom the law obliges to use GOST connection. GOST compliance in this case is ensured by using the encryption library of the Russian company "Crypto-PRO" instead of its own encryption libraries Check Point. This firewall is supplied with a line of hardware platforms of various performance, from which the customer can choose the most suitable one. We are now talking about their localization.

Check Point plans to organize the release of hardware platforms in Russia on the basis of partner production sites. According to Diaghilev, most likely, there will be one partner in this area, but this issue is still being discussed. As of June, Check Point is also defined with the format in which production will be organized. The company expects to start producing the first hardware platforms in Russia in 2015.

Head of Check Point in Russia and CIS Vasily Diaghilev

In addition to the hardware platform, Check Point is also exploring the possibility of localizing the development of the functional part of the solution at the code level together with partners in Russia. The company has a development center in Belarus, which, in addition to participating in the creation of products together with a global team, is also working to localize the product interface for Russia, but Check Point is looking towards organizing full product development in the Russian Federation, says Vasily Diaghilev.

Check Point associates its plans for deep localization of products with the corresponding needs of customers in the Russian public sector. This issue became even more relevant after the company in May 2015 signed a cooperation agreement with RT-Inform, a member of Rostec Group of Companies.

Localization of production is one of the steps for Check Point to develop sales in the public sector. Another important step, according to Diaghilev, is product certification. The line of products with VPN encryption according to GOST already has FSTEC certification, and the company is working to obtain FSB certification confirming the correctness of embedding encryption tools. This certification will allow the use of Check Point solutions in a wider range of government agencies, including the structures of the Ministry of Defense of the Russian Federation, says Vasily Diaghilev.

It is worth noting that the process of obtaining FSB certification for these Check Point products has been significantly delayed.

It's quite a complicated process, both technologically and legally. This is due, among other things, to the need to disclose the source code of the product to the certification body. This question is the most painful for any vendor, since his developments are his know-how. The agreement of the level to which the code will be disclosed, and the test model itself took longer than we expected. However, now the process of obtaining certification is in the final stage, we hope to complete it by the end of 2015, "explains the head of Check Point in Russia and the CIS

Check Point began to actively develop sales in the public sector in Russia two years ago. Check Point does not disclose absolute indicators for revenue in this segment, as well as its share in the company's total sales in Russia. Vasily Diaghilev noted only that in terms of revenue in the public sector, it is approaching revenue from the financial sector, which is one of the largest for the company. He added that the public sector is also the fastest growing segment in Russia for Check Point: sales growth rates here are in three digits. This, however, can be explained by the low starting sales base.

2014

Check Point has begun extensive expansion into Russian regions

Check Point plans to significantly expand its regional presence in Russia, Bruno Darmon, vice president of sales in the EMEA region, told TAdviser in November 2014 .

According to him, so far Check Point is mainly represented in Moscow, where its representative office is based and where the bulk of its clients are concentrated. The company plans to open offices in a number of Russian cities: in St. Petersburg, in cities in the Ural region, Siberia and the Far East. According to representatives of Check Point, the final list of cities is in the process of being formed.

The company notes that Check Point is already selling in the regions, but through partners. The company's own regional offices will deal with sales and pre-sales work with local customers.

After opening regional offices, Check Point plans to expand their staff as business volumes grow

Bruno Darmon explains that geographical expansion is a consequence of the evolution of Check Point's business in Russia. He draws a parallel with the situation that took place in Germany about 8-9 years ago, when the company was concentrated in Munich, and employees of the Munich office of Check Point traveled to other parts of the country. The company then decided to open separate teams in a number of other German cities, in particular Frankfurt and Cologne, in order to be closer to customers and partners.

"We are doing the same now in Russia, where we are actively doing business. Now the employees of the Russian office of Check Point regularly travel to the regions, but we want us to have local teams that would constantly be there, "said TAdviser vice president of sales in the EMEA Check Point region

The head of the Russian representative office of Check Point Vasily Diaghilev, in a conversation with TAdviser, also said that in addition to regional expansion in Russia, his company is considering the possibility of similarly expanding its presence in other CIS countries, for example, in Kazakhstan.

Bruno Darmon added that Check Point has an "aggressive and accelerated plan" for business growth in Russia, because the company sees great potential in the Russian market.

Partner Requirements Change Announcement

In 2015, Check Point plans to completely change its partner program both in terms of approaches to it and in terms of requirements for partners, Vasily Diaghilev, head of the company's representative office in Russia and the CIS, told TAdviser in November 2014. According to him, the changes in the program are global in nature, and Check Point in Russia analyzes them and has a discussion with the channel about how new requirements will correspond to local realities.

The main task of the changes is to significantly increase the technical expertise of partners, says Vasily Diaghilev. At the level of "golden" partners with the level of expertise, everything is in order, but at the level of the rest it is necessary to work in this direction: "to put it into a well-known phrase, the euphoria of a large amount of money earned quickly passes with the beginning of a headache from poor implementation," he notes.

"We will increase the" quality "of partners, their ability to implement certain projects, and also look towards expanding the partner network from the point of view of regional development," Diaghilev says.

According to the head of the Check Point representative office in Russia and the CIS, in 2014 the total number of regional partners of the company in Russia doubled: partners appeared in the Volga region, Novosibirsk, Yekaterinburg and other cities. In total, as of autumn 2014, the company in Russia has about 8 "gold," 11 "silver" and 76 "bronze" partners. In 2014, the company had approximately 20 new partners.

It is worth noting that in 2012 Check Point conducted an audit of the partner network in Russia, as a result of which some of the partners were de-authorized. As TAdviser was explained in the company then, all de-authorization issues affected only the "bronze" partners. According to the results of the audit, their number decreased by about 30 companies - up to 40 partners.

As of June 2013, the number of Check Point "bronze" partners was about 50 companies, 8 "gold" and 15 "silver" partners. According to Georgy Tsitsiashvili, director of work with Check Point partners in Russia and the CIS, Check Point's "bronze" partner status was lost mainly by inactive partners who were not engaged in business.

After the audit, the company tightened the conditions for obtaining partner statuses. In particular, it increased the threshold for the minimum annual sales volume, which varies depending on the region of Russia and the CIS, where the partner is based. In addition, at the same time, Check Point significantly increased the qualification requirements for specialists of companies applying for partner authorization: in order to obtain the status of a "silver" partner, for example, a company must have at least four qualified engineers.

2013: Check Point boosts turnover and storms public sector in Russia

In the first 3 quarters of 2013, Check Point's revenue in Russia grew by more than 65%, and by the end of the year - by about 40%, said Vasily Diaghilev, general director of the company's local representative office in February 2014.

The company does not disclose revenue in Russia in absolute terms, but they say that in 2012 it grew at a much more modest pace - about 15%. The company set the same target for sales growth for itself for 2013, Diaghilev told TAdviser. According to Check Point estimates , the information security market in Russia grew by about 15-20% in 2013 as a whole.

The actual acceleration of growth in the company is mainly associated with the fact that in 2013 Check Point focused in Russia on the development of new customers and the development of new market verticals, including in the regions, while previously for a long time it focused on supporting existing large customers. Due to these efforts, the number of new customers in Russia over the past year at Check Point increased by 40%.

The company adds that Check Point in Russia is not yet as mature a player as in America and Europe, where it covers a wider range of customers. Before that, in Russia, Check Point mainly worked with the largest companies, and last year expanded its coverage to smaller ones.

According to the leadership of the Russian representative office, Check Point has achieved special success in business development in Russia in the telecom industry, where almost all companies of the twenty largest telecom operators and Internet providers use its solutions.

In 2014, Check Point aims to keep business growth in Russia at least 25% and strengthen its position in the most priority industries for itself. In addition to the telecom industry, these also include the oil and gas, financial industry and the public sector.

The company highlights the development of business in the Russian public sector as a special task, says Vasily Diaghilev. Last year, he said, Check Point had its first major projects here. Diaghilev chose not to disclose the names of customers, but noted in a conversation with TAdviser that in one of the projects, Check Point solutions "will become the standard of the whole industry."

Due to plans to strengthen in the public sector, Check Point is engaged in serious work to certify its products. Over the past four years, it has received FSTEC certificates for a number of the company's products, and is now preparing to receive FSB certificates in order to expand the range of projects in which the company can participate.

The staff of the Russian representative office of Check Point in 2013 increased to 22 people, and in 2014 it is planned to increase it to 30 people. The number of authorized partners at Check Point in Russia as of the end of 2013 amounted to about 100, and in one way or another the company's solutions selling - about 300, the data are provided in the Russian representative office. For 2014, Check Point aims to consolidate the channel and continue to improve the "quality" of partners.

Notes