Check Point to acquire Veriti, boosting threat management suite
Check Point Software Technologies has entered into a definitive agreement to acquire Veriti Cybersecurity, expanding its offering in threat exposure and risk management.
The acquisition aims to strengthen Check Point's Infinity Platform with Veriti's automated, multi-vendor platform for pre-emptive threat exposure and mitigation. Veriti is recognised for introducing pre-emptive exposure management that delivers automated remediation of threat exposure risks across more than 70 security vendors, without disrupting ongoing operations.
Nadav Zafrir, Chief Executive Officer at Check Point Software Technologies, said, "The acquisition of Veriti marks a significant step toward realising our hybrid mesh security vision. It strengthens the Infinity Platform's open-garden approach, enabling seamless, multi-vendor remediation across the entire security stack. With Veriti, we're advancing preemptive, prevention-first security – an imperative in today's AI-driven threat landscape."
The announcement addresses the growing challenge of AI-enabled cyber attacks and the complexities brought about by hyperconnected IT environments in modern enterprises.
As organisations distribute their assets across clouds, datacentres, and endpoints, the risk of cyber attacks grows due to an expanded attack surface. Traditional reactive security methods are considered inadequate to address these increased risks effectively.
Veriti's platform continuously identifies, prioritises, and remediates risk in multi-vendor security environments through automated patching and collaborative threat intelligence. The company, founded in 2021, has pioneered the Preemptive Exposure Management (PEM) category by actively discovering and mitigating risks that can be hidden in gaps between disparate security tools.
The technology continuously monitors logs, threat indicators, and vulnerabilities present in an organisation's environment, and then coordinates protections in real time. Its integrations cover more than 70 security vendors, enabling security teams to detect and prevent attacks promptly without business disruption.
Veriti's core capabilities to be integrated into the Check Point Infinity Platform include automated, cross-vendor virtual patching, which instantly applies non-disruptive protections based on vulnerabilities identified by security platforms such as CrowdStrike, Tenable, and Rapid7. This approach can reduce patching time from several weeks to a matter of minutes.
The platform also enables real-time threat intelligence enforcement by verifying threat indicators from any connected tool, and orchestrating automated protection across firewalls, endpoints, web application firewalls, and cloud platforms.
This coordination is designed to improve response times and effectiveness in multi-vendor security scenarios.
An additional aspect of Veriti's offering is its seamless integration with existing environments through an API-based architecture, which does not require software agents or cause operational disruptions. The platform is compatible with more than 70 security vendors and supports a wide ecosystem.
Veriti also extends its synergy with Wiz by ingesting Wiz's cloud exposure insights, such as information on unpatched servers or applications, and enables safe, automated virtual patching via Check Point or other vendors' network gateways.
The platform's context-aware remediation analyses an organisation's exposures, configurations, and existing protections to apply appropriate controls in a manner that does not impair operations.
Adi Ikan, Chief Executive Officer and co-founder of Veriti, said, "Security teams today suffer from a lack of action: exposures aren't just detected, they're compounding, hiding in the gaps between tools, teams, and timelines."
He added, "We founded Veriti to help organisations not just see risk, but remediate it safely, at scale, and most importantly - without disruption."
By joining Check Point, we're accelerating that mission. Together, we'll help organisations reduce their exposure faster through the security tools they already trust."
Upon completion of the transaction, Veriti's capabilities will be incorporated into Check Point's Infinity Platform as part of its Threat Exposure and Risk Management suite. Combined with Check Point's recent External Risk Management solution, Veriti enhances the company's ability to address internal and external exposures across the complete enterprise attack surface.
The finalisation of the acquisition is subject to customary closing conditions and is expected by the end of the second quarter of 2025.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
a day ago
- Techday NZ
Portnox & CrowdStrike team up for real-time access control
Portnox has introduced an integration with CrowdStrike to enable organisations to enforce network access policies using real-time risk intelligence derived from endpoint telemetry. The integration brings together Portnox's cloud-native Network Access Control (NAC) platform with CrowdStrike's device telemetry and Zero Trust Assessment (ZTA) scoring, allowing organisations to tailor access controls based on continuous device risk evaluation. Portnox stated that addressing endpoint visibility and risk-based access control is essential to modern cybersecurity, and that the collaboration with CrowdStrike directly supports this goal by aligning endpoint intelligence with network access enforcement. Denny LeCompte, Chief Executive Officer of Portnox, commented: "In an era where cybersecurity threats are constantly evolving, dynamic, real-time access control is paramount. Our integration with CrowdStrike delivers on this need by empowering organizations to make informed, automated access decisions based on the most current device posture. This partnership significantly fortifies our customers' security posture, enabling them to confidently embrace Zero Trust principles and adapt to an ever-changing risk landscape." CrowdStrike's Falcon platform is a cloud-delivered solution employing artificial intelligence to provide protection for endpoints, workloads, and identities. It features real-time detection and response, threat intelligence, and behaviour-based protection mechanisms aimed at preventing security breaches. A distinctive metric offered by CrowdStrike is the ZTA score, which evaluates the risk level of a device based on inputs such as its health, known vulnerabilities, recent threat detections, patterns of user behaviour, and the operational status of the CrowdStrike agent. This score is represented on a scale from 0 to 100, and allows security teams to determine the appropriate level of network access or if device remediation is necessary. Through the integration, Portnox's platform enhances its ability to implement detailed and adaptive access controls without relying on on-premises hardware or complex setups. New capabilities provided by the integration include: Automatic verification of whether a device is managed by the CrowdStrike Falcon agent before granting network access. Incorporation of ZTA scores into policy decision-making, so that only low-risk devices can receive full access, while devices assessed as high-risk may be assigned to guest networks or receive restricted access. Utilisation of real-time CrowdStrike risk signals to reinforce least-privilege models in both corporate and Bring Your Own Device (BYOD) scenarios. Automated network access control policies that adjust to changes in device risk posture as reported by CrowdStrike, with the goal of limiting threats before escalation. The companies note that this collaborative capability is intended to benefit organisations pursuing Zero Trust architectures, particularly those managing hybrid work environments or BYOD programmes. The system is designed to ensure only trusted and compliant devices connect to corporate networks, blocking unauthorised or insecure devices and helping to maintain ongoing security as threat patterns change. Follow us on: Share on:
Techday NZ
2 days ago
- Techday NZ
Rapid7 Q1 2025 incident response findings
Rapid7's Q1 2025 incident response data highlights several key initial access vector (IAV) trends, shares salient examples of incidents investigated by the Rapid7 Incident Response (IR) team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing in incident logs. Is having no MFA solution in place still one of the most appealing vulnerabilities for threat actors? Will you see the same assortment of malware regardless of whether you work in business services or media and communications? And how big a problem could one search engine query possibly be, anyway? The answer to that last question is "very," as it turns out. As for the rest… Initial access vectors Below, we highlight the key movers and shakers for IAVs across cases investigated by Rapid7's IR team. While you'll notice a fairly even split among several vectors such as exposed remote desktop protocol (RDP) services and SEO poisoning, one in particular is clearly the leader of the pack where compromising organisations is concerned: stolen credentials to valid/active accounts with no multi-factor authentication (MFA) enabled. Valid account credentials — with no MFA in place to protect the organisation should they be misused — are still far and away the biggest stumbling block for organisations investigated by the Rapid7 IR team, occurring in 56% of all incidents this first quarter. Exposed RDP services accounted for 6% of incidents as the IAV, yet they were abused by attackers more generally in 44% of incidents. This tells us that third parties remain an important consideration in an organisation's security hygiene. Valid accounts / no MFA: Top of the class Rapid7 regularly bangs the drum for tighter controls where valid accounts and MFA are concerned. As per the key findings, 56% of all incidents in Q1 2025 involved valid accounts / no MFA as the initial access vector. In fact, there's been very little change since Q3 2024, and as good as no difference between the last two quarters: Vulnerability exploitation: Cracks in the armour Rapid7's IR services team observed several vulnerabilities used, or likely to have been used, as an IAV in Q1 2025. CVE-2024-55591 for example, the IAV for an incident in manufacturing, is a websocket-based race condition authentication bypass affecting Fortinet's FortiOS and FortiProxy flagship appliances. Successful exploitation results in the ability to execute arbitrary CLI console commands as the super_admin user. The CVE-2024-55591 advisory was published at the beginning of 2025, and it saw widespread exploitation in the wild. One investigation revealed attackers using the above flaw to exploit vulnerable firewall devices and create local and administrator accounts with legitimate-looking names (e.g., references to "Admin", "I.T.", "Support"). This allowed access to firewall dashboards, which may have contained useful information about the devices' users, configurations, and network traffic. Policies were created which allowed for leveraging of remote VPN services, and the almost month-long dwell time observed in similar incidents may suggest initial access broker (IAB) activity, or a possible intended progression to data exfiltration and ransomware. Exposed RMM tooling: A path to ransomware As noted above, 6% of IAV incidents were a result of exposed remote monitoring and management (RMM) tooling. RMMs, used to remotely manage and access devices, are often used to gain initial access, or form part of the attack chain leading to ransomware. One investigation revealed a version of SimpleHelp vulnerable to several critical privilege escalation and remote code execution vulnerabilities, which included CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. These CVEs target the SimpleHelp remote access solution. Exploiting CVE-2024-57727 permits an unauthenticated attacker to leak SimpleHelp "technician" password hashes. If one is cracked, the attacker can log-in as a remote-access technician. Lastly, the attacker can exploit CVE-2024-57726 and CVE-2024-57728 to elevate to SimpleHelp administrator and trigger remote code execution, respectively. CVE-2024-57727 was added to CISA KEV in February 2025. The vulnerable RMM solution was used to gain initial access and threat actors used PowerShell to create Windows Defender exclusions, with the ultimate goal of deploying INC Ransomware on target systems. SEO poisoning: When a quick search leads to disaster SEO poisoning, once the scourge of search engines everywhere, may not be high on your list of priorities. However, it still has the potential to wreak havoc on a network. Here, the issue isn't so much rogue entries in regular search results, but instead the paid sponsored ads directly above typical searches. Note how many sponsored results sit above the genuine site related to this incident: Multiple sponsored searches above the official (and desired) search result This investigation revealed a tale of two search results, where one led to a genuine download of a tool designed to monitor virtual environments, and the other led to malware. When faced with both options, a split-second decision went with the latter and what followed was an escalating series of intrusion, data exfiltration and—eventually—ransomware. An imitation website offering malware disguised as genuine software On the same day of initial compromise, the attacker moved laterally using compromised credentials via RDP, installing several RMM tools such as AnyDesk and SplashTop. It is likely that the threat actor searched for insecurely stored password files and targeted password managers. They also attempted to modify and/or disable various security tools in order to evade detection, and create a local account to enable persistence and avoid domain-wide password resets. An unauthorised version of WinSCP was used to exfiltrate a few hundred GB of sensitive company data from several systems, and with this mission accomplished only a few tasks remained. The first: attempting to inhibit system recovery by tampering with the Volume Shadow Copy Service (VSS), clearing event logs, deleting files, and also attempting to target primary backups for data destruction. The second: deployment of Qilin ransomware and a blackmail note instructing the victim to communicate via a TOR link lest the data be published to their leak site. Qilin ranked 7 in our top ransomware groups of Q1 2025 for leak post frequency, racking up 111 posts from January through March. Known for double-extortion attacks across healthcare, manufacturing, and financial sectors, Qilin (who, despite their name, are known not to be Chinese speakers, but rather Russian-speaking) has also recently been seen deployed by North Korean threat actors Moonstone Sleet. Attacker behaviour observations Bunnies everywhere: Tracking a top malware threat BunnyLoader, the Malware as a Service (MaaS) loader possessing a wealth of capabilities including clipboard and credential theft, keylogging, and the ability to deploy additional malware, is one of the most prolific presences Rapid7 has seen this first quarter of 2025. In many cases, it's also daisy-chained to many of the other payloads and tactics which make repeated appearances. To really drive this message home: BunnyLoader is the most observed payload across almost every industry we focused on. Whether we're talking manufacturing, healthcare, business services or finance, it's typically well ahead of the rest of the pack. Here are our findings across the 5 most targeted industries of Q1: BunnyLoader is in pole position not only for the 5 industries shown above, but across 12 of 13 industries overall, with 40% of all incidents observed involving this oft-updated malware. Just over half of that 40% total involved a fake CAPTCHA (commonly used for the purpose of victims executing malicious code), with malicious / compromised sites appearing in a quarter of BunnyLoader cases. Rogue documents, which may be booby-trapped with malware or pave the way for potential phishing attacks, bring up the rear at just 9% of all BunnyLoader appearances recorded. First offered for sale in 2023 for a lifetime-use cost of $250, its continued development and large range of features make it an attractive proposition for rogues operating on a budget. Targeted organisations: The manufacturing magnet Manufacturing organisations were targeted in more than 24% of incidents the Rapid7 IR team observed, by far the most targeted industry in Q1 based on both Rapid7's ransomware analytics and IR team observations. The chart below compares Rapid7's industry-wide data (comprising a wide range of payloads and tactics) with ransomware leak post specific data. In both cases, manufacturing is a fair way ahead of other industries; this reflects its status as one of the most popular targets for ransomware groups over the last couple of years. The manufacturing industry is an attack vector for nation states because it is an important component of global trade. It is also an area that has many legacy and older, operational technologies (OT). Combine unpatched legacy systems with complicated supply chains, and you have a risk that nation state actors will find an attractive target. This is especially the case when considering that many manufacturing organisations have critical contracts with governments, and attacks can cause severe disruption if they're not speedily resolved. Conclusion Q1 2025 resembles a refinement of successful tactics, as opposed to brand new innovations brought to the table. Our Q1 ransomware analytics showed threat actors making streamlined tweaks to a well-oiled machine, and we find many of the same "evolution, not revolution" patterns occurring here. This progression is particularly applicable in the case of initial access via valid accounts with no MFA protection. We expect to see no drop in popularity while businesses continue to leave easy inroads open and available to skilled (and unskilled) attackers. In addition, the risk of severe compromise stemming from seemingly harmless online searches underscores the necessity for organisations to reexamine basic security best practices, alongside deploying robust detection and response capabilities. Businesses addressing these key areas for concern will be better equipped to defend against what should not be an inevitable slide into data exfiltration and malware deployment.
Techday NZ
4 days ago
- Techday NZ
Tenable to acquire Apex Security, bolstering AI risk control
Tenable has announced its intent to acquire Apex Security to expand its exposure management capabilities within the artificial intelligence (AI) attack surface. The planned acquisition is aimed at incorporating Apex Security's technology into Tenable's exposure management platform, as AI adoption accelerates and new cyber risks emerge. Tenable has previously addressed AI-related security concerns through its Tenable AI Aware product, introduced in 2024, which assists organisations in identifying and assessing AI usage across their operations. The integration of Apex Security's capabilities would allow Tenable to move beyond detection and assessment, enabling organisations to govern AI usage, enforce policies, and control exposure risks for both off-the-shelf and in-house-developed AI systems. Generative AI and autonomous systems are contributing to a broader and more complex attack surface, exposing organisations to risks such as shadow AI applications, AI-generated code, synthetic identities, and unregulated cloud services. The expansion of Tenable's exposure management offering comes at a time when cyber risk management is adapting to the pace and scale of AI-driven digital transformation. Steve Vintz, Co-Chief Executive Officer and Chief Financial Officer at Tenable, said: "AI dramatically expands the attack surface, introducing dynamic, fast-moving risks most organisations aren't prepared for. Tenable's strategy has always been to stay ahead of attack surface expansion — not just managing exposures, but eliminating them before they can be exploited." Mark Thurmond, Co-Chief Executive Officer at Tenable, spoke about the proactive need for addressing AI risks. He said: "As organisations move quickly to adopt AI, many recognise that now is the moment to get ahead of the risk — before large-scale attacks materialise. Apex delivers the visibility, context, and control security teams need to reduce AI-generated exposure proactively. It will be a powerful addition to the Tenable One platform and a perfect fit for our preemptive approach to cybersecurity." Apex Security, founded in 2023, has attracted support from Chief Information Security Officers (CISOs) as well as prominent investors such as Sam Altman of OpenAI, Clem Delangue of Hugging Face, and venture capital firms Sequoia Capital and Index Ventures. The company's focus has been on securing AI usage among developers and general staff, helping address policy enforcement, usage management, and compliance challenges linked to AI adoption. Matan Derman, Chief Executive Officer and Co-Founder of Apex Security, commented on the strategic fit with Tenable. He said: "The AI attack surface is deeply intertwined with everything else organisations are already securing. Treating it as part of exposure management is the most strategic approach. We're excited to join forces with Tenable to help customers manage AI risk in context — not as a silo, but as part of their broader environment." Following the completion of the acquisition, Tenable expects to begin delivering integrated capabilities as part of the Tenable One platform during the second half of 2025. Tenable describes Tenable One as an exposure management platform which brings together visibility, context, and management for a range of attack surfaces from IT infrastructure to cloud environments. The financial terms of the deal have not been disclosed. The transaction is expected to close later this quarter, pending customary approvals and closing conditions.
