The IT Nerd

Check Point today announced the availability of Canada data residency for Check Point SASE, enabling Canadian organizations to process and store key SASE security data within Canada.

This expansion follows the recent launch of Check Point WAF and further reinforces Check Point’s commitment to the Canadian market. By enabling Canada data residency for Check Point SASE, organizations gain greater control over where sensitive network and security telemetry is processed, helping organizations support their compliance efforts with Canadian privacy and data residency requirements without compromising enterprise-grade security capabilities. Key SASE data, including traffic inspection and session data, security event logs, metadata, and tenant configuration,[HK1] [IP2] [IP3]  is processed and stored within Canada, giving security, IT, and compliance teams greater transparency when addressing regulatory or audit requirements around data location.

Check Point SASE’s Canada data residency capability is designed to support organizations’ compliance efforts by helping ensure that critical network and security telemetry remains within Canada.[HK4] [IP5] [HK6]  Other key benefits include:

• Processing and storage of key SASE data within Canada, including traffic inspection, session data, logs, metadata, and configuration[HK7] [IP8] [IP9] 
• Support for Canadian privacy and data residency requirements without reducing security capabilities
• Full access to the complete Check Point SASE platform, including Private Access (ZTNA), Internet Access (Secure Web Gateway), and SaaS Security (CASB)
• Local data handling combined with global scale, backed by Check Point’s worldwide backbone and high-availability architecture

Canada joins the United States, European Union, India, and Australia as a fully supported data residency region for Check Point SASE, reflecting the company’s continued investment in regionally aligned security architectures that meet customers where their regulatory requirements are. Check Point SASE support teams operate globally, and customer information is handled solely as required to support service delivery

Availability

Check Point SASE Canada data residency is generally available to new customers immediately. Existing customers requiring Canada data residency should contact their Check Point representative to discuss onboarding options.

Check Point today announced it has been honored with Frost & Sullivan’s 2026 Technology Innovation Leadership recognition for its advancements in web application and API protection (WAAP). The new recognition illustrates how Check Point’s prevention-first strategy and open-source contributions have established a new benchmark for securing modern digital architectures.

Check Point WAF is purpose-built to protect modern, cloud-native and AI-powered applications in real time. As applications grow more dynamic, organizations need security that prevents threats before they impact the business, helping customers move forward with confidence while reinforcing Check Point’s leadership in the future of cyber security.

Frost & Sullivan highlights that as enterprises accelerate adoption of cloud-native architectures, APIs, and AI-driven applications, the attack surface has expanded well beyond traditional security tools. Check Point’s Cloud Security Report reinforces this urgency, finding that 65% of organizations have experienced cloud-related breaches. Frost & Sullivan recognizes Check Point for solving these challenges head-on, with its WAF and API security platform emerging as an alternative to legacy solutions that struggle to defend against today’s sophisticated attacks.

The report highlights several key strengths of Check Point WAF, primarily focusing on its advanced AI capabilities, unified platform approach, and operational efficiency:

• Advanced Dual-Layer AI Engine: Delivers close to 100% threat detection with fewer than (<1%) false positives, preemptively blocking all attack types, including zero-days without the need for emergency patching, giving security teams high-confidence protection
• Unified Application Security Across the Full Attack Surface: Consolidates WAF, API, GenAI, bot, DDoS, file security, and CDN capabilities, eliminating the fragmented point solutions that create blind spots and increase administrative overhead
• Operational Efficiency and Automation: Eliminates manual rule creation and signature updates via self-learning Al, continuously adapting to application changes, reducing false positives, emergency patching cycles, and operational lifts
• A Community-Driven Model That Accelerates Innovation: Commitment to transparency and collective intelligence enables a community-driven approach to threat hardening, accelerating updates for emerging threats and techniques

The results speak for themselves: <1% false positives, automatic prevention of zero-day threats without emergency updates, and incident response times are measured in hours rather than days. Security and application teams see significant reductions in rule management overhead, while end users benefit from improved application availability and reliability. As Frost & Sullivan noted, “by converting continuous learning and runtime observability into instant, customized threat prevention with limited human intervention, Check Point WAF sets a new benchmark for what organizations should expect from a web application firewall in the cloud native and AI era.”
 
To learn more about this recognition, visit the Check Point blog or access the full Frost & Sullivan report here.

Check Point Software today announced a Secure AI Advisory Service, a new service designed to help enterprises accelerate AI adoption with governance, risk management and regulatory compliance embedded from the start.

AI is moving from experimentation to core business infrastructure. Yet in many organizations, deployment is outpacing oversight. Boards and executive teams are facing increased regulatory scrutiny, operational risk and accountability gaps as AI systems expand across hybrid networks, cloud environments and digital workspaces. Secure AI Advisory provides a structured, intelligence-driven framework to bring clarity and control to AI transformation. The service embeds governance, risk assessment and regulatory alignment across the full AI lifecycle, enabling measurable risk reduction and responsible scaling from day one.

This new service is part of the CPR Act, Check Point’s Cyber Resilience and Response unit, which delivers AI governance with global threat intelligence to provide actionable guidance. Unlike one-off assessments or standalone consulting, CPR Act integrates AI governance into the security lifecycle, connecting intelligence, readiness, detection, and response. This ensures controls and monitoring to adapt to new AI risks, regulations, and threats, offering organizations a single accountable partner from strategy through execution.

Enterprises require more than policy guidance. They need operational frameworks that align innovation with accountability and risk transparency. Secure AI Advisory delivers:

• AI governance frameworks aligned to business strategy
• AI risk and impact assessments with prioritized mitigation roadmaps
• Regulatory readiness aligned to EU AI Act, GDPR, ISO 42001 and NIST AI RMF
• Executive and practitioner enablement to operationalize controls

The service is available in three tiers, Essential, Enhanced and Total, supporting organizations at every stage of AI maturity. All tiers include access to Check Point’s interactive AI Risk and Compliance Dashboard for continuous visibility and structured oversight.

Secure AI Advisory complements Check Point’s prevention-first security architecture, supporting secure AI adoption across Hybrid Mesh Network Security, Workspace Security, Exposure Management and AI Security. This integrated approach enables organizations to govern AI consistently across multivendor and hybrid environments without adding operational complexity.

By combining vendor agnostic advisory with intelligence-led insight, Check Point helps enterprises transform AI from a source of uncertainty into a controlled driver of growth. Secure AI Advisory reinforces Check Point’s commitment to securing the AI transformation. By embedding governance, risk management and compliance into AI strategy at the outset, organizations can accelerate innovation while protecting resilience, reputation and shareholder value.

Check Point today announced the launch of a dedicated Canada data region for its Check Point Web Application Firewall (WAF), ensuring that all configurations, logs, and security processing remain fully within Canada.

This launch enables Canadian organizations, particularly those in regulated industries, to meet strict data residency, privacy, and sovereignty requirements, while maintaining enterprise-grade application and API security. Organizations can now protect applications and APIs within Canada using Check Point’s AI-powered Web Application Firewall to stop threats early, reduce compliance complexity, and eliminate cross-border data exposure. The Launch highlights Check Point’s continued investment in locally hosted security aligned with national regulations. 

Key benefits of the Canada data region include:

• Full Canadian data residency for logs, configurations, and inspection data
• Local performance with reduced latency
• Prevention-first security that blocks known and unknown threats
• Reduced operational overhead and improved security efficiency

This milestone is particularly significant for finance, healthcare, government, and critical infrastructure organizations that must comply with increasingly stringent regulatory and privacy frameworks.

Check Point WAF leverages AI-powered, prevention-first architecture to protect applications and APIs from both known and zero-day threats — without relying on signatures, emergency patching, or manual rule tuning. Key performance highlights include:

1. 99.5% detection rate with near-zero false positives
2. 90%+ of deployments operating in full prevention mode
3. Fully automated protection requiring no manual tuning
4. Proactive blocking of zero-day attacks in advance

Its effectiveness has been validated through the WAF Comparison Project 2026, which assessed 14 leading WAF vendors under real-world conditions. Check Point WAF has also been recognized as a Leader/Fast Mover in the GigaOm Radar and included in the Gartner WAAP Market Guide.

Check Point WAF’s Canada data region is now available for eligible customers and partners.

Check Point will showcase the new data region and discuss its prevention-first approach to application security during its concurrent keynote session and throughout the exhibition at the Victoria International Privacy & Security Summit (VIPSS) in Victoria, BC, March 4–5, 2026.–

Check Point today unveiled its four-pillar strategy to secure the AI transformation of enterprises, and announced three acquisitions that significantly expand opportunities for channel partners and managed service providers.

The acquisitions of Cyata, Cyclops, and Rotate strengthen the company’s platform across AI Security, Exposure Management, and Workspace Security — enabling partners to deliver new services around AI governance, risk-driven security, and scalable MSP protection.

These moves demonstrate Check Point’s commitment to supporting partners as customers navigate increasingly complex, AI-driven environments, while providing a clear framework for delivering integrated, prevention-first security services.

Check Point has a blog post on this that you can read here: Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World – Check Point Blog

Researchers have uncovered a critical privilege-escalation vulnerability, in Check Point’s Harmony Secure Access Service Edge Windows client software, tracked as CVE-2025-9142, that enables hackers to write or delete files outside the certificate working directory that could compromise systems.

More info can be here: https://blog.amberwolf.com/blog/2026/january/advisory—check-point-harmony-local-privilege-escalation-cve-2025-9142/

Jim Routh, Chief Trust Officer at Saviynt, commented:

“This is an excellent example of the critical need for an enhanced PAM capability (specifically one that includes a continuous identity validation capability). Enterprises should include this in their mandatory requirements for upgrading their PAM capabilities. Privileged Access Management platforms designed for people to control access to other humans is fundamentally obsolete and insufficient for protecting against credential compromise, token compromise and the migration to agents in operation through MCP servers/gateways. It’s a different “ballgame” with different requirements for identity security to be part of the critical path toward responsible use of AI. It’s time to change our PAM requirements and this vulnerability is a reinforcement of this need for enterprises.” 

If you’re not familiar with PAM or Privileged Access Management, here’s a primer from Microsoft. And now would be a good time to have that discussion in order to keep your organization safe.

Over 10 million people use the Google Looker family of products – but unfortunately they are increasingly being used for illicit purposes. New research from Check Point found that cyber criminals are using Google Looker Studio, Google Docs and Google Slide for advanced phishing attacks. 

Here’s how it works

1. Cybercriminal creates a Google Looker Studio page 
2. Cybercriminal uses Google to send a real notification to the targeted victim, asking them to review or comment. Since the notification comes from the legitimate Google account, it’s not caught by security filters
3. Victim clicks through to look at the page, which looks legitimate
4. Embedded within the Google Looker page is a link that redirects the victim to an external page designed to steal their login credentials and crypto-related information

According to Jeremy Fuchs, Cybersecurity Researcher at Check Point Software Technologies:

“Cyber criminals are taking advantage of Google’s business tools to help them steal login credentials and crypto accounts. Recently we’ve seen a dramatic rise in the use of Google Looker Studio for phishing attempts. This is concerning because it is difficult to detect for both security services and end users.”

You can read this attack brief here.

Check Point has a very interesting article that they’ve posted to their website describing who cyber criminals are able to bypass restrictions placed on the ChatGPT AI to create “better” malware:

CPR researchers recently found an instance of cybercriminals using ChatGPT to “improve” the code of a basic Infostealer malware from 2019. Although the code is not complicated or difficult to create, ChatGPT improved the Infostealer’s code.

And:

However, CPR is reporting that cyber criminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT´s barriers and limitations.  This is done mostly by creating Telegram bots that use the API. These bots are advertised in hacking forums to increase their exposure.

To top it all off, there’s this:

In an underground forum, CPR found a cybercriminal advertising a newly created service: a Telegram bot using OpenAI API without any limitations and restrictions.

As part of its business model, cybercriminals can use ChatGPT for 20 free queries and then they are charged $5.50 for every 100 queries.

The net result is that this could literally be leveraged by anyone to create extremely dangerous malware. Which frankly is quite scary if you’re on the side of the fence where you have to defend against these attacks. But is this a bypass of ChatGPT’s restrictions? Craig Burland, CISO, Inversion6 doesn’t think so:

Describing this as a bypass is a bit of an exaggeration. ChatGPT doesn’t, at this point, impose controls on the API. Abuse of the API is prohibited by policy. Hackers haven’t cleverly bypassed security or exploited a deep-seated vulnerability. They’ve simply leveraged an incomplete feature. Given what OpenAI has accomplished, I expect this control is already on their roadmap and will be implemented shortly.

ChatGPT is in the midst of the hype cycle where every success or failure is shouted from the rooftops. ChatGPT is a complex and intriguing tool, but in the end, it is just a tool. We need to temper our human emotions, be patient as it matures, and figure out how best use it.

Hopefully this is on the roadmap to be addressed sooner rather than later. Otherwise I suspect that we’re all going to be in a lot of trouble.

Check Point Research today released findings showing that weekly cyber attacks increased 32% year-over-year, with 1 out of 40 organizations impacted by a ransomware attack. Key highlights include:

• Average weekly attacks per organization worldwide reached a peak of 1.2K attacks, a 32% increase year-over-year
• Education/ Research sector continues to be the most heavily attacked industry, seeing a 53% increase year-over-year
• Globally, 1 out of 40 organizations were impacted by Ransomware attacks, a worrying 59% increase year-over-year
• Latin America seeing the largest increase in Ransomware attacks, with 1 out of 23 organizations impacted weekly, (43% increase YoY),
  with the Asia region following with 1 out of 17 organizations impacted weekly (33% increase YoY)

All of those numbers are pretty scary, but not surprising. Saryu Nayyar, CEO and Founder, Gurucul explains why:

     “It’s no surprise that cyber-attacks are increasing year over year. What is surprising is that organizations still aren’t deploying modern defenses to protect themselves from these increasingly sophisticated attacks. Ransomware in particular is a nasty trend since criminals often execute double extortion tactics whereby, they not only encrypt the victim’s data but also exfiltrate it for sale or exposure. This reinforces the need for newer and more advanced technologies beyond current XDR and SIEM platforms to prevent a successful detonation of ransomware. Prioritizing solutions that automate detection, prioritize seemingly random indicators of compromise for further investigation and automate responses with a high-level of confidence are critical in deciding where to invest.”

Chris Olson, CEO of The Media Trust has this to add:

     “The alarming acceleration of cyberattacks in 2022 has many factors, from rising financial and political incentives for cybercrime, to the proliferation of malware and exploits through easily accessible darknet markets. Attackers are also increasingly relying on the Web and mobile devices as channels for ransomware spread, expanding the number of surfaces through which consumers, organizations and government agencies can be targeted.

With consumers bearing the heaviest cost for data breaches, financial fraud and exposed credentials, today’s organizations must prioritize the safety of their customers, and vet their digital third parties for strong security practices.”

I think this Check Point report illustrates that the time for talking about cybersecurity is over and the time for action is now. I say that because everyone is a potential victim if they don’t take action to defend themselves.