The Almac Group is a privately owned contract development and manufacturing organization serving global pharmaceutical and biotech companies. It provides an extensive range of integrated services across the drug development lifecycle—from R&D and biomarker discovery through formulation development to commercial-scale manufacturing. With a global reputation for excellence, Almac Group has 6,000 employees in the UK, US, Singapore, Japan, Denmark, and Sweden.
The company’s team of security specialists is responsible for defending its smart data center, cloud deployments, endpoints, and branch offices. In addition, they must protect SD-WAN network connections and provide access to corporate resources. When the pandemic hit, new security challenges—and opportunities—emerged.
Streamlining for Secure Growth
The company’s on-premises security architecture had been built on traditional firewalls augmented by a third-party intrusion prevention system (IPS) service. Over time, the collection grew to multiple firewalls with their own management interfaces, as well as aging proxy servers. When the pandemic occurred, it created a new work-from-home environment, which greatly increased the demand for VPN connectivity and throughput.
The pandemic also escalated cyber threats. Malicious actors targeted remote offices and devices that they perceived to be vulnerable. Almac Group also relies on business-critical manufacturing and laboratory technologies—Internet of Things (IoT), industrial control system (ICS), operational technology (OT), and supervisory control and data acquisition (SCADA) systems and devices. Almac Group always wanted to continue with the highest level of security as they expanded. During this time, the company was also opening new locations that needed safe connectivity to the Internet and corporate resources.
All of these changes accelerated Almac Group’s cloud journey. They moved on-premises email to cloud-based Microsoft Office 365 and began migrating development workloads into AWS.
“Rapid change required more security functionality and flexibility,” said Stephen Park, Principal Security Information Specialist for Almac Group. “We needed to extend robust security, scale protection of our IoT environments, and consolidate management with better visibility. We turned to Check Point.”
Tailoring Protection for Everything, Everywhere
Almac Group consolidated its infrastructure using Check Point Quantum Security Gateways to secure the network, Check Point Harmony to secure remote and branch office users, and Check Point CloudGuard Network Security to secure cloud environments. Based on the Check Point Infinity architecture, Quantum gateways deliver up to 1.5 Tbps of threat prevention performance with on-demand scalability. SandBlast Zero Day Protection and more than 60 innovative services prevent fifth-generation cyber attacks with 24/7, real-time threat intelligence from Check Point ThreatCloud. Quantum DLP and compliance blades help Almac Group protect privileged data while ensuring adherence to compliance requirements.
“The Check Point Quantum compliance blade gives us the visibility we need for meeting standards, such as ISO 27001 and CIS Benchmarks,” said Park. “It also helps us align our Check Point rule bases with best practices.”
Using Check Point Quantum IoT Protect, Almac Group enables zero-trust protection for its IoT/OT/ICS/SCADA environments. Quantum IoT Protect identifies all IoT devices on the network and assesses their risk. It prevents unauthorized access to and from these devices through zero-trust segmentation, and it blocks threats to IoT devices. Zero-trust policy and run-time protection can be tailored per device—securing them from the moment they first connect to the network.
“We use Quantum IoT Protect in conjunction with a third-party network detection and response solution,” said Park. “With visibility into all devices and their profiles, we have detailed information for applying dynamic policy rules and protecting them.”
Check Point CloudGuard Network Security provides advanced threat prevention and automated security for Almac Group’s cloud assets. Data is protected from the most sophisticated attacks. Automation supports rapid deployment and automation of developer CI/CD workflows, while unified management makes it fast and easy for the security team to ensure consistent policy across on-premises and cloud environments.
“The biggest benefit we receive from Check Point is the security it delivers,” said Park. “We gained advanced protection against known and emerging threats like the Log4j exploit. At the same time, we’ve been able to streamline security across our remote locations, network and Internet connections, and a universe of specialized IoT devices.”
Now, threats are detected and stopped before they can do damage. Check Point SandBlast zero-day Protection is a cloud-based CPU and OS-level sandbox that prevents infection from the most dangerous exploits, zero-day threats, and targeted attacks. SandBlast also performs Threat Extraction—removing executable content to proactively protect against known and unknown threats contained in documents. The end result is true zero-day prevention with fast delivery of safe files to users.
Simple and Centralized
Check Point’s security management platform eliminated the challenges associated with juggling multiple security solutions. Now, the Almac Group has single-pane-of-glass visibility with a cloud-based solution, making it easy to manage security for all global locations.
“Because Check Point is so easy to use, we implemented almost everything else ourselves,” said Park. “Smart logging and reporting make our job so much easier.”
Flexibility with Reliability
Today, the Almac Group security team easily manages security while providing a consistent experience for all users across all locations. Whether defending the perimeter, cloud, IoT implementations, or proprietary data—they trust Check Point completely.
“We rely on Check Point,” said Park. “Check Point solutions and services are always evolving to give us a dynamic edge against advanced threats. I certainly recommend them as a vendor of choice.”