Founded in 1854, Grace is a global leader in specialty chemicals and materials. Its two organizations, Grace Catalysts Technologies and Grace Materials Technologies, provide innovative products, technologies, and services that improve the products and processes of customers around the world.
Moving Manufacturing to a Cloud-Ready Architecture without Sacrificing Security
With 18 manufacturing plants across the globe, Grace is dedicated to serving customers in more than 40 countries. Like most manufacturers, Grace relies on its network as the foundation for its operations worldwide. Its WAN (Wide Area Network) was based on Multiprotocol Label Switching (MPLS) and site-to-site technology, was designed primarily to handle on-premises services. All Internet egress was centralized and routed through regional hubs. However, in recent years, Grace has moved from an on-premises approach to cloud-based services, utilizing solutions like Microsoft Office 365, AWS and Salesforce. The company realized that it needed a new network design approach to support its new service offerings.
“Grace is making a move to cloud services for both cost savings and improved performance for our users,” said Antlitz. “As we make that migration, we need to secure that environment using a nimble and dynamic architecture that can keep pace with the changing requirements of our user base. The data that we protect includes everything from typical financial and business data to the “secret sauce” of our manufacturing processes, and recipes for our chemicals that are used within business partners’ environments.”
Grace’s goal was a stable, better performing and more efficient WAN solution to support its cloud operations. One of its top priorities was to enable end users to connect directly to the Internet, eliminating the latency associated with its regional hub model. The new solution would need to be based on the latest Software-defined WAN technology and comply with the company’s cybersecurity requirements for Internet egress, supporting URL filtering, IPS, and threat protection. The solution would also need to be nimble and ready to easily adapt to changing business requirements. As Grace migrated to cloud office suites and more SaaS applications, it soon found that the volume of aggressive phishing attacks across email and enterprise apps soared as well. Grace intelligent, proactive protection to keep the accounts of its 5,000 SaaS users safe.
Applying Advanced Protection to Remote SD-WAN Sites and Applications
Grace determined that an SD-WAN architecture based on VMware VeloCloud would deliver the best combination of business agility and rapid scalability. A long-standing Check Point customer, Grace deployed Check Point Harmony Connect to provide integrated security for the architecture. This cloud-hosted network threat prevention service seamlessly delivers the latest, most comprehensive cyber security available, protecting branch sites from today’s targeted and advanced cyber threats.
“Harmony Connect includes intrusion prevention system (IPS), anti-bot, and antivirus capabilities to protect from known threats, Application Control and URL Filtering to enforce safe web use, and HTTPS inspection to prevent threats inside encrypted HTTPS channels. In short, the solution functions much the same as our long trusted on-premises solution, without the maintenance hassle.”
One of the strengths of Harmony Connect is its ability to apply a single consistent security policy from the cloud to multiple branch offices, reducing administration costs while ensuring compliance with corporate requirements to protect remote offices from threats.
“We have approximately 5,000 users sitting behind our Harmony Connect environment, allowing us to apply one unified policy,” said Antlitz. “Harmony Connect lets us simplify administration, yet still delivers a high level of security.”
Securing Office 365 & Email against Phishing
An essential part of Grace’s cloud migration is its embrace of cloud mailboxes and SaaS applications like Microsoft Office 365. To protect its mailboxes and SaaS applications from today’s increasingly sophisticated, targeted attacks that steal data on SaaS applications and cloud email, Antlitz activated Check Point Harmony Email & Office. Built with cloud mailboxes and SaaS apps in mind, this cloud service offers in-depth insights and advanced protection against the latest phishing attacks, malware, and zero-days. With its unique Identity Protection technology, Harmony Email & Office is the only security solution that can prevent account takeovers on enterprise SaaS applications.
“Before deploying Check Point Harmony Email & Office, I was reactive,” said Antlitz. “Today, as I look at the console and watch hundreds if not thousands of phishing attacks blocked, I see the value and strength of the security partner that we chose—and a product that allows me to sleep at night.”
Securing Internet Access for Remote Users
With the shift to remote and hybrid work, Antlitz found himself in a position where he quickly had to secure the internet access and browsing of thousands of remote users.
Without the protection of the corporate firewall, users working outside the office become more vulnerable to a host of threats that could spill over into the enterprise network. These include leakage of sensitive data, such as customer details and source code, which may be shared over public web and cloud apps. They also include the usual suspects such as malware, phishing, and C2 botnets.
Thanks to Harmony Connect’s lightweight client for secure internet access, Grace’s remote users enjoy the same level of enterprise-grade security within and outside the office, without compromising on performance.
Not only is internet access for remote users secured from the cloud utilizing the full security stack of threat prevention, data protection (including DLP) and access control—but because each user is routed to the nearest Harmony Connect point of presence, based on their real time location, no latency is experienced.
Per Antlitz, “I now have 4000-6000 users across the globe working remotely leveraging the Harmony Connect Client that connects me back to that same cloud infrastructure globally, enabling me to scale and apply that same security policy to all of those users in one location. Talk about a phenomenal asset to an ever-changing platform and architecture. “
Freeing IT Staff, While Minimizing Costs
An intuitive, easy-to-manage solution, Check Point Harmony Email & Office saves time for the IT staff, allowing them to focus on more proactive approaches to security. The solution provides more than standard email security solutions. Its integrated AI engines analyze hundreds of indicators like language and email meta-data to block more phishing techniques than any other solution.
“My team can use the data that is collected in Harmony Email & Office to look at attack vectors to see whether they’re targeted against us,” said Antlitz. “We then feed that data into our other systems. If it’s a targeted attack, it enables us not only to protect our email infrastructure but to that to expand that to our entire platform for threat intelligence, so we know what we have to defend against.”
Gaining Proactive Visibility and Protection for SaaS
Grace successfully deployed Check Point Harmony Email & Office within an hour, and after a bit of tuning, the solution began catching threatening emails immediately, ensuring that malicious content never entered the manufacturer’s environment.
“As a manager, I keep the Harmony Email & Office console open on my desk in the background every day, and it’s a thrill in considering how many emails I watch it catch and how many phishing attempts it blocks,” said Antlitz. “It’s a phenomenal product, and it’s fun to watch and know that we’re safe.”
Delivering Business Agility Backed by Robust Security
Together, the combination of VMware VeloCloud and Check Point security solutions has enabled Grace to successfully move to a more responsive environment that can keep pace with business change—and do it securely.
“With our legacy network, if we had an acquisition or business expansion, it would take a month or better for us to add a new site,” said Antlitz. “In the new SD-WAN environment with Harmony Connect, we can deploy a site in five minutes or less—including getting a cup of coffee in the middle of the process. It is a phenomenal solution that is quick to deploy, built on a very secure platform that we’re comfortable with.”
Easily securing a Primarily-Remote Workforce
By leveraging the same cloud infrastructure and management system to deploy secure internet access to all their remote users, Grace has minimized the rollout and day-to-day overhead required to keep employees and corporate data safe and productive outside the enterprise perimeter. Policies for remote users and SD-WAN sites are all managed in one place, and include the full threat prevention security stack, while deploying the Harmony Connect client to employee devices proved seamless.
“Who would’ve thought three years ago when I started my branch office journey that a year later I was going to have to pivot to now a primarily-remote workforce? And Harmony was able to scale, grow and pivot right along with me.”