Founded in 1854, Grace is a global leader in specialty chemicals and materials. Its two organizations, Grace Catalysts Technologies and Grace Materials Technologies, provide innovative products, technologies, and services that improve the products and processes of customers around the world.
Moving Manufacturing to a Cloud-Ready Architecture without Sacrificing Security
With 18 manufacturing plants across the globe, Grace is dedicated to serving customers in more than 40 countries. Like most manufacturers, Grace relies on its network as the foundation for its operations worldwide. Its WAN (Wide Area Network) was based on Multiprotocol Label Switching (MPLS) and site-to-site technology, was designed primarily to handle on-premises services. All Internet egress was centralized and routed through regional hubs. However, in recent years, Grace has moved from an on-premises approach to cloud-based services, utilizing solutions like Microsoft Office 365, AWS and Salesforce. The company realized that it needed a new network design approach to support its new service offerings.
“Grace is making a move to cloud services for both cost savings and improved performance for our users,” said Antlitz. “As we make that migration, we need to secure that environment using a nimble and dynamic architecture that can keep pace with the changing requirements of our user base. The data that we protect includes everything from typical financial and business data to the “secret sauce” of our manufacturing processes, and recipes for our chemicals that are used within business partners’ environments.”
Grace’s goal was a stable, better performing and more efficient WAN solution to support its cloud operations. One of its top priorities was to enable end users to connect directly to the Internet, eliminating the latency associated with its regional hub model. The new solution would need to be based on the latest Software-defined WAN technology and comply with the company’s cybersecurity requirements for Internet egress, supporting URL filtering, IPS, and threat protection. The solution would also need to be nimble and ready to easily adapt to changing business requirements. As Grace migrated to cloud office suites and more SaaS applications, it soon found that the volume of aggressive phishing attacks across email and enterprise apps soared as well. Grace intelligent, proactive protection to keep the accounts of its 5,000 SaaS users safe.
Applying Advanced Protection to Remote SD-WAN Sites and Applications
Grace determined that an SD-WAN architecture based on VMware SD-WAN by VeloCloud would deliver the best combination of business agility and rapid scalability. A long-standing Check Point customer, Grace deployed Check Point CloudGuard Connect to provide integrated security for the architecture. This cloud-hosted network threat prevention service seamlessly delivers the latest, most comprehensive cyber security available, protecting branch sites from today’s targeted and advanced cyber threats.
“CloudGuard Connect includes intrusion prevention system (IPS), anti-bot, and antivirus capabilities to protect from known threats, Application Control and URL Filtering to enforce safe web use, and HTTPS inspection to prevent threats inside encrypted HTTPS channels. In short, the solution functions much the same as our long trusted on-premises solution, without the maintenance hassle.”
One of the strengths of CloudGuard Connect is its ability to apply a single consistent security policy from the cloud to multiple branch offices, reducing administration costs while ensuring compliance with corporate requirements to protect remote offices from threats.
“We have approximately 5,000 users sitting behind our CloudGuard Connect environment, allowing us to apply one unified policy,” said Antlitz. “CloudGuard Connect lets us simplify administration, yet still delivers a high level of security.”
O365 Gone Phishing
An essential part of Grace’s cloud migration is its embrace of cloud mailboxes and SaaS applications like Microsoft Office 365. To protect its mailboxes and SaaS applications from today’s increasingly sophisticated, targeted attacks that steal data on SaaS applications and cloud email, Antlitz activated Check Point CloudGuard SaaS. Built with cloud mailboxes and SaaS apps in mind, this cloud service offers in-depth insights and advanced protection against the latest phishing attacks, malware, and zero-days. With its unique Identity Protection technology, CloudGuard SaaS is the only security solution that can prevent account takeovers on enterprise SaaS applications.
“Before deploying Check Point CloudGuard SaaS, I was reactive,” said Antlitz. “Today, as I look at the console and watch hundreds if not thousands of phishing attacks blocked, I see the value and strength of the security partner that we chose—and a product that allows me to sleep at night.”
Freeing IT Staff, While Minimizing Costs
An intuitive, easy-to-manage solution, Check Point CloudGuard SaaS saves time for the IT staff, allowing them to focus on more proactive approaches to security. The solution provides more than standard email security solutions. Its integrated AI engines analyze hundreds of indicators like language and email meta-data to block more phishing techniques than any other solution.
“My team can use the data that is collected in CloudGuard SaaS to look at attack vectors to see whether they’re targeted against us,” said Antlitz. “We then feed that data into our other systems. If it’s a targeted attack, it enables us not only to protect our email infrastructure but to that to expand that to our entire platform for threat intelligence, so we know what we have to defend against.”
Gaining Proactive Visibility and Protection for SaaS
Grace successfully deployed Check Point CloudGuard SaaS within an hour, and after a bit of tuning, the solution began catching threatening emails immediately, ensuring that malicious content never entered the manufacturer’s environment.
“As a manager, I keep the CloudGuard SaaS console open on my desk in the background every day, and it’s a thrill in considering how many emails I watch it catch and how many phishing attempts it blocks,” said Antlitz. “It’s a phenomenal product, and it’s fun to watch and know that we’re safe.”
Delivering Business Agility Backed by Robust Security
Together, the combination of VMware SD-WAN by VeloCloud and Check Point security solutions has enabled Grace to successfully move to a more responsive environment that can keep pace with business change—and do it securely.
“With our legacy network, if we had an acquisition or business expansion, it would take a month or better for us to add a new site,” said Antlitz. “In the new SD-WAN environment with CloudGuard Connect, we can deploy a site in five minutes or less—including getting a cup of coffee in the middle of the process. It is a phenomenal solution that is quick to deploy, built on a very secure platform that we’re comfortable with.”