Dave Antlitz has worked across many industries; from healthcare to lobbying finally landing in chemical manufacturing where he has spent the last 12 years.  He currently manages the global firewall and security teams for WR Grace.  We work in both the IT and OT environments. When not working in the office, he enjoys restoring old cars. 

In this interview, David Antlitz shares valuable insights into network transformations and network security. Moreover, he discusses how a strong security partnership enabled him to achieve new heights of security success, build confidence in systems, and exceeded his expectations in a moment of uncertainty. Don’t miss this outstanding conversation with a highly regarded security professional.

Why did you move to SD-WAN?

You know, isn’t that the million dollar question? We were a legacy MPLS network which was high cost for data transport and low bandwidth and the migration to SD-WAN was really driven by moving to a lower cost transport with higher bandwidth. Again, and old network is really expensive and has low bandwidth. A new network is less expensive and offers higher bandwidth that can meet our application requirements.

What does your SD-WAN infrastructure look like?

Grace is using a Velo cloud SD-WAN deployment with approximately 45 nodes globally. In an any-to-any configuration, so any site can communicate with any other site with local breakout of internet services, using Check Point’s Harmony Connect infrastructure to bring our users’ internet egress closer to the end user.

What challenges were you trying to solve with SD-WAN?

Our biggest challenges were cost and bandwidth performance; network performance.

How did you come to decide that Harmony Connect was the right security solution?

Was there any other choice? We’ve been a longtime Check Point client. I’ve been working with Check Point technology since the late ‘90s. It comes down to trust. There are other services that were offering similar architecture, similar solutions, but there was no trust in their technology.

Check Point has paved the way with security solutions across my entire tenure at Grace and the history that I have for growth. It’s always been reliable. It’s always been secure. It’s always been just the right choice.

As we looked to a migration to the SD-WAN, and what amounted to a very scary jump to a cloud firewall type technology, who am I going to go to? Somebody who is unproven who hasn’t delivered to me personally, who I can’t stand behind, or am I going to go to my trusted partner? I go to my trusted partner, and they rose to the occasion with Harmony Connect. One of the other beautiful things is that Harmony has been very dynamic.

The year 2020 changed everything. Previously, all of my users were in branch offices and manufacturing locations. Then, all-of-a-sudden, a chunk of my office staff and knowledge workers were sitting at home and working from home. And then, Check Point emerged with the Harmony Agent, not long after migrating my workforce to remote.

With the blink of an eye Check Point came out with a solution that provided me with the same level of security and the same policy with little-to-no work. All I had to do was deploy an agent to all of my remote workforce, and practically, with the snap of a finger, I acquired the same security as available within an actual branch office. Talk about “wow” moment, from the security perspective.

What kind of information, real-time reporting do you get, etc…

Again, within the Check Point Infinity Portal, any portal there is reporting and the Harmony Infrastructure is managed by Check Point SOC. So, on very few occasions –probably four in all- have I received an email or call from the SOC telling me that there was an issue. But overall, again, it’s a very solid, familiar reporting platform that looks very similar to what I was running in Smart Event or my internal firewalls before I went to Harmony.

Why or how do you see Harmony Connect as part of the future?

It’s a foundational building block in my architecture. As it grows and expands and new technology comes in, I’m right there along in lockstep with Check Point. I can deploy that new technology without fear or concern. Full disclosure – yeah, I was worried three years ago. I thought “wow, I don’t have a physical appliance that I can physically reach for”.  But today, I don’t need that. Nor do I want to go back. There’s no looking back. If I can go leverage more Harmony more places, I’m all for it.

How is this allowing your company to modernize/digitally transform?

Isn’t that part of the reason we went to SD-WAN or went to Harmony in the first place? Organizations we’re adopting a cloud first strategy, particularly with SaaS applications. We’re migrating everything to the cloud that we can and virtually shutting down our data centers.

Previously, we had to back-haul resources across a clunky and slow WAN to a data center and out the door…etc. What Harmony has enabled me to do is bring my users closer to the resources that they’re accessing because the resources are right on the internet. So, as I look at Office 365, and as I’m looking at several other cloud based applications, they’re just a hop or two away, so to speak – whereas before I had to back-haul the way to a data center and out the door, which was causing huge latency issues and performance issues for my end users. So that’s been instrumental in not only securing the environment, but also improving the user and users’ performance.

You alluded cultural shifts that Grace has had to make recently. Can you speak to that more directly?

We’re really observing three different cultural shifts. The first cultural shift I would talk about is pre-COVID. With our cloud-first strategy, it really is that the days of having the Big Data Center impacting the power of electric and paying for all these services to go to a centralized data center….That technology’s dead. I mean, anybody who’s not moving to cloud will be soon, and they’re kind of on the slower end.

Of the other cultural shift that we see is, as I affectionately call the COVID shift, is that, in my opinion, the remote workforce is here to stay. So, as we look at the remote workforce, and you look at a harmonious solution to fully encompass all of our remote work, or security, that works together as for one console, through one partner, I’ve reduced my Total Cost of Ownership by not needing as many employees to manage the environment and I can do this without compromising security. And it’s all in one nice, neat place for monitoring, managing and reporting as required and as things occur.

And finally, look at the infamous Log4j that ruined everybody’s December. I woke up in the morning and thought “Okay, I’m going to have to apply IPS signatures and protections into my environment, ensure that everything is up to snuff.” Although I still had to do that with the very few on-premises gateways remaining, I immediately said “So what about Harmony?” The response was “Oh, that’s already done. We did that last night. No action, nothing needed.” It was just done and we were secure. We were secure immediately. As soon as the signature came out. I can’t ask for better security than that.

Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.