by Kavitha Mariappan, Senior Vice President of Customer Experience and Transformation at Zscaler
English artist Banksy once said, “Invisibility is a superpower.”
Banksy was speaking of the shield anonymity provides, but the statement also applies to information security: Invisibility is an effective superpower for preventing cybercrime. You can’t attack what you can’t see.
If your enterprise data is invisible to the outside world, bad guys can’t threaten to use your private information against you, or sell it, or hold it for ransom. By making your data invisible to everyone except those expressly authorized to see it, you can prevent an attacker from infiltrating your network to spread malware or steal data. One company is doing just that.
Nothing to see here
MAN Energy Solutions, a division of the Volkswagen Group, makes large-bore diesel engines and turbomachinery for use on ships and in other large-scale applications. Imagine if an attacker was able to infiltrate one of its internet-connected engines on a ship in the middle of the ocean and control it remotely. To prevent such a disaster, MAN Energy ensures its systems are visible only to the right people and invisible to the wrong ones.
The company looked to Zscaler to help secure its connected fleet of floating “branch offices”—shipping vessels moving constantly around the globe. By deploying Zscaler Private Access, MAN Energy employees got secure, policy-based access to the company’s private applications and assets without the need for VPN technology. The IT team sped and simplified access for users by transforming its application infrastructure into an environment that shielded domain name system (DNS) information and IP addresses. In other words, without authentication and authorization to access a specific application, there was nothing to see.
“Everything is dark, so if there is an attacker and he scans my infrastructure, he won’t see anything,” said Tony Fergusson, IT infrastructure architect at MAN Energy Solutions. “We reduced the attack surface, which means there’s no answer-back. But, at the same time, we still allow an engineer to connect to assets.”
MAN Energy was also looking to securely connect its globally distributed mobile workforce to its SaaS applications. With Zscaler, MAN Energy has enabled secure, direct-to-cloud connections for its 16,000 employees that provide consistent security no matter where users connect. “We were able to implement a zero trust model, or what I call a ‘black cloud,’” Fergusson said. “We have…replaced traditional approaches with this modern, secure, cloud-first implementation. We also have granular control over user permissions, with each employee and contractor getting access to only what they need to have access to.” In addition to better security, the company has reduced costs in software licensing and through the retirement of slow, expensive VPNs.
Invisibility removes incentive: A bad actor trying to infiltrate a Zscaler-secured enterprise with a brute-force attack will come up empty.
That attack requires a server or VPN concentrator to listen for inbound signals. In a zero trust network access environment like MAN Energy Solutions’, on the other hand, all connections are outbound. The user sends out a request to access an app, and that request is received by the security cloud which applies policies and authenticates users and devices. If the request is granted, a broker stitches together a connection between the user and the app, safely in the cloud. The user is never on the network, the app is never exposed.
Another benefit is application segmentation. If a user whose system has been compromised by malware should happen to connect, the zero trust approach prevents the infection or bot from moving laterally.
As long as there are profits to be made, cybercriminals will continue to attack corporate networks to shut them down or abscond with precious data. Cybercrime is a business, and attackers seek the most bang for their buck. Invisibility doesn’t just cloak an enterprise, it hides potential rewards for the bad guys. (How do you rob a bank when you can’t see it?) And in the end, keeping data secure while keeping users productive and happy might be the best superpower of all.
Check out the SiliconANGLE video interview with Tony Fergusson, in which he discusses his company’s challenges and how Zscaler successfully addressed them. Or read our case study to learn more.