It’s extremely hard for cyberattackers to break into something they cannot see.

This has become an especially important need for MAN Energy Solutions SE, a German firm that makes large-bore diesel engines and turbomachinery for marine and stationary applications. Its internet of things-connected diesel engines drive ships and power plants, so MAN needed to ensure that its equipment was invisible to cyberattackers and viewable only by the right people to access equipment and applications.

“It’s really important that we secure this infrastructure,” said Tony Fergusson (pictured), IT infrastructure architect at MAN Energy Solutions. “We have a lot of IoT on the actual engine. We wanted to authenticate the engineer and make sure that the right people got to the right assets.”

Fergusson spoke with Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s livestreaming studio, at theCUBE’s studio in Palo Alto, California. They discussed how Zscaler Inc. transformed MAN’s infrastructure into a dark space, as well as the security benefits of application-centric access controls. (* Disclosure below.)

Invisible domain names and IP addresses

Working with MAN, Zscaler offered policy-based secure access to private applications and assets, such as the company’s diesel engines. Zscaler’s “black-cloud” solution transformed the application’s infrastructure into an invisible environment that revealed no domain name system information or vulnerable IP addresses.

“Everything is dark, so if there is an attacker and he scans my infrastructure, he won’t see anything,” Fergusson explained. “We reduce the attack surface, which means there’s no answer back. By doing this, we remove all of these vulnerabilities. But, at the same time, we still allow an engineer to connect to the assets.”

From a security standpoint, there is another important element to Zscaler’s solution. Zscaler Private Access segments contractor access by application, not network. This means that the attack surface is further limited because malicious software often moves laterally in a network environment where it causes the most havoc. Access is triggered by a client to a server and never the other way around.

As MAN evaluated various solutions, the company found that it wanted the kind of application-focused approach that Zscaler provided.

“A lot of this is really network-centric, and what we were looking for was something that was more application-centric, something that moved up the stack and started to look at policy,” Fergusson said. “You don’t need to worry about the network anymore; you just want to get applications to users.”

Watch the complete video interview below. (* Disclosure: Zscaler Inc. sponsored this segment of theCUBE. Neither Zscaler nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: MAN Energy Solutions (Twitter)