National Oilwell Varco (Nov) under CIO Alex Philips underwent comprehensive cyber security transformation that features a zero -trust architecture, which strengthens identity defenses and incorporates AI in security operations. While the trip shouldn’t be complete, the outcomes are dramatic in accordance with all reports – a 35 times a decline in the safety eventsThe removal of malware-related PC editions and hundreds of thousands, which were saved by the scrap of Legacy “Appliance Hell” hardware.
Venturebeat recently (practically) teamed up for this incoming interview through which Philips describes how Nov achieved these results Zscaler'S Zero Trust platform, aggressive identity protection and a generative AI colleague for his security team.
He also informs how he held the cyber risk of Nov Nov Nov November in the midst of a worldwide threat landscape, through which 79% of the attacks to be given initial access are malware, and the opponents can break out of violations of 51 seconds.
In the next one can find excerpts by Philips' recent interview with venturebeat:
Venturebeat: Alex, Nov, went to Zero Trust a number of years ago – what were the outstanding winnings?
Alex Philips: When we began, we were a standard model for the castle and mobile that didn’t hold. We didn't know what Zero Trust was, we only knew that we would have liked identity and conditional access within the core of the whole lot. Our trip began taking on an identity -driven architecture via Zscalers Zero Trust Exchange and has modified the whole lot. Our visibility and protective cover increased too dramatically, while the variety of safety incidents was reduced by 35 times at the identical time. Previously, our team followed hundreds of malware incidents. Now it's a tiny fraction of it. We also passed around 100 malware-infected machines to practically zero from the brand new edition every month. That saved a number of money and time. And because the solution is cloud-based, Appliance Hell is gone, as I wish to say.
The zero-trust approach now offers 27,500 Nov users and the politically-based access from third parties to hundreds of internal applications without exposing these apps on to the Internet.
We were then capable of take an intermediate step and introduce our network again to architects to make use of web -based connectivity in comparison with expensive MPLs. “On average, we increased the speed by 10–20x, reduced the latency to critical SaaS apps and reduced the prices by over 4 times. Annual savings (from network changes) have already achieved over USD 6.5 million,” Philips determined the project.
VB: How did the shift to Zero Trust reduced the security noise by such an infinite factor?
Philips: A giant reason for that is that our web traffic is now going through a security service (SSE) with a full SSL inspection, sandboxing and data loss prevention. Zscaler peers directly with MicrosoftThe Office 365 traffic was faster and safer – the users now not tried to bypass controls since the performance improved. After we had refused the SSL inspection with ON-Prem devices, we finally received the legal approval of deciphering SSL traffic, because the cloud-proxy NOV doesn’t grant any access to the information itself. This implies that malware, which is hidden in encrypted streams, was caught the beating of endpoints. In short, we shrank the goal and let the great traffic flow freely. Fewer threats to fewer warnings.
John McLeod, Ciso from Nov, agreed that the and an identity-oriented cloud security stack was required. By ripping all company traffic via cloud security levels (and isolating dangerous web sites via tools reminiscent of ZSCALER's Zero Trust -Browser), NOV dramatically reduce the intrusion attempts. This comprehensive inspection function made it possible to acknowledge and stop the threats, which previously slipped and lowered the incidents by 35x.
VB: Were there unexpected benefits for the introduction of Zero Trust that you just didn't expect at first?
Alex Philips: Yes, our users actually preferred the cloud-based zero-trust experience in comparison with Legacy VPN customers, so the adoption was easy and gave us unprecedented agility for mobility, acquisitions and even what we would love to call “Black Swan Events”. For example, when Covid-19 met, Nov was already prepared! I told my management team, if all 27,500 of our users needed to work remotely, our IT systems could handle it. My tour was stunned and our company continued without missing a blow.
VB: Identity-based attacks climbing have mentioned amazing statistics on the theft of login information. How does NOV promotes identity and access management?
Philips: Attacker know that it is commonly easier to log in with stolen login information than to drop malware. In fact, 79% of the attacks were to be given initial access in 2024, in accordance with the newest threat reports on malware-free and based on stolen registration information, AI-controlled phishing and deepepake fraud. Every third cloud invading previously 12 months included valid registration information. We have tightened identity policy to make this tactic tougher.
For example, we’ve got integrated our ZSCALER platform with Octa for identity and conditional access controls. Our conditional access guidelines check devices Sentinelon Antivirus agent that runs before access and adds a further keeping test. We also drastically limited who can perform the password or MFA. No single administrator should have the option to bypass authentication controls alone. These tasks separation prevents an insider or an endangered account simply switches off our protection.
VB: You mentioned you can find a niche even after deactivating a user account. Can you explain
Philips: We have found that the attacker's meeting points are still energetic if you discover and deactivate a compromised user account. It shouldn’t be enough to reset passwords. You need to revoke session token to essentially switch off an intruder. We work with a startup to create almost real-time-token-to-infection solutions for our most regularly used resources. Essentially, we need to make a stolen token useless inside seconds. A zero-trust architecture helps because the whole lot is newly authenticated by a proxy or identity provider and offers us a single choke point to cancel token globally. In this manner, an attacker, even when an attacker grabs a VPN cookie or a cloud session, cannot move to the side because we’ll quickly kill the token.
VB: How else do you secure identities on November?
Philips: We force multi-factor authentication (MFA) almost in every single place and monitor abnormal access patterns. Okta, Zscaler and Sentinelon together form an identity-driven range of safety, through which each registration and device keeping is repeatedly checked. Even if someone steals a user word, he still stands for device tests, MFA challenges, conditional access rules and the danger of a direct revocation if something appears off. The reset of a password isn’t any longer sufficient – we’ve got to revoke the session tokens immediately so as to stop the side movement. This philosophy underpins Novs Identity Threatening Strategy.
VB: You were also an early user of AI in cyber security. How does Nov use the AI ​​and generative models within the SOC?
Philips: We have a comparatively small security team for our global footprint, so we’ve got to work smarter. One approach is to bring AI employees to our security operations center (SOC). We have teamed up with Sentinelone and with its AI security analyst tool -a AI that may be used to put in writing and execute with machine speed on queries about our protocols. It was a player that made analysts possible to ask questions in easy English and get answers in seconds. Instead of making the SQL queries manually, the AI ​​proposes the subsequent query and even generates a report mechanically that has reduced our mean times for the response.
We have seen success stories through which threat hunts with AI assistants are carried out as much as 80% faster. Microsoft's own data show that adding generative AI can reduce the within the meantime to a resolution by 30%. In addition to supplier tools, we also experiment with internal AI bots for operational analyzes, where we’re used Openai Basic AI models to assist non-technical employees quickly query data. Of course, we’ve got data protection reports in order that these AI solutions don’t escape sensitive information.
VB: Cyber ​​security isn’t any longer just an IT problem. How are you committed to the cyber risk of Novs Board and managers?
Philips: I made it a priority to take our board of directors on our cyber trip. You don't need the deep technical minutia, but you’ve to grasp our risk keeping. At the generative AI, for instance, I exploded the benefits and risks early on. This training helps if I suggest controls to forestall data leaks – it’s already an orientation of why it’s essential.
The board now considers cyber security as a core business risk. You shall be informed about it at every meeting, not only yearly. We even carried out tabletop exercises with you to point out how an attack would work and abstract threats would transform into material decision -making points. This results in stronger top-down support.
I'm aimed toward consistently strengthening the fact of the cyber risk. Even if hundreds of thousands are invested in our cyber security program, the danger is rarely fully eliminated. It shouldn’t be the case if we may have an incident, but when.
VB: A final advice based on Novs travel for other cios and cisos on the market?
Philips: First recognize that the security conversion and digital transformation go hand in hand. We couldn’t have moved so effectively without zero trust within the cloud or distant work, and the business costs saved have contributed to financing the safety improvements. It was really a “victory, win, win”.
Second, they concentrate on separating duties in identity and access. Nobody should have the option to undermine their security controls – enclosed. Small process changes, for instance that two people can change the MFA for an Exec or a highly privileged IT worker, can thwart malicious insiders, errors and attackers.
Finally huged AI fastidiously, but proactive. AI is already a reality on the attacker page. A well-implemented AI assistant can multiply the defense of your team, but you’ve to administer the risks of information leakage or inaccurate models. Make sure you bring the AI ​​output together together with your team's skills to create a AI-infused “brain”.
We know that the threats develop, but with zero trust, strong identity security and now AI on our side it helps us to present us a possibility.
