For the latest updates and exclusive contents of the industry’s best AI application, join the daily and weekly newsletter. Learn more
National Oilwell Varco (November) We are experiencing cyber security innovation according to CIO Alex Philips, accepting trust construction agreements, strengthening identity defense and AI into security operation. The trip is not completed, but the result is dramatic by all accounts- 35 times reduction in security eventsScrap the legacy “device hell” hardware to remove Malware -related PCs and millions of storage.
Venture Beats recently sat about this in -depth interview that Philips explained in detail how NOV achieved these results. Zscaler‘Zero Trust Platform for Security Team, aggressive identity protection and creation AI “colleague”.
He also shares how 79%of the attacks to get the initial approach have no malicious code, and the NOV’s board of directors involves involvement of cyber risks in a global threat environment that can escape from violations in 51 seconds.
The following is an excerpt from Philips’ recent venture bit interviews.
Venturebeat: Alex, nov went to Zero Trust a few years ago. What are the noticeable benefits?
Alex Philips: When we started, we were a traditional sex model that we did not keep. We didn’t know what Zero Trust was. We only knew that we needed identity and conditional approach at the heart of everything. Our journey began by adopting an identity -centered architecture for Zero Trust Exchange in ZSCALER and changed everything. Our visibility and protection range increased significantly, and at the same time, the number of security incidents decreased 35 times. Before, our team was chasing thousands of malware. Now, it is a small part of it. We also re -connected the infected machines with about 100 malware every month and went to zero. It saved a considerable time and money. And the solution is based on the cloud Appliance Hell As I want to say, it has disappeared.
The zero -trust approach now provides 27,500 November users and third -party policy -based access to thousands of internal applications, standing without exposing the app directly to the Internet.
Then, to take advantage of the Internet -based connection vs. Legacy MPL, we were able to perform intermediate stages and reconstruct the network. “On average, we’ve increased speed by 10-20 times, reducing the waiting time with the Critical SaaS app and reducing more than four times. [from network changes] I’ve already achieved more than $ 6.5 million. ”Philips mentioned the project.
VB: Did you actually decrease security noise as much as a tremendous factor when you go to zero trust?
Philips: The big reason is that the Internet traffic is now passing through the Security Service Edge (SSE) by preventing the entire SSL test, sandbox and data loss. Zscaler is a co -worker MicrosoftTherefore, the Office 365 traffic is faster and more secure. The user did not try to bypass the control because the performance was improved. After the SSL test was rejected as an on -frame equipment, the cloud proxy did not provide nov access to the spy for the data itself, so it was legally approved to decipher the SSL traffic. In other words, the malware hidden in the encrypted stream began to be caught. ~ Before Press the end point. In short, we reduced the attack surface and allowed the traffic to flow freely. If the threat decreases, the warning will be reduced overall.
John McLeod, the seesaw of November, “Models around the old network do not work in the hybrid world.” And I needed an ID -centered cloud security stack. Routing all enterprise traffic through the cloud security layer (separate dangerous web sessions through tools such as ZERO Trust Browser in ZSCALER), nov dramatically reduces invasion attempts. This comprehensive inspection function allows you to discover and stop the threats that slipped in November.
VB: At first, did you have unexpected benefits to adopt an unexpected zero trust?
Alex Philips: Yes. Our users have actually preferred the experience of cloud -based zero more than the legacy VPN client, so adoption was simple and provided unprecedented agility for mobility, arguments and the “Black SWAN event”. For example, if you record a covid-19 hit, NOV is already ready! If all 27,500 users need to work remotely, they told the leadership team if they can handle the IT system. My leadership was stunned and our company continued to go forward without missing the beat.
VB: Identity -based attacks are increasing. We have mentioned tremendous statistics on theft of credentials. How does NOV strengthen your identity and access management?
PhilipsThe attacker knows that it is easier to log in with a stolen credentials than to delete the malware. According to a recent threat report, 79%of the attacks for the initial approach in 2024 have no malicious code because they rely on stolen credentials, AI driving phishing and deep sea fraud. Last year, one of the three cloud invasion was associated with valid credentials. We strengthened our status policy to make this tactics more difficult.
For example, we integrated the zscaler platform. OKTA Identification and conditional access inspection. Our conditional access policy confirms that we have the device. Sentinelone Add an additional viral vaccine preparation, additional posture test before giving access to access. In addition, we have greatly limited people who can perform password or MFA reset. Single managers should not only bypass authentication control. Such job separation prevents the internal or damaged account from simply taking off our protection.
VB: I mentioned the gap even after disabling the user account. Can you explain?
Philips: If you detect and disable the damaged user account, you have found that the attacker’s session token can still be activated. Resetting your password is not enough. To truly start invaders, you need to cancel the session token. We have partnerships with startups and are making almost real -time token invalid solutions for the most commonly used resources. In essence, we want to make the stolen tokens useless in a few seconds. The Zero Trust Architecture is helpful because everything is re -involved through a surrogate or identity provider and provides a single choke point for canceling tokens worldwide. That way, even if an attacker holds a VPN cookie or cloud session, it cannot move to the side when the token is quickly killed.
VB: How do you secure your identity in November?
Philips: We perform MFA (Multi-Factor Certification) almost everywhere and monitor abnormal approach patterns. OKTA, ZSCALER and SENTINELONE form a identity -centered security boundary where each login and device posture are constantly verified. Even if someone steals the user password, it still faces the risk of device inspection, MFA problem, conditional access rules and instant sessions. Resetting your password is not enough. To stop the side movement, you need to cancel the session token immediately. The philosophy supports NOV’s identity threat defense strategy.
VB: You were also an early adopter of AI in cyber security. How do I use AI and generated models in SOC?
Philips: We have a relatively small security team for global footprints, so we need to work smarter. One way is to bring the AI ”colleague” to the Security Operation Center (SOC). We have partnered with Sentinelone and began to use AI Security Analyst tools (AI to create and run query through logs at a mechanical speed). It was a game changer so that analysts could ask questions in general English and get an answer in a few seconds. Instead of manually producing SQL queries, AI has a drop time to suggest the next query or automatically generate a report.
We have seen a successful case of using AI assistants to perform up to 80% faster threat hunting. According to Microsoft’s own data, adding a creation AI can reduce the average resolution time of the accident by 30%. In addition to suppliers, we are experimenting with internal AI bots for operational analysis. Openai Basic AI model that helps non -technical employees to query data quickly. Of course, we have a Data Protection Guardrails installed, so these AI solutions do not leak sensitive information.
VB: Cyber security is no longer IT problem. How does NOV’s board of directors and management participate in cyber risks?
Philips: I prioritized bringing a board of directors to cyber trips. They do not need a deep technical minor, but we must understand our risk posture. For example, as the creation AI exploded, we briefed the initial advantages and dangers. This training is helpful when proposing control to prevent data leakage. There is already a adjustment of why you already need it.
The board of directors sees cyber security as a core business risk. They are briefed at all meetings, not only once a year. We even show how to convert the abstract threat into a practical decision point to show how the attack progresses. This leads to a strong downward support.
I point out to constantly strengthen the reality of cyber risk. Even if millions of people invest in cyber security programs, the risk is not completely removed. When is it when we have an event.
VB: Do you have the final advice on other CIOs and CISOs based on the journey of NOV?
Philips: First, recognize that security conversion and digital innovation are in progress. We could not move to the cloud or effectively move without trust, and the reduction of business costs helped to support security improvement. It was truly “victory, victory, victory.”
Second, focus on separation of identity and approach. No one must damage your security management. Small processes, such as requiring two people to change the MFA for executives or highly privileged IT staff, can interfere with malicious inner, mistakes and attackers.
Finally, take AI carefully and actively accept it. AI is already the reality of the attacker’s side. Well -implemented AI assistants can multiply the team’s defense, but must manage the risk of data leaks or inaccurate models. To create an AI injection “brain”, merge AI output with the team’s skills.
We know that threats continue to develop, but trust is helpful to provide zero trust, strong identity security, and now offering combat opportunities.
