National Oilwell Varco (NOV) is making significant strides in its cybersecurity transformation under the leadership of CIO Alex Philips. Embracing a Zero Trust architecture, strengthening identity defenses, and incorporating AI into security operations, NOV has seen remarkable results. With a 35-fold decrease in security events, the elimination of malware-related PC reimaging, and substantial cost savings from scrapping legacy hardware, the impact of these changes is undeniable.
In a recent interview with VentureBeat, Philips shared insights into how NOV achieved these outcomes using Zscaler’s Zero Trust platform, robust identity protections, and AI technology. As cyber threats continue to evolve, with 79% of attacks being malware-free and adversaries moving swiftly from breach to breakout, Philips emphasized the importance of keeping NOV’s board engaged on cyber risk.
NOV’s transition to a Zero Trust model has revolutionized its approach to cybersecurity. By implementing an identity-driven architecture on Zscaler’s Zero Trust Exchange, the company has seen a significant reduction in security incidents and malware infections. The shift to a cloud-based solution has eliminated the need for legacy hardware, resulting in improved speed, reduced latency, and substantial cost savings.
The implementation of a Security Service Edge with full SSL inspection, sandboxing, and data loss prevention has further enhanced NOV’s security posture. By routing all enterprise traffic through cloud security layers, the company has been able to identify and stop threats that previously went undetected, leading to a substantial decrease in security alerts.
One unexpected benefit of adopting Zero Trust was the positive response from users, who preferred the cloud-based experience over legacy VPN clients. This increased agility and preparedness for events like COVID-19, enabling NOV to seamlessly transition to remote work without disruption.
In response to the rise in identity-based attacks, NOV has strengthened its identity and access management policies. By integrating with platforms like Okta for identity verification and conditional access checks, and SentinelOne for antivirus checks, the company has bolstered its defenses against credential theft and unauthorized access.
Looking ahead, NOV is exploring solutions to address gaps in account security, such as revoking session tokens to prevent unauthorized access even after an account has been disabled. By partnering with startups to develop real-time token invalidation solutions, NOV aims to further enhance its security measures and protect its most critical resources.
In conclusion, NOV’s cybersecurity transformation under Alex Philips’ leadership demonstrates the power of a Zero Trust approach in enhancing security, reducing risk, and enabling business continuity in the face of evolving cyber threats. By leveraging innovative technologies and proactive security measures, NOV is setting a new standard for cybersecurity excellence in the industry. In today’s digital age, securing identities and data is more crucial than ever before. At NOV, we have implemented a comprehensive security strategy to protect our systems and information from potential threats. One key aspect of our approach is the use of VPN cookies and cloud sessions that are constantly monitored and revoked if any suspicious activity is detected. This ensures that even if an attacker manages to grab a token, they will not be able to move laterally within our network.
In addition to VPN and cloud session security, we enforce multi-factor authentication (MFA) across all our systems and devices. This extra layer of security helps prevent unauthorized access even if a user’s password is compromised. Our partnership with Okta, Zscaler, and SentinelOne allows us to continuously verify login credentials and device posture, adding another level of protection to our identity-driven security perimeter.
Moreover, we have embraced AI technology in our cybersecurity operations. By leveraging AI tools like SentinelOne’s AI security analyst, we have been able to streamline our threat detection and response processes. These AI assistants can analyze logs, run queries, and generate reports at machine speed, significantly reducing our mean time to respond to incidents. By incorporating AI into our SOC, we have seen threat hunts being performed up to 80% faster, leading to more efficient cybersecurity operations.
Engaging our board of directors and executives on cyber risk is also a top priority for us. We ensure that they are well-informed about the latest cybersecurity trends and risks, and we regularly conduct tabletop exercises to demonstrate the potential impact of a cyber attack. This proactive approach helps build strong top-down support for our cybersecurity initiatives.
Based on our experience at NOV, we have some advice for other CIOs and CISOs. Firstly, recognize the importance of security transformation in tandem with digital transformation. Implementing Zero Trust principles has allowed us to securely transition to the cloud and enable remote work effectively. Secondly, focus on the separation of duties in identity and access management to prevent security breaches. Finally, embrace AI cautiously but proactively, as it can enhance your team’s defense capabilities against evolving threats.
In conclusion, with a combination of zero trust principles, strong identity security measures, and AI technology, we are better equipped to defend against cyber threats and protect our organization’s assets. By staying vigilant and continuously improving our security practices, we can mitigate risks and secure our digital infrastructure effectively.
