Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More<\/em><\/p>\n\n\n\n National Oilwell Varco (NOV) is undergoing a sweeping cybersecurity transformation under CIO Alex Philips, embracing a Zero Trust architecture, strengthening identity defenses and infusing AI into security operations. While the journey is not complete, the results, by all accounts, are dramatic \u2013 a 35-fold drop in security events, the elimination of malware-related PC reimaging and millions saved by scrapping legacy \u201cappliance hell\u201d hardware.<\/p>\n\n\n\n VentureBeat recently sat down (virtually) for this in-depth interview where Philips details how NOV achieved these outcomes with Zscaler\u2019s Zero Trust platform, aggressive identity protections and a generative AI \u201cco-worker\u201d for its security team.<\/p>\n\n\n\n He also shares how he keeps NOV\u2019s board engaged on cyber risk amid a global threat landscape where\u00a079%\u00a0of attacks to gain initial access are malware-free, and adversaries can move from breach to break out in as little as\u00a051 seconds.<\/span><\/p>\n\n\n\n Below are excerpts of Philips\u2019 recent interview with VentureBeat:<\/p>\n\n\n\n VentureBeat: Alex, NOV went \u201call in\u201d on Zero Trust a number of years ago \u2013 what were the standout gains?<\/strong><\/p>\n\n\n\n Alex Philips:<\/strong> When we started, we were a traditional castle-and-moat model that wasn\u2019t keeping up. We didn\u2019t know what Zero Trust was, we just knew that we needed identity and conditional access at the core of everything. Our journey began by adopting an identity-driven architecture on Zscaler\u2019s Zero Trust Exchange and it changed everything. Our visibility and protection coverage dramatically increased while simultaneously experiencing a 35x reduction in the number of security incidents. Before, our team was chasing thousands of malware incidents; now, it\u2019s a tiny fraction of that. We also went from reimaging about 100 malware-infected machines each month to virtually zero now. That\u2019s saved a considerable amount of time and money. And since the solution is cloud-based, Appliance hell is gone, as I like to say.<\/p>\n\n\n\n The zero trust approach now gives 27,500 NOV users and third parties policy-based access to thousands of internal applications, all without exposing those apps directly to the internet.<\/p>\n\n\n\n We were then able to take an interim step and re-architect our network to take advantage of internet-based connectivity vs. legacy expensive MPLS. \u201cOn average, we increased speed by 10\u201320x, reduced latency to critical SaaS apps, and slashed cost by over 4x\u2026 Annualized savings [from network changes] have already achieved over $6.5M,\u201d Philips has noted of the project.<\/p>\n\n\n\n VB: How did shifting to zero trust actually reduce the security noise by such an enormous factor?<\/strong><\/p>\n\n\n\n Philips:<\/strong> A big reason is that our internet traffic now goes through a Security Service Edge (SSE) with full SSL inspection, sandboxing, and data loss prevention. Zscaler peers directly with Microsoft, so Office 365 traffic got faster and safer \u2013 users stopped trying to bypass controls because performance improved. After being denied SSL inspection with on-prem equipment, we finally got legal approval to decrypt SSL traffic since the cloud proxy does not give NOV access to spy on the data itself. That means malware hiding in encrypted streams started getting caught before<\/em> hitting endpoints. In short, we shrunk the attack surface and let good traffic flow freely. Fewer threats in meant fewer alerts overall.<\/p>\n\n\n\n John McLeod, NOV\u2019s CISO, concurred that the \u201cold network perimeter model doesn\u2019t work in a hybrid world\u201d<\/em> and that an identity-centric cloud security stack was needed. By routing all enterprise traffic through cloud security layers (and even isolating risky web sessions via tools like Zscaler\u2019s Zero Trust Browser), NOV dramatically cut down intrusion attempts. This comprehensive inspection capability is what enabled NOV to spot and stop threats that previously slipped through, slashing incident volumes by 35x.<\/p>\n\n\n\n VB: Were there any unforeseen benefits to adopting Zero Trust you didn\u2019t initially expect?<\/strong><\/p>\n\n\n\n Alex Philips<\/strong>: Yes, our users actually preferred the cloud-based Zero Trust experience over legacy VPN clients, so adoption was simple and gave us unprecedented agility for mobility, acquisitions, and even what we like to call \u201cBlack Swan Events\u201d. For example, when COVID-19 hit, NOV was already prepared! I told my leadership team if all 27,500 of our users needed to work remotely, our IT systems could handle it. My leadership was stunned and our company kept moving forward without missing a beat.<\/p>\n\n\n\n VB: Identity-based attacks are on the rise \u2013 you\u2019ve mentioned staggering stats about credential theft. How is NOV fortifying identity and access management?<\/strong><\/p>\n\n\n\n Philips<\/strong>: Attackers know it\u2019s often easier to log in with stolen credentials than to drop malware. In fact, 79% of attacks to gain initial access in 2024 were malware-free, relying on stolen credentials, AI-driven phishing, and deepfake scams, according to recent threat reports. One in three cloud intrusions last year involved valid credentials. We\u2019ve tightened identity policies to make those tactics harder.<\/p>\n\n\n\n For example, we integrated our Zscaler platform with Okta for identity and conditional access checks. Our conditional access policies verify devices have our SentinelOne antivirus agent running before granting access, adding an extra posture check. We\u2019ve also drastically limited who can perform password or MFA resets. No single admin should be able to bypass authentication controls alone. This separation of duties prevents an insider or compromised account from simply turning off our protections.<\/p>\n\n\n\n VB: You mentioned finding a gap even after disabling a user\u2019s account. Can you explain?<\/strong><\/p>\n\n\n\n Philips<\/strong>: We discovered that if you detect and disable a compromised user\u2019s account, the attacker\u2019s session tokens might still be active. It isn\u2019t enough to reset passwords; you have to revoke session tokens to truly kick out an intruder. We\u2019re partnering with a startup to create near real-time token invalidation solutions for our most commonly used resources. Essentially, we want to make a stolen token useless within seconds. A Zero Trust architecture helps because everything is re-authenticated through a proxy or identity provider, giving us a single choke point to cancel tokens globally. That way, even if an attacker grabs a VPN cookie or cloud session, they can\u2019t move laterally because we\u2019ll kill that token fast.<\/p>\n\n\n\n VB: How else are you securing identities at NOV?<\/strong><\/p>\n\n\n\n Philips<\/strong>: We enforce multi-factor authentication (MFA) almost everywhere and monitor for abnormal access patterns. Okta, Zscaler, and SentinelOne together form an identity-driven security perimeter where each login and device posture is continuously verified. Even if someone steals a user password, they still face device checks, MFA challenges, conditional access rules, and the risk of instant session revocation if anything seems off. Resetting a password isn\u2019t enough anymore \u2014 we must revoke session tokens instantly to stop lateral movement. That philosophy underpins NOV\u2019s identity threat defense strategy.<\/p>\n\n\n\n VB: You\u2019ve also been an early adopter of AI in cybersecurity. How is NOV leveraging AI and generative models in the SOC?<\/strong><\/p>\n\n\n\n Philips<\/strong>: We have a relatively small security team for our global footprint, so we must work smarter. One approach is bringing AI \u201cco-workers\u201d into our security operations center (SOC). We partnered with SentinelOne and started using their AI security analyst tool\u2014an AI that can write and run queries across our logs at machine speed. It\u2019s been a game changer, allowing analysts to ask questions in plain English and get answers in seconds. Instead of manually crafting SQL queries, the AI suggests the next query or even auto-generates a report, which has dropped our mean time to respond.<\/p>\n\n\n\n We\u2019ve seen success stories where threat hunts are performed up to 80% faster using AI assistants. Microsoft\u2019s own data shows that adding generative AI can reduce incident mean time to resolution by 30%. Beyond vendor tools, we\u2019re also experimenting with internal AI bots for operational analytics, using OpenAI foundational AI models to help non-technical staff quickly query data. Of course, we have data protection guardrails in place so these AI solutions don\u2019t leak sensitive information.<\/p>\n\n\n\n VB: Cybersecurity is no longer just an IT issue. How do you engage NOV\u2019s board and executives on cyber risk?<\/strong><\/p>\n\n\n\n Philips<\/strong>: I made it a priority to bring our board of directors along on our cyber journey. They don\u2019t need the deep technical minutiae, but they do need to understand our risk posture. With generative AI exploding, for example, I briefed them on both the advantages and risks early on. That education helps when I propose controls to prevent data leaks\u2014there\u2019s already alignment on why it\u2019s necessary.<\/p>\n\n\n\n The board views cybersecurity as a core business risk now. They\u2019re briefed on it at every meeting, not just once a year. We\u2019ve even run tabletop exercises with them to show how an attack would play out, turning abstract threats into tangible decision points. That leads to stronger top-down support.<\/p>\n\n\n\n I make it a point to constantly reinforce the reality of cyber risk. Even with millions invested in our cybersecurity program, the risk is never fully eliminated. It is not if we will have an incident, but when.<\/p>\n\n\n\n VB: Any final advice, based on NOV\u2019s journey, for other CIOs and CISOs out there?<\/strong><\/p>\n\n\n\n Philips<\/strong>: First, recognize that security transformation and digital transformation go hand in hand. We couldn\u2019t have moved to the cloud or enabled remote work so effectively without Zero Trust, and the business cost savings helped fund security improvements. It truly was a \u201cwin, win, win.\u201d<\/p>\n\n\n\n Second, focus on the separation of duties in identity and access. No one person should be able to undermine your security controls\u2014myself included. Small process changes like requiring two people to change MFA for an exec or highly privileged IT staff, can thwart malicious insiders, mistakes, and attackers.<\/p>\n\n\n\n Lastly, embrace AI carefully but proactively. AI is already a reality on the attacker side. A well-implemented AI assistant can multiply your team\u2019s defense, but you must manage the risks of data leakage or inaccurate models. Make sure to merge AI output with your team\u2019s skill to create an AI-infused \u201cbrAIn\u201d.<\/p>\n\n\n\n We know the threats keep evolving, but with zero trust, strong identity security and now AI on our side, it helps give us a fighting chance.<\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n