Cio Nov Ai and Zero Trust installation to reduce threats by 35x

National Oilwell Varco (November) is subject to the complete transformation of cybersecurity under Cio Alex Philips, where it embraces zero confidence, and to enhance identity defenses and prove artificial intelligence in security operations. While the trip is incomplete, the results, through all accounts, are exciting – a 35 times a decrease in security eventsEliminate computers associated with harmful programs and millions preserved by canceling the old “hell” devices.

Venturebeat recently sat (actually) in this in -depth interview where Philips details how Nov has achieved these results with ZscalerZero Trust, aggressive identity protection, and AI, “worker” for the Agency for its security team.

He also shares how it maintains the participation of the November Council in the dangers of the Internet amid a global scene of the threat 79 % From attacks to initial access free of malware, opponents can move from breach to exit less than just 51 seconds.

Here are excerpts from the last Philips interview with Venturebeat:

Venturebeat: Alex, November “All In” on Zero Trust several years ago – what are the outstanding gains?

Alex Phillips: When we started, we were a traditional model of the castle and the missing that was not keeping up with. We did not know what Zero Trust, we just knew that we needed identity and conditional access at the heart of everything. Our journey began to adopt an identity -based structure in Zscale’s Zero Trust and changed everything. Our vision and protection coverage increased significantly while taking 35x reduction in the number of security accidents. Before, our team was chasing thousands of incidents of harmful programs; Now, it’s a small part of it. We have also moved from the re -clarification of about 100 machines with harmful programs almost every month. This provided a great deal of time and money. Since the solution depends on the cloud, Hell device He went, as I would like to say.

Zero Trust now gives 27,500 November users and a policy -based third parties to thousands of internal applications, all without exposing these applications directly to the Internet.

We were then able to take a temporary step and restore our network to take advantage of the online existing connection for an expensive MPLS. “On average, we increased the speed by 10-20X, lowered the time access time to the critical Saas applications, and lowered the cost by more than 4X … and has achieved annual savings (from network changes) more than $ 6.5 million,” Philips noticed the project.

VB: How did the transformation into zero trusted already turned into a reduction in safety noise through such a huge factor?

Philips: A great reason is that our internet traffic now passes through the edge of the SSE service with a full SSL examination, sand box, and data loss prevention. Zscaler peers directly with MicrosoftSo the Office 365 traffic has become faster and safer – users have stopped trying to overcome controls because performance improves. After refusing an SSL examination through local equipment, we finally obtained legal approval to decipher the SSL traffic because the cloud agent does not allow access to spying on the same data. This means that harmful programs are hiding in encrypted flows, starting to fall before Hit the end points. In short, we shrinked the surface of the attack and let us flow good traffic freely. Less threats in general alerts in general.

John McCloid, CISO in November, agreed that “The old network ocean model does not work in a hybrid world” And that there is a need for a cloud safety pile around the identity. By directing all the traffic of the institutions through the cloud safety layers (and even isolating risky web sessions through tools such as Zscale’s Zero Trust), Nov has reduced attempts to infiltrate significantly. This comprehensive inspection capacity is what enabled November to discover the threats that have previously decreased, which led to a 35x accident.

VB: Are there any unexpected benefits to adopt zero confidence that you did not expect at first?

Alex Phillips: Yes, our users have already preferred the Zero Trust experience based on the group of cores over the old VPN customers, so the adoption was simple and gave us the unprecedented light movement to move and acquire and even what we would like to call “black swan events.” For example, when hit Covid-19, November was already prepared! I told my leadership team if all of our 27,500 users need to work remotely, can be treated by our information technology systems. I surprised my leadership and our company continued to move forward without losing any rhythm.

VB: Identity-based attacks are highly high-amazing statistics on theft of accreditation data. How is identity management and access to November?

PhilipsThe attackers know that it is easier to log in using stolen credit data from dropping malware. In fact, 79 % of the initially accessible attacks in 2024 were free of malware, relying on stolen credentials, hunting and artificial intelligence, and deep fraud, according to recent threat reports. One in three cloud interventions last year included valid credentials. We have tightened identity policies to make these tactics more difficult.

For example, we merged our ZSCaler platform with Octa For ID checks and conditional access. Our conditional access policies are checking our devices our own Guardian Anti -virus agent works before granting access, with an additional check to the situation. We have also greatly restricted those who can perform the password or reset MFA. No one official should be able to overcome the authentication control items alone. This separation of duties prevents an interior or exhibition account from just stopping our protection.

VB: I mentioned the finding of a gap even after the user account is disabled. Can you explain?

Philips: We discovered that if you discover the user account at risk, the attacker’s session symbols may remain active. It is not enough to reset passwords; You should cancel the distinctive symbols of the session to really expel the intruder. We are cooperating with a starting start to create a distinctive symbol null solution solutions for the most used resources. Basically, we want to make a useful, useful symbol within seconds. Zero Trust’s structure helps because everything is reformulated through an agent or identity supply, which gives us one strangulation point to cancel the world levels. In this way, even if the attacker acquires a VPN cookie or a cloud session, they will not be able to move sideways because we will kill this distinctive symbol.

VB: How can you secure identities in November?

PhilipsWe impose a multi -factor authentication (MFA) almost everywhere and monitor abnormal access patterns. OKTA, ZSCaler and Sentinelone together form a safe environment that is moved by identity where all login and device are continuously verified. Even if someone steals the user password, he still faces device checks, MFA challenges, conditional access rules, and the risk of immediately canceling the session if anything appears. Reconsting the password is no longer enough – we must immediately cancel the symbols of the session to stop the side movement. This philosophy supports the strategy of defending the November identity threat.

VB: I was also early of artificial intelligence in cybersecurity. How is artificial intelligence and obstetric models use in SOC?

PhilipsWe have a relatively small safety team for our global program, so we must work more intelligent. One of the methods is to bring in the artificial “co -workers” to our security center (SOC). We have made a partnership with Sentinelone and began to use an artificial intelligence safety analyst – of artificial intelligence that can write and operate queries through our records quickly. It was a changing games, allowing analysts to ask a regular English questions and get answers in seconds. Instead of manually drafting SQL Information, artificial intelligence suggests the following inquiries or even has a report, which dropped our average time to respond.

We have seen success stories where threat hunting is performed by up to 80 % using artificial intelligence assistants. Microsoft’s private data shows that adding gym artificial intelligence can reduce the intermediate accident time to 30 %. Beyond the sellers tools, we also try the internal AI robots for operational analyzes, using Openai Amnesty International Constituent Organization for Assisting Non -Technical Employees Inquires quickly. Of course, we have handrails to protect the applicable data so that artificial intelligence solutions do not leak this sensitive information.

VB: Cyber ​​security is no longer just a problem with IT. How can you involve the November and Executive Directors Board of Directors of the Internet dangers?

Philips: It has made the priority of bringing our board of directors on our electronic journey. They do not need a deep technology minutiae, but they need to understand our risk. With the explosion of obstetric intelligence, for example, they briefed them on both the advantages and risks early. This education helps when I suggest controls to prevent data leakage – there is already an agreement on the reason for this.

The Board of Directors views cybersecurity as basic commercial risks now. They have been informed of it at every meeting, not only once a year. We have even played table exercises with them to show how the attack will play, and to turn abstract threats into concrete decision points. This leads to stronger support from top to bottom.

I make it a point to constantly enhance the reality of electronic risks. Even with millions of investment in our cybersecurity program, the risks are never canceled. Not if we have an accident, but when.

VB: What is the final advice, based on the November trip, to accumulate other physics and multiple armed forces communications?

PhilipsFirst, I realize that the security transformation and digital transformation are walking side by side. We could not move to the cloud or enabled work effectively without zero confidence, and savings helped work to finance security improvements. It was really “winning, winning, winning.”

Second, focus on separating duties in identity and arrival. No person should be able to undermine your safety controls – including yourself. Small process changes such as two people’s claim to change MFA for EXEC and very distinguished IT employees, can be thwarted by malicious, errors and attackers.

Finally, artificial intelligence embraced carefully but proactatively. Artificial intelligence is already a fact on the attacker side. The AI, which is well implemented, can double the defense of your team, but you must manage the risk of data leakage or inaccurate models. Be sure to combine artificial intelligence with your team’s skill to create an artificial intelligence “brain”.

We know that threats continue to develop, but with zero confidence, strong identity security and now Amnesty International, it helps us give us an opportunity to fight.