Identity as the new perimeter: National Oilwell Varco’s approach to stopping the 79% of attacks that are malware-free

National Petroleum Verco (NOV) is undergoing a thorough cybersecurity transformation under CIO Alex Philips, adopting a zero-trust architecture that strengthens identity defenses and injects AI into secure operations. Although the journey has not been completed, in short, the result is dramatic – Security incidents drop 35 timeseliminating malware-related PC reimaging and millions of legacy “device hell” hardware saved millions of dollars.

VentureBeat recently (actually) sat down for this in-depth interview, and Phillips details how these results were achieved in November ZScalerZero Trust Platform, Active Identity Protection and Generative AI “College” of its Security Team.

He also shares how he maintains the cyber risks of Norville’s board of directors in a global threat landscape 79% Attacks that gain initial access are malware-free, and opponents can move from violations to small amounts of outbreaks 51 seconds.

Here is an excerpt from Philips’ recent interview with VentureBeat:

VentureBeat: Alex, November, a few years ago Zero Trust “Go to the Whole” – What is the Outstanding Achievement?

Alex Philips: When we started, we were a traditional castle model that couldn’t keep up. We don’t know what zero trust is, we just know that we need identity and conditional access in the core of everything. Our journey began with an identity-driven building with zero trust exchange for Zscaler and changed everything. Our visibility and protection range have increased dramatically, while reducing the number of security incidents by 35 times. Previously, our team was chasing thousands of malware incidents. Now, that’s just a small part of it. We also have gone from reinstating about 100 malware-infected machines every month to almost zero now. This saves a lot of time and money. And since the solution is cloud-based, Equipment hell Leaving like I wanted to say.

The zero trust approach now gives 27,500 November users and third parties access to thousands of internal applications based on policy, without having to directly propagate those applications directly to the Internet.

We were then able to take temporary steps and restructure our network to leverage an Internet-based connection with the old expensive MPL. “On average, we’ve increased our speed by 10-20 times, reducing latency for critical SaaS applications and cutting costs by more than 4 times… Annual savings [from network changes] Philips noted that the project has reached $6.5 million.

VB: How does the way to move to zero trust actually reduce such a huge factor?

Philips: An important reason is that our Internet traffic is now through SSL checking, sandboxing and Secure Service Edge (SSE) to prevent data loss. ZScaler directly with Microsoftso Office 365 traffic becomes faster and safer – users stop trying to bypass the controls because performance is improved. After denying SSL checks with a local device, we finally got legal approval to decrypt SSL traffic because the cloud agent did not allow spies to access the data itself. This means that malware hidden in the encrypted stream begins to capture forward Hit the endpoint. In short, we narrowed the attack surface and allowed good traffic to flow freely. Less threats mean fewer alerts overall.

John McLeod “Old network peripheral models don’t work in a hybrid world” And requires an identity-centric cloud security stack. By routing all enterprise traffic through the cloud security layer (even isolating risky web sessions through tools like Zscaler’s zero-trust browser), Nov will significantly reduce intrusion attempts. This comprehensive inspection capability allows November to detect and stop threats and previously slipped past, reducing the number of incidents by 35 times.

VB: Are there any unforeseen benefits that you didn’t expect at first to adopt zero trust?

Alex Philips: Yes, our users actually prefer cloud-based zero-trust experiences over traditional VPN clients, so adoption is simple and provides us with unprecedented mobility, acquisitions, and even the agility we like to call “Black Swan Events.” For example, when Covid-19 hits, November is ready! I told my leadership team that if all 27,500 of our users need to work remotely, our IT systems can handle it. My leadership was stunned and our company kept moving forward without losing any blow.

VB: Identity-based attacks are on the rise – you mentioned amazing statistics about certificate theft. How to strengthen identity and access management in November?

Philips: Attackers know that it is easier to log in with stolen credentials than to discard malware. In fact, 79% of attacks are free of malware based on stolen credentials, AI-powered phishing and Deepfake scams, according to recent threat reports. Last year, one-third of cloud intrusions involved valid certificates. We have tightened our identity policies to make these strategies more difficult.

For example, we will use Zscaler platform with Okta Used for identity and conditional access checks. Our conditional access policy verification device has our sentinel Add additional pose checks to run the antivirus agent before granting access. We also limit who can perform password or MFA reset. No administrator should be able to bypass the authentication control alone. This separation of duties prevents insider or compromised accounts from simply turning off our protection.

VB: You mentioned that even after disabling the user account, you found the gap. Can you explain it?

Philips: We found that if you detect and disable a traded user account, the attacker’s session token may still be active. The reset password is insufficient; you have to revoke the meeting token to actually kick out an intruder. We are working with a startup to create near-real-time token invalid solutions for our most commonly used resources. Essentially, we want to make the stolen token useless in seconds. Zero trust architecture helps because everything is reverified through a proxy or identity provider, giving us a single barrier to canceling tokens around the world. This way, even if the attacker catches the VPN cookie or cloud session, they cannot move sideways because we will kill the token quickly.

VB: How else did you get your identity in November?

Philips: We perform multifactor authentication (MFA) almost everywhere and monitor exception access patterns. OKTA, ZSCALER and SENTINELONE together form an identity-driven security range, with each login and device pose being continuously verified. Even if someone steals the user’s password, they still face the risk of device checks, MFA challenges, conditional access rules, and instant session revocation if there is any possibility to close. Resetting the password is no longer enough – we must immediately revoke the session token to stop the lateral movement. This philosophy is based on North’s Identity Threat Defense Strategy.

VB: You were also an early adopter of AI cybersecurity. How does Nov leverage AI and generative models in SOC?

Philips: Our global footprint has a relatively small security team, so we have to work smarter. One way is to bring AI “colleagues” to our Security Operations Center (SOC). We partnered with Sentinelone to start using its AI security analyst tool – AI can write and run queries on our logs at machine speed. It’s a game-changer that allows analysts to ask questions in simple English and get answers in seconds. Instead of making SQL queries manually, the AI ​​suggests that the next query even generates a report automatically, which makes our average response time discarded.

We have seen success stories where using AI assistants can quickly perform threat hunting at up to 80%. Microsoft’s own data shows that adding generative AI can reduce the average resolution of events by 30%. In addition to supplier tools, we also use internal AI robots for operational analysis, using Openai The basic AI model can help non-technical personnel to quickly query data. Of course, we have data protection guardrails, so these AI solutions do not leak sensitive information.

VB: Network security is no longer just an IT issue. How do you relate to the board of directors and executives in Norville?

Philips: It is a priority for me to bring the board to our online journey. They don’t need deep technical details, but they do need to understand our risk posture. For example, with the generated AI explosion, I briefed them on the advantages and risks early on. This kind of education helps when I propose control controls to prevent data leakage – already tweaking why it is necessary.

The board of directors regards cybersecurity as its core business risk now. They briefly covered this at each meeting, not just once a year. We even do desktop exercises with them to show how attacks will work, turning abstract threats into tangible decision points. This will lead to stronger top-down support.

I think the reality of constantly increasing the risk of the network is a key point. Even if millions of dollars are invested in our cybersecurity program, the risks will never be completely eliminated. It’s not about events that happen to us, but when.

VB: Final advice for other CIOs and CISOs, are there any other suggestions there?

Philips: First, realize that safe conversion and digital conversion go hand in hand. Without zero trust, we can’t move to the cloud and enable remote work effectively, and business cost savings help fund security improvements. This is indeed “victory, victory, victory”.

Second, focus on the separation of responsibilities in identity and visits. No one should be able to break your security controls – including individuals. Small process changes, such as requiring two people to change the MFA of executives or highly privileged IT employees, will foil malicious insiders, bugs and attackers.

Finally, embrace AI carefully but proactively. AI is already an attacker’s reality. A good AI assistant can increase the team’s defense, but you have to manage the risk of data leakage or inaccurate models. Make sure to merge AI output with team skills to create an AI-injected “brain”.

We know that threats are evolving, but thanks to zero trust, strong identity security, and now AI, this helps us provide us with opportunities to fight.