NOV, the Fortune 500 oil and gas giant, is making significant strides in its cybersecurity transformation under the leadership of CIO Alex Philips. Embracing a Zero Trust architecture, strengthening identity defenses, and incorporating AI into security operations, NOV has seen remarkable results. The company has experienced a 35-fold decrease in security events, eradicated malware-related PC reimaging, and saved millions by eliminating legacy hardware systems.
In a recent interview with VentureBeat, Philips discussed how NOV achieved these outcomes using Zscaler’s Zero Trust platform, robust identity protections, and AI technology. With a global threat landscape where 79% of initial access attacks are malware-free and adversaries can escalate from breach to breakout in just 51 seconds, Philips emphasized the importance of keeping NOV’s board engaged on cybersecurity risks.
When NOV transitioned to a Zero Trust model, they saw a drastic reduction in security incidents and malware infections. By adopting an identity-driven architecture and leveraging Zscaler’s Zero Trust Exchange, NOV enhanced visibility, protection coverage, and efficiency. The company also revamped its network infrastructure, leading to increased speed, reduced latency, and substantial cost savings.
The implementation of a Security Service Edge (SSE) with SSL inspection, sandboxing, and data loss prevention played a crucial role in reducing security noise. By decrypting SSL traffic and routing all enterprise traffic through cloud security layers, NOV was able to detect and prevent threats more effectively, resulting in a significant decrease in incident volumes.
Unexpectedly, users at NOV preferred the cloud-based Zero Trust experience over traditional VPN clients, providing the company with enhanced agility and preparedness for unforeseen events like the COVID-19 pandemic. By fortifying identity and access management through integrations with platforms like Okta and SentinelOne, NOV has strengthened its defenses against credential theft and insider threats.
In response to the discovery of session token vulnerabilities after disabling compromised accounts, NOV is partnering with a startup to develop real-time token invalidation solutions. This proactive approach aims to render stolen tokens useless within seconds, further enhancing the company’s security posture.
As NOV continues its cybersecurity transformation journey, the company remains committed to staying ahead of evolving threats and protecting its critical assets. By embracing innovative technologies and best practices, NOV is setting a new standard for cybersecurity excellence in the oil and gas industry. In order to enhance security measures at NOV, we prioritize the quick revocation of VPN cookies and cloud sessions if they are compromised by attackers. This ensures that even if an attacker gains access to these tokens, they are unable to move laterally within our network.
Another key aspect of our identity security strategy at NOV is the enforcement of multi-factor authentication (MFA) across all platforms, along with continuous monitoring for any abnormal access patterns. By leveraging tools like Okta, Zscaler, and SentinelOne, we create a robust identity-driven security perimeter where each login and device posture is constantly verified. This multi-layered approach adds an extra layer of protection, even if a user’s password is compromised.
In addition to these measures, we have also embraced AI technology in our security operations center (SOC) to streamline threat detection and response. By utilizing AI security analyst tools like SentinelOne, our analysts can now ask complex questions in plain English and receive instant answers, significantly reducing our mean time to respond to potential threats. AI has proven to be a valuable asset in accelerating threat hunts and incident resolution, making our security operations more efficient.
Engaging our board and executives on cyber risk is another crucial aspect of our cybersecurity strategy. By providing regular updates and briefings on the latest cybersecurity trends and technologies, we ensure that our leadership is well-informed and aligned on our security initiatives. Conducting tabletop exercises with the board also helps to demonstrate the potential impact of cyber attacks and reinforces the importance of cybersecurity as a core business risk.
Based on our journey at NOV, we offer some advice for other CIOs and CISOs looking to enhance their cybersecurity posture. Firstly, recognize the importance of security transformation alongside digital transformation, as both are interconnected and mutually beneficial. Secondly, focus on implementing strong separation of duties in identity and access management to prevent security breaches. Lastly, embrace AI cautiously but proactively, as it can significantly enhance your security defenses when implemented correctly.
In conclusion, with a zero trust mindset, strong identity security measures, and the integration of AI technology, we believe that we are better equipped to combat evolving cyber threats and safeguard our organization’s critical assets. By continuously adapting and improving our security practices, we strive to stay ahead of cybercriminals and maintain a secure digital environment for our employees and stakeholders. The world of technology is ever-evolving, with new advancements being made every day. From artificial intelligence to virtual reality, there is no shortage of innovation in this field. One of the most recent developments in technology is the rise of augmented reality.
Augmented reality, or AR, is a technology that superimposes computer-generated images onto the user’s view of the real world. This technology has been around for a while, but recent advancements have made it more accessible and user-friendly than ever before. AR can be experienced through special glasses, smartphones, or other devices, allowing users to interact with digital elements in their physical environment.
One of the most popular uses of augmented reality is in gaming. Apps like Pokemon Go have taken the world by storm, allowing players to catch virtual creatures in the real world. This type of immersive gaming experience has captured the imagination of millions of people and is just one example of how AR can be used to enhance entertainment.
But augmented reality is not just limited to gaming. It has also been used in various industries, including retail, healthcare, and education. For example, in retail, AR can be used to provide customers with a virtual try-on experience, allowing them to see how clothing or accessories will look on them before making a purchase. In healthcare, AR can be used to assist doctors in performing surgeries or training medical students. And in education, AR can be used to create interactive learning experiences that engage students in new and exciting ways.
The potential applications of augmented reality are endless, and as the technology continues to evolve, we can expect to see even more innovative uses in the future. Whether it’s enhancing entertainment, improving productivity, or revolutionizing how we learn, AR has the power to transform the way we interact with the world around us.
In conclusion, augmented reality is a groundbreaking technology that is changing the way we experience the world. With its ability to superimpose digital elements onto our physical environment, AR has the potential to revolutionize industries and enhance our everyday lives. As this technology continues to advance, we can only imagine the incredible possibilities that lie ahead.
