NOV Inc. Intelligently Boosts API Security

The Objective

NOV Inc. delivers technology-driven solutions to empower the global energy industry. One of the largest providers of equipment and services to the upstream oil and gas industry, the Houston-based multinational corporation has been pioneering innovations for more than 160 years, enabling its customers to safely produce abundant energy while minimizing environmental impact. 

As part of their digital transformation, NOV Inc. sought to establish an additional, strong security layer to properly authenticate, authorize and monitor access to approximately 140 APIs supporting customer, partner, and internal applications, as well as equipment control across the organization. Along with access control, they wanted visibility into all activity per user, the ability to track APIs and traffic globally for audits and governance, and to quickly and easily identify API abnormalities, misbehaviors and breaches.

The Challenge

Allowing rapid delivery and secure access to data to your apps through APIs presents significant security challenges. As a large corporation that has grown through acquisitions and evolved its infrastructure over the years, NOV Inc. has a huge legacy debt in the guise of a large ERP footprint, different ERP instances, data spread across multiple data lakes and data houses, and systems, applications and APIs in different data centers throughout the globe. The organization was using static threat checks to protect APIs, but the technique was neither completely secure nor easy to use and needed to be augmented with a self-learning system that can understand threats based on behavior. NOV Inc. also lacked comprehensive tracking for audit and forensic reports.

NOV Inc. was challenged to find a solution that seamlessly and securely supports their API needs with regards to both their legacy infrastructure and their newer infrastructures in the cloud, enabling them to centrally manage the lifecycle of an API so that the APIs can integrate into various digital delivery channels offered to customers and partners. In addition, NOV Inc. needed to be able to deploy and implement the solution with minimal effort on the part of its developers and digital integrators.

The Solution

NOV Inc. chose the powerful combination of PingIntelligence and Axway for APIs, an API security and governance solution that provides a unified view of API activity across the entire enterprise for centralized monitoring and reporting. In addition, PingIntelligence for APIs uses artificial intelligence to learn traffic behaviors to automatically detect and block threats to enhance an organization’s security posture. The “single pane of glass” allows NOV Inc. to centralize AI analytics for API activity across all data centers and clouds, enabling them to differentiate between good and bad traffic, catch bad API implementations, determine whether partners are abiding by agreements, and detect and block suspicious behaviors.

The corporation deployed PingIntellience for APIs in sideband integration with the Axway Amplify API Management Platform. The Axway solution offers a layer of API security through access control, rate limiting, and network privacy, while the Ping solution extends Axway’s API Gateway with an additional layer of AI-powered traffic tracking and security. The solution was deployed in an active/active high availability (HA) configuration across three data centers (two private data centers and one Equinix Data Center) and across two clouds, Azure and AWS. 

“Organizations should not take for granted that traditional API-protecting mechanisms will suffice for today's needs,” said Manoj Kona, Director of Corporate Middleware at NOV Inc. “In the past, we used security mechanisms like rate limiting and throttling to secure APIs. But those traditional mechanisms don't suffice. Without the self-learning AI platform to detect the behavior of your callers, you will not be implementing a full-fledged mature API security infrastructure.”