Desafíos
Migrate to a zero trust architecture, displace VPN technology, improve visibility and response, and speed M&A integration
Resultados
Reduces risk: detected and blocked 420,071 threats hidden in encrypted traffic in 90 days
Boosts detection and response: blocked 44.9M policy violations and 2.5M threats in three months
Improves user experience and performance with 2-3x faster access to web applications
Grants and secures policy-based user access to 500+ internal applications
Decreases time to value for mergers and acquisitions from months to days
Uses minimal resources to deploy Zscaler: a fraction of a full-time employee
Guaranteed Rate Snapshot
Guaranteed Rate is the second-largest retail mortgage lender in the United States, operating 500 branches across all 50 states. The company has simplified the loan process by restructuring the loan officer model and leveraging state-of-the-art technology, data, and communication technologies.
Sector:
Financial Services and Insurance
Sede central:
Headquartered in Chicago, IL
Size:
6,000+ employees across 500 branches nationwide
Historia de Éxito de Clientes
Zero trust consolidates security infrastructure and reduces risk for a fast-growing company
Guaranteed Rate transformed the lending industry by creating a customer-first model paired with advanced technology. As part of its goal to become the country’s number one mortgage lender, the company is taking steps toward adopting a cloud-first strategy. With over 500 branches offices nationwide, Guaranteed Rate was aware that its digitally distributed architecture increased the attack surface and made it more vulnerable to cyber risk.
The company recently embarked on a zero trust transformation that consolidated its security infrastructure to support accelerated growth. Three considerations drove the decision to adopt a zero trust architecture: partnering with an innovative industry-leading vendor, implementing a unified platform instead of point products, and achieving rapid time-to-value. The Zscaler Zero Trust Exchange met all these criteria.
“We needed a way to enable exponential business growth and transformation while simultaneously reducing our security risks and making the changes transparent to our users and borrowers. The Zscaler Zero Trust Exchange makes securing devices, people, and data much easier so we can focus on achieving our expansion targets,” said Darin Hurd, Chief Information Security Officer, Guaranteed Rate.
Security gaps and a shift to remote work prompt a security overhaul
Before the COVID-19 pandemic, Guaranteed Rate had a traditional on-premises infrastructure with most employees working on-site. Today, corporate employees and loan officers have flexibility to securely work from anywhere. The technology infrastructure currently consists of two hosted data centers and Amazon Web Services (AWS).
Guaranteed Rate is vigilant about protecting sensitive data and meeting stringent compliance mandates. Wire fraud is one ongoing concern. Hurd explained that the loan process requires sharing of sensitive data among clients, mortgage companies, borrowers, title companies, real estate agents, lawyers, and others. Bad actors target one of those entities and attempt to change the wiring instructions to route data or funds away from the intended recipient to their own systems or accounts.
“As we embarked on our cloud journey, we knew it was time to reevaluate our security architecture. Prior to our zero trust transformation, remote workers relied on VPN. We lacked an enterprise proxy to filter and inspect internet traffic—and that left the network vulnerable to malicious activity. Security technologies were inconsistent across the organization’s many branches, and management was time- and resource-intensive,” elaborated Hurd.
Securing internet traffic with an AI-driven threat detection engine
As the team began building out their zero trust strategy, they identified AI-powered technology as essential to their long-term goals. They quickly deployed Zscaler Internet Access (ZIA) to every device, allowing them to inspect all internet traffic for malicious encrypted content and utilize the AI-driven engine to identify and block threats.
Hurd recalls life before Zscaler: “I couldn't prevent users from attaching emails or data to their private email and exfiltrating that data. Nor could I block users from uploading sensitive data to Dropbox and Google Drive. Zscaler changed all that, preventing bad actors and insiders from exfiltrating our vital data.”
Using Zscaler’s URL filtering technology, his team sets policies to block traffic to potentially malicious and inappropriate websites as well as to countries the company doesn’t do business with. They utilize the AI-driven Zscaler Sandbox to quarantine unknown or suspicious files before they reach devices and users to prevent compromise. Zscaler Sandbox leverages machine learning and behavioral analysis to identify and detect zero-day threats by analyzing the behavior of files in a secure environment. Traditional signature-based methods, on the other hand, are often unable to recognize these emerging threats.
“We benefit greatly from the scale of its AI-driven malware protection. It’s important to partner with companies that lead the way in innovation—and that’s what Zscaler brings to the table,” said Hurd.
Enhancing the user experience across all locations
Loan officers are often on the road and need to access internal applications, such as proprietary loan origination systems, to finalize home loans. The legacy VPN technology resulted in application downtime, login friction, sluggish onboarding processes, and excessive permissions. These constant problems frustrated users and impacted their productivity.
Soon after the ZIA deployment, Hurd’s team rolled out Zscaler Private Access (ZPA) for secure, seamless, and faster access to the more than 500 private applications residing in data centers and on AWS. This dramatically improved the user experience and protection, as did a simpler login process.
“Zscaler made access to applications snappier for our users, since we don’t have to backhaul traffic to our data centers. And response time is two to three times faster for web applications,” noted Hurd.
Integration with CrowdStrike enriches threat intelligence
Prior to deploying ZIA, Guaranteed Rate had deployed Crowdstrike to all endpoints. By leveraging the Zscaler with CrowdStrike integration, they have a robust end-to-end solution that checks all the boxes: threat intelligence enrichment, risk reduction, improved user experience, and operational efficiency.
“With the Zscaler-CrowdStrike integration, we are looking forward to real-time posture assessments for all devices. The CrowdStrike posture score will be fed to Zscaler live. If that score drops below a specified threshold, we can contain the device and investigate the issue more thoroughly,” said Hurd.
Threat intelligence enrichment flows in both directions, bringing increased awareness to device activity. The integrated solution monitors indicators of compromise, blocks lateral movement of threats, and executes incident response tasks more quickly.
Zscaler also shares log files with CrowdStrike. The combined visibility containing telemetry from endpoints, networks, and cloud applications provide better visibility to potential threats and security events. The security team uses a pre-built Zscaler dashboard to view log data and detect anomalies to pinpoint issues and accelerate investigations.
“Before Zscaler, multiple team members were needed to manage an overly complicated security technology stack. Today, that job is done by fewer resources: a fraction of a person’s time is spent managing CrowdStrike and Zscaler,” asserted Hurd. “Zscaler has helped us more efficiently allocate resources to reduce risk. As part of a lean team, I can’t stress enough how big of an impact that has on our operations,” said Hurd.
Seamless integrations with AWS and Okta reduce risk and boost user satisfaction
To further consolidate its infrastructure around zero trust, Hurd and his team leverage integrations with AWS and Okta. Now, Zscaler securely connects users directly to applications and workloads on AWS—without having to pass through a data center and without putting users on the corporate network. This minimizes the attack surface, eliminates the risk of lateral threat movement, protects data, and provides a low-latency user experience.
The Zscaler-Okta integration provides seamless authentication for an improved user experience, as well as automated provisioning and deprovisioning of users and groups via the system for cross-domain identity management (SCIM) integration, to ensure real-time enforcement of zero trust policies.
Security Assertion Markup Language (SAML) integration has improved the user login experience. “Now, users just log in once a week, instead of multiple times a day,” said Hurd. “To make it even easier, we will soon be rolling out passwordless authentication for laptops. This means less friction for the user when they access the 500-plus applications that we have under single sign-on.”
Zscaler and Okta also streamline the onboarding process for M&A transactions, regardless of the identity provider of an acquired company, to enable faster time to value following an acquisition.
Zero trust shows demonstrable benefits
Since deploying Zscaler, Guaranteed Rate has seen significant improvements in its risk profile. Zscaler’s full TLS/SSL inspection detected and blocked 420,071 threats hidden in encrypted traffic in just 90 days. It has also boosted threat detection and response, preventing 44.9 million policy violations and stopping 2.5 million security threats in three months.
Hurd also pointed out that Zscaler helps identify and block wire fraud attempts. “With Zscaler, we find the original email that the borrower received and check that against any indicators of compromise matching communication with the borrower. In the past, there was no way we could seamlessly and efficiently do that,” said Hurd.
Other security benefits derived from the Zero Trust Exchange, such as microsegmentation, and role- and policy-based application access, are helping the security team do more with less.
Building on zero trust defenses
Hurd currently uses Zscaler Digital Experience (ZDX) to monitor the user experience, identify connectivity and application issues, and resolve support tickets faster. He plans to expand use of ZDX in the near future.
“What I like about ZDX is that it gives us real-time insight into network, application, and device performance issues from a single dashboard,” he explained. “Armed with these insights, our help desk team reduces mean time to resolution by quickly identifying bottlenecks.”
Additionally, the security team utilizes Zscaler Risk360 to identify potential exposure areas in order to help prioritize remediation efforts and manage risk overall.
“The visibility Zscaler provides lets us be more focused on where we spend our time so we address and reduce the most pressing cyber risks,” said Hurd.
He further observed: "There's no shortage of things to do and, ultimately, we have a limited set of resources to work on a growing set of challenges—and not all of those challenges and risks are equal. Risk360 helps us target where we spend our time so we’re more efficient and effective in addressing the most important risks.”
ZDX and Risk360, part of the AI-powered Zscaler Business Analytics portfolio, provide Hurd with the latest real-time data from the company’s entire infrastructure, enabling his team to generate actionable insights that help lower risk, improve the user experience, and optimize SaaS spend and office utilization.
Hurd also recently tested Zscaler Deception, which uses endpoint lures and decoy applications, servers, users, or enterprise resources to silently detect threats and attacker activity. “We’re excited about putting in more ‘canary objects’ as bait to detect the presence of an attacker—whether it’s files, processes, fake applications—to see what they might catch,” said Hurd.
Zscaler standardizes security for M&A activity
Guaranteed Rate operates 13 companies, among them several joint ventures, an insurance company, and a title company. When it acquires a new business, integrating two networks can take months before secure access to company resources is established, but senior-level employees often need access to key resources much sooner.
Recently, the team found themselves in this predicament with a newly acquired title services company. Senior executives needed access to certain applications on day one before the companies were ready to connect the networks. To address this, the security team leveraged ZPA to enable immediate access to business-critical systems without having to wait months.
“Zscaler allowed us to quickly integrate companies early in the process. We installed ZPA on the endpoints of the acquired companies so they could access a specific Guaranteed Rate application. This was ahead of a larger effort to connect our networks,” said Hurd. “Zscaler is the one security technology stack to rule them all. Now, it’s in our playbook: the day after we close, we already have a plan to roll out Zscaler.”
The ideal partnership for agility and business growth
“You have to hitch your wagon to companies on the bleeding edge,” Hurd concluded. “We look to our partnership with Zscaler to continue innovating and safeguarding our growth.”
More from this customer
Productos
Soluciones