Houwzer’s digital delivery system is built on a highly complex, monolithic API with extensive personalization and localization to support diverse customer needs across different real estate markets. The company lacked visibility into all the possible ways its API was being used or how it was behaving in the real world. This created security concerns, as Houwzer could not know where or how sensitive data was exchanged, or if bad actors could exploit vulnerabilities to gain unauthorized access to private information.
Houwzer prioritized adopting an API Security platform to address these concerns.
As the head of technology with some security background, I’m able to use Traceable AI to monitor and secure our environment without adding people. Traceable AI completely changed the way I thought about securing our APIs.
Chief Technology Officer
As the Chief Technology Officer for Houwzer, Greg leads the development and deployment of Houwzer’s technology and data platforms, evangelizing data-driven decision making across the organization.
Houwzer is a socially responsible real estate and mortgage brokerage that prioritizes customer-centric services, cost savings for sellers, and community support.
Houwzer’s monolithic API is highly complex, with numerous endpoints and behavior variations based on transaction stage and location rules. Understanding its usage and behavior became a challenge for the team, leading to concerns about security risks and the need for comprehensive API visibility and control.
“Traceable is exactly like the solution I was looking for.”
Houwzer’s AWS-deployed real estate applications and tools prioritize security, but their public-facing API required enhanced measures due to the potential impact of exposing personally identifiable information (PII). User role definitions and the risk of misdirected API requests further heightened concerns about unauthorized access and data breaches.
Phillips emphasizes the challenge of determining the appropriate API access for each user role, acknowledging the difficulty even for developers.
Houwzer deployed Traceable to gain observability and security of its monolithic API. The platform allows the company to see how customers are using its API at different points in a transaction and flags any suspicious behavior. Traceable AI also automatically identifies and blocks threats to the API in real-time and enables the company to uncover inappropriate information flow between different user roles across Houwzer’s services, such as buying, selling, mortgage, and title. Moreover, Houwzer uses Traceable AI to extend visibility of security concerns directly to its development team.
Traceable AI assists in evaluating the information visible to each user role within the API, prompting critical examination and potential adjustments. Collaborating with the development team, necessary modifications can be made to enhance API security for different user roles.
According to Phillips, Traceable AI increases security awareness among developers by providing direct visibility into API usage. This proactive approach fosters a mindset of prioritizing security throughout the development process, resulting in a higher-quality product.
Traceable allows us to know where sensitive information exists within our API and flags any activity that looks suspicious and could possibly expose that data.
With Traceable, the need for a dedicated security team is eliminated. Says Phillips “The security risk for our business is in our API and the various ways the endpoints can behave.”
Since implementing Traceable, Phillips’s team has discovered three additional vulnerabilities and promptly addressed them. Moreover, Traceable automatically detects and blocks numerous threats, sparing the team from manual log analysis and thwarting potential scans and hacks.
“We went from blocking essentially zero threats to blocking hundreds per day with Traceable.”
Houwzer is continually expanding into additional states and adding new capabilities to enhance the home buying and selling experience. As the business grows, its API will also need to scale and as it does, Phillips is confident he’ll be able to keep it secure with the help of Traceable.
“Our whole strategy is to create a package of technology tools that we can scale to service customers – securely – across the U.S.”
Traceable brings me peace of mind in the security of our digital services as we grow.
Chief Technology Officer
Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research.
With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire development lifecycle. Visual depictions provide insight into user and API behaviors, understanding anomalies and blocking API attacks, enabling organizations to be more secure.