Reinventing how people buy and sell homes - securely online.

Houwzer secures its end-to-end digital real-estate and mortgage brokerage platform at the API level with Traceable AI

Customer: Houwzer is a modern, socially responsible real estate and mortgage brokerage for savvy homeowners.

Challenge: Houwzer lacked visibility into all the possible ways its API was being used or how it was behaving in the real world. This created security concerns.

Solution: Houwzer deployed Traceable AI to gain observability and security of its monolithic API.

Benefits

Secures 1,300+ digital real-estate transactions/year

Blocks hundreds of threats per day automatically

Prevents leaking of private information

Brings greater security awareness to developers

Avoids the need to hire a dedicated security team

Enables secure scaling of APIs as the company expands

The Customer

Houwzer is a modern, socially responsible real estate and mortgage brokerage for savvy homeowners.

The company has rebuilt the brokerage model around the customer with technology and a team of fullservice, salaried agents and mortgage advisors. Home sellers save an average of $15,000 with Houwzer’s flat fee listing agents, while home buyers trust its focus on buyer goals, not commissions.

The company takes special pride in giving back to local communities through its non-profit, RiseUp Fund, and maintaining an average rating of 4.9 out of 5 stars from over 1,000 client reviews.

The Challenge

Houwzer’s digital delivery system is built on a highly complex, monolithic API with extensive personalization and localization to support diverse customer needs across different real estate markets. The company lacked visibility into all the possible ways its API was being used or how it was behaving in the real world. This created security concerns, as Houwzer could not know where or how sensitive data was exchanged, or if bad actors could exploit vulnerabilities to gain unauthorized access to private information.

Greg Phillips
CTO, Houwzer

As the head of technology with some security background, I’m able to use Traceable AI to monitor and secure our environment without adding people. Traceable AI completely changed the way I thought about securing our API”

The Solution

Houwzer deployed Traceable AI to gain observability and security of its monolithic API. The solution allows the company to see how customers are using its API at different points in a transaction and flags any suspicious behavior. Traceable AI also automatically identifies and blocks threats to the API in real-time and enables the company to uncover inappropriate information flow between different user roles across Houwzer’s services, such as buying, selling, mortgage, and title. Moreover, Houwzer uses Traceable AI to extend visibility of security concerns directly to its development team.

The Results

  • Avoids the need to hire a dedicated security team, providingAI-driven security directly at the API level
  • Enables Houwzer to identify more vulnerabilities than in thepast, uncovering three vulnerabilities previously undetected and fixing thembefore they could be exploited
  • Automatically blocks hundreds of threats per day—acapability Houwzer did not previously have
  • Offers tighter control over user roles, preventing private information from passing to unauthorized users
  • Brings greater security awareness to developers, helping improve product quality
  • Allows Houwzer to scale its API with confidence that it is secure as the company expands business nationwide

Buying and selling a home can be a complex process involving lots of different players—real estate agents, mortgage brokers, title companies, attorneys— requiring careful coordination among them all. Time, expense, and piles of paperwork often lead to frustration and exhaustion for buyers and sellers alike. But it doesn’t have to be that way. Houwzer has reimagined the entire real estate transaction process from end-to-end.

Greg Phillips, chief technology officer for Houwzer, explains, “We streamline transactions with a proprietary technology platform and a vertically integrated organization that includes salaried real estate agents, mortgage advisors, and title agents all under one roof. It allows us to close deals more efficiently for home buyers and sellers, and at a discounted fee compared to the rest of the industry.”

Simplifying security of a complex, monolithic API

At the core of Houwzer’s digital delivery system is a monolithic API with numerous endpoints that behave in various ways depending on the stage of a transaction and the specific rules for the state or county in which the transaction takes place. “There is a lot of complexity in how our monolithic API behaves, and we’re constantly adapting it for new customer situations and geographies,” Phillips notes.

With so much personalization and localization enabled across the API, Phillips and his team had no way to fully understand all the possible ways it was being used or how it was behaving in the real world. That’s where Traceable AI comes in.

Phillips says, “It’s almost impossible to predict what people are going to throw at your API once you get to a certain level of complexity. I was concerned about potential security risks and wanted to find away to get our arms around everything going on in our API. When I heard about Traceable AI it sounded exactly like the solution I was looking for.”

Instead of needing a dedicated security team to look for vulnerabilities, which Phillips had considered hiring, Traceable AI provides both observability and intelligent security directly at the API level. “The security risk for our business is in our API and the various ways the end point scan behave,” Phillips acknowledges. “As the head of technology with some security background, I’m able to use Traceable AI to monitor and secure our environment without adding people. Traceable AI completely changed the way I thought about securing our APIs.”

Automatically detects and blocks threats

Houwzer’s proprietary real estate applications and productivity tools are deployed securely in AWS, but the public-facing API required more rigorous security. Any exposure of personally identifiable information (PII) would be highly damaging to the business both financially and from a brand reputation perspective.

“In terms of observability, Traceable AI lets us see how customers are using the API at different points in a transaction,” Phillips says. “On the security side, it allows us to know where sensitive information exists within our API and flags any activity that looks suspicious and could possibly expose that data.”

Phillips reports that since deploying Traceable AI his team has uncovered three more vulnerabilities than had previously been identified and was able to fix them before they could be exploited. He also points out that many threats are automatically identified and blocked by Traceable AI. “We don’t have the resources to dig through logs every day chasing down all the people on the internet trying to scan and hack our API. So, it’s great to see Traceable AI just block them for us. We went from blocking essentially zero threats to blocking hundreds per day with Traceable AI.”

Bringing greater security insights directly to developers

Another potential source of information leaks is the way user roles are defined. Phillips explains that Houwzer has many different user roles— client transaction coordinators, real estate agents, corporate management, etc.—each with specific access privileges to different levels of information. His concern is an individual inadvertently receiving private information intended for someone else because of a misdirected API request. The worst-case scenario would be if a bad actor gained unauthorized access to that information and posed as a legitimate user able to divert both information and funds into the wrong hands.

Phillips notes, “It’s hard, even for the developer, to know what should be included in the API for each user role. Traceable AI has helped us observe what information each user role is seeing in the API, which allows us to think critically about whether or not it makes sense or should be changed. Then we can work with our developers to make the necessary changes in the API and secure those user roles more effectively.”

He adds, “Traceable AI has helped me make security concerns more visible to our development team up front by giving them direct visibility and insight into how people are using the API. I believe that helps keep security more forward in their thinking during the development process and, ultimately, results in a better-quality product.”

Tracking user behavior to detect API attacks

Scales security as the business expands

Looking into the future, Houwzer is continually expanding into additional states and adding new capabilities to enhance the home buying and selling experience. As the business grows, its API will also need to scale and as it does, Phillips is confident he’ll be able to keep it secure with the help of Traceable AI.

“Our whole strategy is to create a package of technology tools that we can scale to service customers across the U.S.,” Phillips says. “Our focus is on building a brand and a product that delivers a consistent experience for all our customers. As we do that, Traceable AI brings me peace of mind in the security of our digital services as we grow.”

For more information on Traceable AI and our solutions, please visit traceable.ai.