Real estate firm turns to artificial intelligence vendor to secure API



Machine learning software that detects abnormal API usage has helped the real estate company harden its API security as it conducts more transactions on the Internet.

Houwzer Inc., a Philadelphia-based real estate, title and mortgage brokerage, is a relatively small company with 150 employees, but has done $ 1 billion in real estate transactions since its founding in 2015. Over the past three years, it has begun performing more of these transactions through a set of APIs hosted on AWS that were initially focused on real estate listings but began to include sales to homebuyers in 2020.

This transition, along with a general increase loud data leaks in the industry over the past year, prompting CTO Houwzer to find a tool that makes API security management more manageable for small IT staff.

“The real estate industry is under constant attack from cybercriminals trying to interfere with ongoing transactions to intercept a large check or wire transfer,” said Gregory Phillips, CTO at Houwzer. “We’re a big target for a relatively small company because we have high value transactions relative to our size.”

Navigating the API Security Boundary

The majority of Houwzer’s employees are real estate professionals and most of its IT operations are outsourced to a managed service provider. However, given how critical API security is to Houwzer’s online operations, Phillips wanted to manage it on his own. But he needed a tool that didn’t require him to manually search the log files or hire someone else to do it.

Gregory PhillipsGregory Phillips

“API security is a new area, and there just isn’t a lot of prior art, and because we are constantly building new things into our APIs, I spend a lot of time on it,” Phillips said.

Meanwhile, an API security startup that emerged out of stealth in 2020 sent Phillips an email and he responded. Startup Traceable Inc. unites distributed tracing which monitors user behavior during API transactions, and machine learning which identifies abnormal and potentially harmful behavior.

“I very rarely respond to cold emails,” Phillips said. “But it was at a time when I was worried about [having] there is more and more protection value here … and there weren’t many great options … that proactively identify threats. “

Traceable has direct competitors in automating security APIs for cloud and cloud applicationsbut most are also startups, including 42Crunch, CloudVector (acquired by Imperva in May), Imvision and Salt Security. Recognized providers of API controls also offer security features in products such as API gateways

Recently, industry analysts have noted a sharp increase in interest in such products.

Over the past 12 months, Gartner has seen a 30% increase in API security-related customer requests compared to the same period last year.

Arun ChandrasekaranAnalyst, Gartner

“There have been many API security incidents in the past year, especially in the form of data breaches,” said Arun Chandrasekaran, an analyst at Gartner. “These incidents have raised awareness of API vulnerabilities – over the past 12 months, Gartner has seen a 30% increase in API security-related customer requests over the past year.”

API security is both an art and a science

Traceable’s artificial intelligence features helped Phillips prioritize his company’s responses to API security threats and automate much of those responses. But it did take some manual effort to use the product, especially in earlier versions.

“In the beginning, we were still filtering out a lot of false positives, but we had feedback sessions with Traceable that reduced them significantly,” Phillips said. “They really set you up to go the last mile.”

Phillips estimated that the Traceable approach was at least 100 times faster than manually viewing reports with log data. Since its deployment, Traceable Houwzer has automatically blocked hundreds of API security threats where it hadn’t before.

Traceable also plans to add CI / CD Integration which is due to the trend towards DevSecOps and the desire of companies to link security to application development pipelines, according to Web site

This will be especially important for companies with a large number of microservices apps that Houwzer doesn’t have yet. But “left shift“The Traceable capabilities will continue to be welcome,” Phillips said.

“This is part of how I already use it, not tied directly to [continuous integration] server, but I’ll look at the tracked alerts and then add a story for the developers, ”he said. “It would be nice if it became more automated.”

Meanwhile, an unexpected advantage of Traceable is that tracking behavior through APIs helps when developing Houwzer applications.

“Even in a controlled environment where many users are internal to our company, you don’t always know how the material will be used in the wild,” Phillips said. “It is important to monitor the perception and reception [for new features]even outside the safety zone. “

Beth Parisot, Senior News Commentator at TechTarget, is an award-winning veteran of IT journalism. You can contact her at [email protected] or Twitter @PariseauTT.


Source link