Guaranteed Rate Blocks Millions of Threats and Accelerates M&A Integration From Months to Days

Security gaps and a shift to remote work prompt a phased zero trust rollout

Guaranteed Rate was aware that its architecture—consisting of three on-premises data centers, legacy VPNs and firewalls, and three cloud platforms—expanded the attack surface, made it more vulnerable to cyber risk, and increased complexity. In addition, the organization transitioned from on-site work to a hybrid environment, with loan officers constantly on the go, working from one of 500+ branch offices, customer sites, or real estate firms. 

“As we embarked on our cloud-first journey, we knew it was time to reevaluate our security architecture. To access private apps, remote workers depended on VPN, which was slow and unreliable. We lacked an enterprise proxy to filter and inspect internet traffic—and that left the network vulnerable to malicious activity. Security technologies were inconsistent across our many branches, and management was time- and resource-intensive,” said Darin Hurd, Chief Information Security Officer, Guaranteed Rate.

Safeguarding sensitive data and complying with finserv regulations

Along with maturing its security program, protecting sensitive data and meeting stringent compliance mandates were also top priorities. Preventing wire fraud, for example, was an ongoing concern for the mortgage lender, as the loan process requires sharing sensitive data among clients, mortgage companies, borrowers, and others. Hurd and his team were always on the lookout for bad actors who could potentially target one of those entities and change wiring instructions to route data or funds away from intended recipients to their own systems or accounts.

These were among the many reasons Guaranteed Rate made a strategic decision to adopt a zero trust architecture. The organization’s vendor selection was driven by three considerations: partnering with an innovative industry-leading vendor, implementing a unified platform instead of point products, and achieving rapid time-to-value. The Zscaler Zero Trust Exchange met all these criteria.

Phase 1: Securing internet and SaaS with always-on protection

Guaranteed Rate launched its zero trust journey by deploying Zscaler Internet Access (ZIA) to every device to inspect all internet traffic for encrypted content and identify and block threats utilizing its AI-driven engine.

“Before Zscaler, I couldn't prevent users from attaching emails or data to their private email and exfiltrating that data. Nor could I block users from uploading sensitive data to Dropbox and Google Drive. Zscaler provides us with the data loss prevention capabilities we need to prevent bad actors and insiders from exfiltrating our vital data and to maintain compliance with financial services data protection regulations,” said Hurd.

Using Zscaler’s URL filtering technology, his team sets policies to block traffic to potentially malicious and inappropriate websites as well as to countries the company doesn’t do business with. They utilize the AI-driven Zscaler Sandbox to quarantine unknown or suspicious files before they reach devices and users to prevent compromise. Zscaler Sandbox leverages ML and behavioral analysis to identify and detect zero-day threat​​s by analyzing the behavior of files in a secure environment. Traditional signature-based methods, on the other hand, are often unable to recognize these emerging threats.

“We benefit greatly from the scale of its AI-driven malware protection. It’s important to partner with companies that lead the way in innovation—and that’s what Zscaler brings to the table,” said Hurd. 

Phase 2: Secure access to hundreds of private apps across 500+ locations

Loan officers are often on the road and need to access internal applications, such as proprietary loan origination systems, to finalize home loans. The legacy VPN technology resulted in application downtime, login friction, sluggish onboarding processes, and excessive permissions. These constant problems frustrated users and impacted their productivity. 

Soon after the ZIA deployment, Hurd’s team rolled out Zscaler Private Access (ZPA) for secure, seamless, and faster access to the more than 500 private applications residing in data centers and on AWS. This dramatically improved the user experience and protection, as did a simpler login process. When the COVID-19 pandemic hit, transitioning to remote work was seamless. Today, corporate employees and loan officers have the flexibility to work securely from anywhere, without experiencing lagging application performance.

“Zscaler makes access to applications snappier for our users because it has many points of presence. Since we don’t have to backhaul traffic to our data centers and users are connected directly to apps, response time is two to three times faster,” noted Hurd. 

Phase 3: Optimize employee digital experience

Next, Hurd and his team deployed Zscaler Digital Experience (ZDX) to monitor the user experience, identify connectivity and application issues, and resolve support tickets faster. 

“What I like about ZDX is that it gives us real-time insight into network, application, and device performance issues from a single dashboard,” he explained. “Armed with these insights, our help desk team reduces mean time to resolution by quickly identifying bottlenecks.” He plans to expand use of ZDX in the near future.

Additionally, the security team utilizes Zscaler Risk360 to identify potential exposure areas in order to help prioritize remediation efforts and manage risk overall.

“The visibility Zscaler provides lets us be more focused on where we spend our time so we address and reduce the most pressing cyber risks,” said Hurd.

He further observed: "There's no shortage of things to do, and, ultimately, we have a limited set of resources to work on a growing set of challenges—and not all those challenges and risks are equal. Risk360 helps us target where we spend our time so we’re more efficient and effective in addressing the most important risks.”

ZDX and Risk360, part of the AI-powered Zscaler ​​Business Analytics portfolio, provide Hurd with the latest real-time data from the company’s entire infrastructure, enabling his team to generate actionable insights that help lower risk, improve the user experience, and optimize SaaS spend and office utilization. 

Next Up: Detect sophisticated threats and prevent lateral movement

Taking another step toward security maturity, Hurd tested Zscaler Deception, which uses endpoint lures and decoy applications, servers, users, or enterprise resources to silently detect threats and attacker activity. It prevents lateral movement of threats by proactively diverting attackers away from sensitive resources and containing threats in real time. Zscaler Deception reduces risk across the entire environment—endpoints, identity systems, networks, applications, and the cloud—and will help Guaranteed Rate disrupt difficult-to-detect threats like user credential compromise and evasive threats like ransomware that typically target sensitive data and can lead to breaches.

“We’re excited about putting in more ‘canary objects’ as bait to detect the presence of an attacker—whether it’s files, processes, fake applications—to see what they might catch,” said Hurd. “ZDX is another way we can leverage Zscaler to fortify our defenses and better protect our sensitive data.”

Integration with CrowdStrike reduces security management to a fraction a full-time person

Prior to deploying ZIA, Guaranteed Rate had deployed CrowdStrike to all endpoints. By leveraging the Zscaler with CrowdStrike integration, they have a robust end-to-end solution that checks all the boxes: threat intelligence enrichment, risk reduction, improved user experience, and operational efficiency.

“With the Zscaler-CrowdStrike integration, we are looking forward to real-time posture assessments for all devices. The CrowdStrike posture score will be fed to Zscaler live. If that score drops below a specified threshold, we can contain the device and investigate the issue more thoroughly,” said Hurd.

Threat intelligence enrichment flows in both directions, bringing increased awareness to device activity. The integrated solution monitors indicators of compromise, blocks lateral movement of threats, and executes incident response tasks more quickly.

Zscaler also shares log files with CrowdStrike. The combined visibility containing telemetry from endpoints, networks, and cloud applications provide better visibility to potential threats and security events. The security team uses a pre-built Zscaler dashboard to view log data and detect anomalies to pinpoint issues and accelerate investigations. 

“Before Zscaler, multiple team members were needed to manage an overly complicated security technology stack. Today, that job is done by fewer resources: a fraction of a person’s time is spent managing CrowdStrike and Zscaler,” asserted Hurd. “Zscaler has helped us more efficiently allocate resources to reduce risk. As part of a lean team, I can’t stress enough how big of an impact that has on our operations,” said Hurd.

Seamless integrations with AWS and Okta reduce risk and boost user satisfaction

To further consolidate its infrastructure around zero trust, Hurd and his team integrated Zscaler with AWS and Okta. Now, Zscaler securely connects users directly to applications and workloads on AWS—without having to pass through a data center or route users to the corporate network. This minimizes the attack surface, eliminates the risk of lateral threat movement, protects data, and provides a low-latency user experience.

The Zscaler-Okta integration provides as automated provisioning and deprovisioning of users and groups via the system for cross-domain identity management (SCIM) integration, to ensure real-time enforcement of zero trust policies. 

Security Assertion Markup Language (SAML) integration has improved the user login experience, providing seamless authentication. “Now, users just log in once a week, instead of multiple times a day,” said Hurd. “To make it even easier, we will soon be rolling out passwordless authentication for laptops. This means less friction for the user when they access the 500+ applications we have under single sign-on.”

Zscaler and Okta also streamline the onboarding process for M&A transactions, regardless of the identity provider of an acquired company, to enable faster time to value following an acquisition.

Zero trust shows measurable benefits

Since deploying Zscaler, Guaranteed Rate has seen significant improvements in its risk profile. Zscaler’s full TLS/SSL inspection detected and blocked 420,071 threats hidden in encrypted traffic in just 90 days. It has also boosted threat detection and response, preventing 44.9 million policy violations and stopping 2.5 million security threats in three months.

Hurd also pointed out that Zscaler helps identify and block wire fraud attempts. “With Zscaler, we find the original email that the borrower received and check that against any indicators of compromise matching communication with the borrower. In the past, there was no way we could seamlessly and efficiently do that,” said Hurd.

Other security benefits derived from the Zero Trust Exchange, such as micro-segmentation, and role- and policy-based application access, are helping the security team do more with less.

“We needed a way to enable exponential business growth and transformation while simultaneously reducing our security risks and making the changes transparent to our users and borrowers. The Zscaler Zero Trust Exchange makes securing devices, people, and data much easier so we can focus on achieving our expansion targets,” said Darin Hurd, Chief Information Security Officer, Guaranteed Rate.

Zscaler standardizes security for M&A activity

Guaranteed Rate operates 13 companies, among them several joint ventures, an insurance company, and a title company. When it acquires a new business, integrating two networks can take months before secure access to company resources is established, but senior-level employees often need access to key resources much sooner.

Recently, the team found themselves in this predicament with a newly acquired title services company. Senior executives needed access to certain applications on day one before the companies were ready to connect the networks. To address this, the security team leveraged ZPA to enable immediate access to business-critical systems without having to wait months. 

“Zscaler allowed us to quickly integrate companies early in the process. We installed ZPA on the endpoints of the acquired companies so they could access a specific Guaranteed Rate application. This was ahead of a larger effort to connect our networks,” said Hurd. “Zscaler is the one security technology stack to rule them all. Now, it’s in our playbook: the day after we close, we already have a plan to roll out Zscaler.”