US mortgage lender improves cross-team collaboration for more efficient remediation

The financial services industry is highly regulated, so security and compliance standards are nonnegotiable. New American Funding (NAF) turned to Wiz to adhere to these high standards and still allow the business to grow, cut costs, and improve collaboration across security and development teams.

New American Funding

Industry

Financial Services

Region

Global

Cloud Platforms

Azure
AWS
Ready to start?
Get a demo

Challenge

  • New American Funding had a complex, multi-cloud environment, and needed full visibility into all of their resources in the cloud in order to manage potential security risks.  

  • NAF’s legacy solution produced too many alerts without actionable insights for app owners to respond to, leading to friction between developers and security. 

  • The NAF security team needed to remain compliant with stringent financial services regulations while still allowing the business to move quickly. 

Solution

  • With complete visibility across New American Funding’s multi-cloud environment, Wiz empowers NAF to more effectively uncover and address risks and improve its cloud security posture by enforcing least privilege policies.  

  • New American Funding provides contextual and prioritized insights of each security risk to application owners, empowering them to remediate issues more efficiently.  

  • NAF uses Wiz’s compliance frameworks to automate compliance assessments, more easily report on compliance posture across the org, and use those reports to guide their compliance strategy. 

New American Funding navigates complex financial services security standards to support homeowners 

As one of the largest privately owned direct mortgage lenders in the nation, New American Funding (NAF) is dedicated to helping families and individuals turn their dreams of homeownership into a reality. It’s able to offer customers industry-leading loan closing times by relying on the technology at the core of its business. Today, NAF’s loan officers have access to a suite of mobile apps, including NAF’s proprietary customer relationship management software.  

To support this technology in the highly regulated financial services industry, NAF has a cross-department team of developers, IT, and security specialists maintaining a multi-cloud environment. It continues to find ways for its security and development teams to work together to build the best possible customer experience while maintaining compliance with stringent financial regulations. 

A lack of clear data preventing targeted action 

NAF’s high security standards are non-negotiable, but the team’s existing CSPM was making it difficult to understand vulnerabilities in their cloud environment. NAF was wading through noisy data to uncover issues, and sometimes it wasn’t even possible to locate the source. Once a risk source was identified, the team still had to determine who owned the resource and evaluate the cost centers for the fix. Because of the economic downturn, NAF also had to be more diligent in its spending and needed to move faster with fewer tools.  

We used a tool in the past that created so much noise, it was worthless. I needed actionable data for the team to respond to. Wiz has a much easier interface for developers to understand and allows for faster remediation of the findings.

Jeff Farinich, CISO, New American Funding

This cumbersome process was preventing security teams from collaborating with their developer partners and costing NAF valuable time. Beyond needing a system for finding and fixing problems, it also wanted to establish guardrails for development teams, so they could continue to quickly and securely design. “Developers want to release products, IT wants to make sure that there's governance in place, and security wants to audit the process and provide new recommendations,” said Jeff Farinich, CISO at NAF. “Cloud maintenance requires joint ownership, and we needed a way to work together toward the same goals.” 

Cutting costs while improving visibility and collaboration 

To align these teams, NAF turned to Wiz. The team needed a cloud security platform that was on par with their existing CSPM tool and could consolidate their other security tools in a single system. “Deploying Wiz was simple. We added the descriptions in our environments, let it run, and had visibility into all our assets, risks, and exactly what actions needed to be taken,” said Farinich.  

With Wiz, NAF gained visibility into its environment and misconfigurations, as well as the context, prioritization, and easy-to-read interface it needed. This new visibility improved collaboration by giving application owners better insight into the risks security teams already monitor. “Wiz has definitely improved the relationship between the security and dev teams. The dev team now sees security as a partner, rather than an adversary. They see that they’re both working toward the same goals from different angles,” said Farinich. 

Wiz has given us much better visibility into our cloud environment. From CIEM to vulnerability to patch to Log4j, Wiz gives us a much higher confidence level in our cloud.

Jeff Farinich, CISO, New American Funding

Another result of this improved visibility across the organization was that NAF was able to identify overly privileged and dormant users in their system. Wiz’s CIEM capabilities helped NAF’s security team enforce least privilege access to reduce the number of excessively privileged users in their cloud environment. This reduction means that NAF limited exposure through excess accounts and strengthened their security posture. With a comprehensive overview into its cloud entitlements and effective permissions, the NAF team can detect and prioritize identity risks, and enable teams to take action quickly. 

Creating a faster, more collaborative security team 

Adopting Wiz has eased cross-team collaboration at NAF, and that collaboration is directly driving a better platform for NAF’s growing business and their customers. Remediating at scale means teams can keep up with the demands of the business to help generate new revenue opportunities. This includes efficiently managing two cloud environments. “Using Wiz means we can move faster and remediate more,” said Farinich. “It’s easy to use, and the end result of that is that the organization becomes more secure, more quickly with fewer resources.” NAF uses Wiz to gain insight across both clouds to take action quickly, no matter where a vulnerability originates.  

Maintaining compliance standards, efficiently 

As NAF grows, it's also able to more easily escalate risks to the executive level to create transparency throughout the organization. This transparency has contributed to a growing adoption rate across application teams and leadership, and they’re now able to review and take action to resolve—and get ahead of—compliance-related issues.  

The company uses Wiz’s automated compliance assessments and built-in compliance frameworks to score and more quickly understand compliance with a wide array of regulatory standards, including NIST and CSF. They’re also using this foundation to incorporate other security frameworks into their compliance process to ensure they’re meeting financial requirements for organizations like the Federal Trade Commission and the New York Department of Financial Services. Immediate access to posture scores and easily shareable reports, NAF’s security team can communicate risk and controls mapped out for non-technical leaders across the organization. 

Wiz has allowed us to improve our security posture, but it’s also given us the tools and visibility we need to educate everyone on our team on the compliance controls that we have to meet.

Jeff Farinich, CISO, New American Funding

These new, digestible insights allow the security team to clearly demonstrate business needs for security initiatives, get executive buy-in on new projects, and develop a more secure, more compliant, and more powerful platform for homebuyers across the United States. 

The next stage of security for New American Funding 

NAF continues to find ways to become more efficient with its time and spend. Its next major milestone is to migrate all of its computing to the cloud. While it migrates, it also aims to further reduce security costs by using Wiz to monitor its sensitive data in the cloud with DSPM. With Wiz, NAF is confident that it can grow how it wants. “The platform is easy and deployment immediate, and we’ve become more secure, faster, with fewer resources,” Farinich said. “Wiz is a necessity.”

Want to learn how your cloud security program can achieve the same results as New American Funding? Take a closer look at Wiz's cloud security solutions for financial services

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management