Better.com gets greater transparency and cloud monitoring with Expel’s 24x7 detection and response services
Company replaces existing MSSP with Expel’s transparent SOC-as-a-service approach that includes cloud infrastructure monitoring.
Founded in 2016, Better.com democratized the home-financing ecosystem, replacing it with a digitized process. In addition to providing mortgage rates in seconds, Better.com’s platform offers a digital marketplace featuring competitive quotes from an array of insurance providers for seamless purchase of a homeowner’s insurance policy and instant access to leading real estate agents across the country.
Better.com is one of the fastest growing home ownership startups in the country, having grown 3.5x year-over-year and currently funding over $1 billion dollars a month in mortgages. Better.com has raised over $250 million in equity capital and is backed by Kleiner Perkins, Goldman Sachs, American Express Ventures, Ally Financial, Citi and other investors. To date, Better.com has done $8.9 billion in home loans and $1 billion in insurance.
By working with Expel as opposed to trying to hire, train and ramp a brand new team of experienced SOC analysts, we saved nearly 80 percent”
– Ali Khan
Ali Khan joined Better.com as the Director of Platform Engineering in 2017. The company was growing rapidly, and he quickly realized that it would be important to strengthen the company’s security posture to support the company’s growth. In 2019, Khan became Better.com’s CISO.
At the time, Better.com was already working with a third-party managed security service provider (MSSP). As Khan stepped into the CISO role, he took an end-to-end look at Better.com’s current security controls. He needed to think about both how he and his team would secure the company and its customers’ assets today, while also putting the right tools, people and processes in place to support the company’s exponential growth.
As a first step in this evaluation process, Khan and his team immediately took inventory of their tools and added several new ones to the company’s security tool chest, including CrowdStrike and Darktrace. But when they asked their current managed security provider to connect to the new tech, Khan and his team ran into some roadblocks.
“We quickly realized that our MSSP didn’t support our new security tools to the degree we’d hoped,” Khan recalls. And being a cloud-first company, support for Amazon Web Services (AWS) mattered immensely to Khan and team. “The MSSP we were using had some basic support for AWS, but [that support level] wasn’t where we wanted it to be.”
Khan’s decision to replace his current provider was further reinforced when he saw that his IT team “was essentially doubling as our security team,” even with the support of the additional partners Khan had pulled in over time.
“There were several panes of glass when it came to security, instead of one centralized dashboard. Our internal teams and our external team needed to be operating as one and it was clear that they weren’t,” he recalls.
Khan and team had a few conversations about building their own security operations center (SOC) internally, but they ultimately decided against that route. Not only is it expensive to build a SOC, it’s also “extremely competitive,” Khan says. “When you hire an analyst, you’ve got about one to two years to keep someone on staff before they move on. And in security it’s extremely difficult when someone leaves because of the institutional knowledge he or she has,” Khan says.
So they set out to find a new third-party security partner and ultimately chose Expel.
We were very skeptical that it could be so easy to turn on the service. But we were completely up and running in less than two days.”
– Ali Khan
How Expel helped
Two things stood out to Khan and team when they met with Expel: Expel’s ability to support their security tools and the company’s transparent communication style.
Khan liked the fact that Expel uses APIs so customers can easily integrate the products that they’ve already purchased. “Other providers we evaluated just weren’t versatile enough. It was their way or the highway, especially when it comes to the tools they support. We needed a partner who could meet us halfway. Expel went even further.”
Another thing that stood out to him was Expel’s communication style and transparency. He and his team loved the fact that they could communicate with Expel via Slack. “The fact that we’re able to be in the same chat room and get a quick response was really astounding,” he says. After he made the decision to hire Expel, Khan recalls that the onboarding process “was surprisingly easy.” He added, “We were very skeptical that it could be so easy to turn on the service. But we were completely up and running in less than two days.”
And then there was the 3 a.m. pen test — which confirmed that Khan and team had chosen the right provider. “We ran pen tests in the past, but other providers didn’t really flag anything. From the minute we started the pen test with Expel, we were receiving alerts from their analysts,” Khan recalls. He was impressed that the team caught things immediately and alerted Better within minutes.
In addition to the rapid investigation, response and transparency Khan gets with Expel, he is also saving money by not having to vastly increase the size of his team, not to mention find and retain new talent.
“By working with Expel as opposed to trying to hire, train and ramp a brand new team of experienced SOC analysts, we saved nearly 80 percent,” Khan says.
Additionally, being a cloud-first company, Khan says that Expel’s pricing model works well for Better.com’s needs. Other providers price their services based on the amount of data you send them. But when you run most workloads in the cloud, the amount of logs you’re going to send to a provider varies widely. “We could send two gigs one day and 200 gigs the next. Because Expel’s pricing is based on the number of endpoints a customer has, it worked very well for us.”
Benefits of partnering with Expel
- Rapid detection and response to threats
- Clear communication between teams
- Quick, easy onboarding
With Expel’s support, Khan and his team now get to focus on security projects unique to their business without having to drop everything to sift through alerts. “Expel is working with my team in tandem to solve security issues. They’re able to work across my entire team, which is really nice.”
The team continues evolving their security architecture. “Now that we have Expel in place, we’re able to spend time focusing on what the future looks like. It’s reassuring. We completely trust that Expel will let us know if something is amiss in our environment,” Khan concludes.