Blend simplifies major acquisition and continuous compliance with JupiterOne

Challenges

  • Needed to understand what technology, users, access, configurations would be part of a large acquisition
  • Enforcement of new security standards in cloud environments
  • Compiling an accurate inventory of all cyber assets
  • Manual effort to collect and triage information for incident response (IR)

Results

  • Saved time with a simple, collaborative process for identifying, tagging, and transferring cyber assets
  • Gained continuous compliance and security enforcement for all new cyber assets deployed to the cloud
  • Established baseline for offensive security practices used by Red Team
  • Mitigated recent threat using asset context to discover blast radius

The Ultimate Merger: Blending M&A with Asset Discovery & Cloud Security

Blend is a cloud-first company that facilitates lending. They work to bring simplicity and transparency to financial services in an effort to make the world’s financial resources more accessible. Blend processes mortgages and other housing related transactions for over 300 banks, credit unions, and other financial technology companies. As the point-of-sale system (POS) that handles mortgage workflows, thousands of users interact with Blend’s products on a daily basis, making cloud security of the utmost importance.

Simplifying Complex Mergers & Acquisitions Processes

Blend constantly looks for ways to create value for its customers. In March of 2021 they acquired Title365, a top provider of title insurance and settlement services, to expand their service offering. According to the press release, “Together, Blend's technology platform and Title365's operational expertise in title, escrow, and settlement will help financial institutions more efficiently and effectively engage with consumers across a fully integrated home buying journey.”

Mergers and acquisitions (M&A) are always complicated. From a technology perspective, however, they are especially complex. How do you combine IT infrastructures and processes? How do you know which systems and servers to keep? Most importantly, how do you combine two enterprise IT organizations without disrupting business operations?

Paul Guthrie, Information Security Officer at Blend, needed to understand what cloud assets existed in the Title365 universe, and what Blend would be keeping in the acquisition. Paul and his team used JupiterOne to discover, map, and categorize all of the technology they would be acquiring.

Blend started with asset discovery, using JupiterOne to get a complete cyber asset inventory from all of the Title365 cloud service provider (CSP) accounts, Identity and Access Management (IAM) systems, Git repositories and more. This included assets like Datastores, IP addresses, and endpoints, IAM permissions, users, access keys, devices, configurations, and code repositories. The newfound visibility gave them a firm understanding of the scope of the assets they needed to ingest.

Once all assets were identified, teams from both companies collaborated in real time to tag and identify which cyber assets would be transferred to Blend, and which needed to stay with Title365’s parent company. Without JupiterOne, this would have been an entirely manual process. The security, infrastructure, and information technology teams from both Blend and Title365 worked in parallel to complete the process in a few weeks.

"From a merger/acquisition perspective, JupiterOne was invaluable. As M&A activities in cloud native companies become increasingly popular, there is no better way to identify and tag assets than using a tool like JupiterOne."

Paul Guthrie
Information Security Officer at Blend

Improving Cloud Security Through Continuous Compliance

Once the acquisition was complete a new challenge arose: maintaining continuous compliance for all new cloud assets. Often referred to as Cloud Security Posture Management (CSPM), Blend needed to enforce policies and best practices for cloud deployments across the recently expanded team. Paul wanted to ensure that any newly created cyber assets were identified, understood, and met comprehensive security standards.

Paul found that without automation, disseminating cloud security standards to the co-located teams and enforcing them was nearly impossible. His security team set out to develop standards - including hardening, infrastructure requirements, and best practices - with the goal of shifting security further left, continuing to optimize workflows, and reducing bottlenecks in cloud asset management across teams. These standards were then turned into templates and distributed to various parts of the organization, ensuring continuous compliance of all cyber assets.

“There are firms that specialize in cloud security posture management (CSPM), but we’re more interested in driving continuous compliance through integrating an asset management platform like JupiterOne with our SOAR than actually using CSPM, because we can respond better to out-of-compliance assets by treating them like an incident, and performing automated responses when applicable.”

Key Integrations

AWS
Azure
Tenable
Jamf
Okta
Google Workspace

Strengthening Offensive Security & Incident Response

Incident Response & Blast Radius

Incident response involves a lot of manual time and effort pulling information from disparate systems and trying to find connections and make sense of the data. By integrating their SIEM and Vulnerability Management tools into JupiterOne, Blend is able to rapidly respond to cyber incidents and calculate a blast radius for potential breaches.

The security team at Blend can ask questions through the JupiterOne console and discover where their vulnerabilities lie. They needed to understand things like:

  • What are all the servers in the same VPC that might have been impacted by this breach?

In a recent example, Paul described the process his team used to identify a new zero day vulnerability. They identified all the assets that were using Java, and then used JupiterOne to dig deeper into those cyber assets. The team was able to visualize the relationships and connections between assets and, with the new context provided by JupiterOne, quickly realized where issues existed. The security team remediated the vulnerability by the next morning, securing their environment from a potential attack.

“JupiterOne gives us a better and more complete identification of “like assets”, and empowers us to calculate an incident response plan for containment, eradication and recovery.“

Red Team Go!

Beyond streamlining M&A and enforcing CSPM, The Red Team at Blend also leverages JupiterOne as the foundation for their activities.

Cyber Red Teams are considered “offensive security” and according to NIST are “authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture.” To maximize efficiency, Red Teams need to have a complete and accurate inventory of all potential entry points to an enterprise.

Infosec wheel

Rather than depending on existing documentation or “what engineers have told them,” Red team members at Blend were able to run a simple query, returning a list of all the externally facing IPs and endpoints detected by JupiterOne. They used this to establish the baseline of assets, ensuring Blend has 100% coverage on the entire public facing enterprise. With this accurate picture of their asset universe, the red team was able to establish a test plan and started executing.

"JupiterOne gives us a better and more complete identification of “like assets”, and empowers us to calculate an incident response plan for containment, eradication and recovery."

Paul Guthrie
Information Security Officer at Blend

Making Security More Convenient in 2022 and Beyond

According to Paul, Blend “has other ways of getting the information, they’re just not as convenient. My team is finding they go into JupiterOne a lot, different people for different reasons, because it’s the most convenient way to get all the information together. We have a number of projects upcoming in 2022 that have JupiterOne as a core component as we mature our security program in the coming year.”

SUMMARY

  • Saved time with a simple, collaborative process for identifying, tagging, and transferring cyber assets
  • Gained continuous compliance and security enforcement for all new cyber assets deployed to the cloud
  • Established baseline for offensive security practices used by Red Team
  • Mitigated recent threat using asset context to discover blast radius
Blend Case Study
Blend Case Study
Download PDF

About

Blend makes the process of getting a loan or opening a deposit account simpler, faster, and more secure, helping financial services firms build customer relationships that last a lifetime. They are working to bring simplicity and transparency to financial services so more consumers can gain access to the world’s financial resources.

Industries

Lending
FinTech
Financial Services
Software

Employees

1,001-5,000

Headquarters

San Francisco, CA
Blend simplifies major acquisition and continuous compliance with JupiterOne
Download PDF

Keep Reading

Case Study
Indeed securely transitions to AWS with JupiterOne

In 2020, the Indeed leadership team saw an opportunity to innovate and mandate a company-wide strategy: Indeed would migrate its business infrastructure from data centers into a cloud-first environment. The goal was to transition to a 100% multi-cloud environment to better scale and support their changing business and customer needs.

Case Study
Robinhood achieves continuous monitoring across vulnerabilities and assets with JupiterOne

Daniel leads the company’s asset and attack surface management program. His team is actively responsible for securing all cloud resources, physical devices, and SaaS applications that process sensitive financial and customer data across the online brokerage.

Case Study
LiveIntent secures thousands of ephemeral devices daily with JupiterOne

Sean Cooper joined LiveIntent three years ago to help build out their security program. As the company grew, and the security challenges evolved, Sean found that the security team needed better visibility into their environment and a better process for managing incident responses, audits, and day-to-day security operations.