Fannie Mae Provides Lenders Reliable Mortgage Financing with F5 as a Valued Partner

Managing over $4.3 trillion in assets, Fannie Mae ranks as the fourth largest company in the world by assets. With so much at stake, the company works to evade cybercriminals with the help of a variety of F5 app security solutions that Fannie Mae IT colleagues call “top-notch.”

Business Challenge

For nearly a century, Fannie Mae has enabled people in the United States to purchase, refinance, or rent homes. Rather than lending money directly to borrowers, the company buys mortgage loans, provides financing for lenders, and issues mortgage-backed securities. As both a government-sponsored enterprise and a publicly traded company, Fannie Mae partners with a variety of lenders, nonprofit organizations, and others to help renters and homebuyers obtain and retain more than 2.5 million homes annually.

Fannie Mae manages nearly 1,000 digital applications, of which roughly one-third face external customers and partners. They’re deployed in a hybrid architecture of both cloud and on-premises environments. 

“Technology is the backbone of the company,” says Aparna Kadari, Information Security Director for Fannie Mae. 

Ruban Thangaraj, Information Security Operations Lead Associate, agrees that digital experiences are fundamental to the firm’s operations. He says, “By focusing on accessibility, personalization, communication, and adaptability, our business can create strong relationships with our customers in the digital landscape. And cybersecurity plays a very important role in serving that digital experience for our customers, whether helping protect their personal data, providing them user-friendly security measures, or making transparent our response to security incidents and thereby strengthening their trust.”

Those goals have become harder to reach as cybercrime escalates. Vasanth Barre, an Information Security Engineering and Operations Principal for the company, says, “The sophistication of attacks has increased significantly over the years. The challenge is adapting to this constantly evolving landscape while making sure our security posture supports our business applications.”

With hundreds of people comprising the Fannie Mae IT staff, Barre adds, “Our key obstacle lies in having the resources with the necessary understanding of the technology to configure it correctly. Choosing the right partner capable of delivering and addressing new telemetry is paramount.”

Solutions

Fannie Mae uses a multi-faceted approach to application delivery and security that incorporates multiple strategies and technologies to simultaneously help optimize and secure the apps. F5 technologies have been part of that approach for more than a decade. 

“F5 is recognized in the industry for providing robust solutions in the realm of cybersecurity,” says Barre. “F5 offers top-notch solutions tailored to combat continuously evolving security challenges and not compromise on the application delivery standards.”

Kadari adds, “F5 products and services come highly recommended, along with F5’s expertise in application and network security and other areas relevant to managing complex ecosystems such as ours.” 

Through a multi-year move toward the cloud, Fannie Mae requires security measures that can help protect its data and applications, both in transit and after the apps move to the cloud. Kadari says, “We’re trying to reduce our on-premises infrastructure and footprint because moving to the cloud provides greater flexibility and scalability so we can effectively focus on bigger and better things.”

That’s why Barre and Thangaraj hope that F5 Distributed Cloud Services will become part of their F5 product mix based on a successful evaluation. Distributed Cloud solutions and solution packages that interest them include Distributed Cloud Web Application and API Protection (WAAP), as well as bot defense capabilities. 

Results

Secure apps and APIs across hybrid deployments

“The F5 solutions help us protect our critical external apps from security threats and vulnerabilities so our external apps are up and running, supporting high availability, scalability, and performance,” says Thangaraj. “The F5 products are all doing an awesome job for us.”

F5 traffic management and load balancing are important to Fannie Mae’s app delivery, along with protection for the login portals of the company’s VDI solutions. For other security needs, Barre says BIG-IP Advanced WAF has been especially useful.

“BIG-IP Advanced WAF has played a very significant role in shaping the security of our apps,” he says. “We heavily use its native security features.” For instance, the attack signatures, RADIUS telemetry, and bot defenses of various F5 solutions have been particularly helpful in protecting Fannie Mae from threats ranging from illegal cross-origin requests to credential stuffing.

Barre cites the Log4j vulnerability as an example. “When Log4j was released, we were able to identify the telemetries, quickly write the manual attack signature for those telemetries, and see that the manual signatures were blocking the attacks successfully. For the zero-day gap, BIG-IP Advanced WAF delivered a solution.”

Maximize the efficacy of resources, technologies, and tools

Kadari and Thangaraj both emphasize the ease of implementing F5 products and their operational effectiveness. 

“F5 products are extremely user friendly, with the ease of events and reporting and how it reduces our operational complexity,” says Thangaraj. “That means our business teams can focus on achieving our mission.”

For similar reasons, he is looking forward to F5 BIG-IP NEXT, the next generation F5 BIG-IP software. He says, “BIG-IP NEXT is going to be increasing performance and strengthening security as well as reducing operational complexity and costs.”

Gain a go-to partner

“The F5 support team is awesome,” says Thangaraj. “They respond quickly, get to the bottom of issues, and help reach a solution.”

Barre also praises the F5 DevCentral community, which provides expertise, solutions to specific challenges, and tools such as vulnerability descriptions. “DevCentral has been my go-to partner for a long time,” he says, adding that he often sends site links to his colleagues. “It’s always been a great resource.”

Overall, Kadari says F5 technologies and support are important to earning the confidence of Fannie Mae customers. Asked to describe F5 products in a nutshell, she says, “Trust, efficacy, and impact. It’s imperative to have the right solutions in place, and the impact we have created together with F5 is hugely significant.”

She concludes, “By having F5 in the mix and supporting our external landscape, we strengthen our customer relationships and are able to provide the sleep our customers and IT employees deserve.”

Vodafone logo
Benefits
  • Secure apps and APIs across hybrid deployments
  • Maximize the efficacy of resources, technologies, and tools
  • Gain a go-to partner

Challenges
  • Protect apps from constantly evolving attacks
  • Optimize app performance without compromising security
  • Build and maintain customer trust

Products