Partner Success with AWS / Financial Services / United States

February 2025
affirm
Expel

Affirm Reduces Manual Security Response Efforts by 50% with AWS Partner Expel

Learn how Affirm reduced the volume of security alerts requiring manual review by 50% with AWS Partner Expel.

50%

reduction in manual security triage

3x

fewer engineers needed to scale security operations

12+

AWS accounts centralized into a single monitoring platform

40%

improvement in mean time to remediate

Overview

Affirm is a payment network that empowers consumers and helps merchants drive growth through flexible and transparent financing options. The company wanted to streamline its security operations program to address manual triage, decentralized tooling, and increasing alert fatigue. AWS Partner Expel offered a managed detection and response (MDR) service that integrated seamlessly with Affirm’s Amazon Web Services (AWS) environment. Expel MDRTM centralizes monitoring, automates routine tasks, and enhances detection and response workflows Expel reduced the volume of security alerts fielded by engineers by 50 percent and helped Affirm scale the foundations of its security operations program efficiently.

Happy successful businessman in suit shaking hand of business partner.

Opportunity | Overcoming Alert Fatigue and Operational Inefficiency

Affirm’s mission is to deliver honest financial products that improve people’s lives. Trust and transparency are at the heart of the company’s operations, and this extends to its cybersecurity program. “Our core values, which include ‘people come first’ and ‘no fine print,’ touch every part of the business,” says Sneha Regmi, director of security operations engineering at Affirm. “We make every decision—whether it’s about products, infrastructure, or operations—with security in mind. Protecting sensitive financial data is central to earning and maintaining our customers’ trust.” In fact, robust security features are a main reason Affirm chose AWS for its cloud environment.

Affirm initially used manual detection and response processes. Logs were not centralized across AWS environments, making it difficult for the security team to gain a comprehensive view in a timely manner. Various tools and log sources lacked seamless integration with AWS to correlate information across its distributed environments, which made scaling security operations difficult. As Affirm grew, security monitoring increased in complexity and volume. Security engineers and analysts faced alert fatigue from spending excessive time and energy in manually analyzing various cases. To address these challenges, Affirm needed an integrated solution to streamline workflows and enhance response times. The company also wanted to supplement its existing security operations team with added support that would help to dramatically enhance the existing monitoring capabilities, allowing the team to focus on higher-value engineering initiatives.

kr_quotemark

Without Expel, we would have needed to hire at least two or three times our current security engineering team to achieve this centralization.“

Guhan Kumaraguru
Staff Security Engineer, Affirm

Solution | Refocusing Resources with Managed Detection and Response

After exploring their options, the Affirm team selected Expel MDR, a service that blends AI and automation with human expertise to streamline security operations. It uses advanced automation capabilities to handle routine tasks such as log collection, normalization, and correlation, reducing the manual effort required by Affirm's security team. The service also incorporates machine learning and advanced analytics to identify potential threats and anomalies more effectively. With 24/7 real-time threat monitoring and response, Expel’s service determines which alerts are genuine and surfaces context-rich, actionable alerts to Affirm. During onboarding, Expel aligned its workflows with existing processes at Affirm to minimize disruptions. Expel’s customizable service integrated seamlessly with Affirm’s existing tools to streamline detection and response workflows. It centralizes logs and detections across services like Amazon GuardDuty, AWS CloudTrail, and Amazon Simple Storage Service (Amazon S3) in a unified system for analysis. Affirm engineers retained control over their operations and developed custom detections that Expel helped refine and integrate into the broader system.

Today, Expel handles the initial triage of day to day alerts and escalates to the Affirm team when deeper analysis is needed for high value complex findings. The company’s security operations platform, Expel WorkbenchTM, acts as a central hub that consolidates all logs, signals, and alerts into a single, easy-to-navigate interface. Affirm can then monitor its AWS environment while seamlessly managing its own custom detections in other applications, such as tracking interesting activities in single sign-on (SSO), Github, and other SaaS applications. Expel also provides additional coverage by augmenting built-in detections with custom logic, like identifying privilege escalation or suspicious proxy IP activity, to address Affirm’s unique requirements. Expel provides automated, consistent, real-time detections for Affirm across its distributed AWS environment. Expel also provides ongoing support through its live 24/7 SOC, including collaborative incident response, threat landscape advisories, and detection development. During significant incidents, Expel acts as an extension of the Affirm team, providing actionable recommendations and aligning responses with the company’s security goals. Regular communication between the two teams helps Affirm maintain a proactive and adaptable security strategy.

Outcome | Strengthening Security and Customer Trust

By centralizing monitoring across its AWS environment, Affirm streamlined its security operations, aggregating and normalizing data from over a dozen AWS accounts. “Without Expel, we would have needed to hire at least two to three times our current security engineering team to achieve this centralization,” said Guhan Kumaraguru, staff security engineer at Affirm. Expel MDR reduced the need for routine triage, freeing the Affirm security team to prioritize strategic initiatives like refining security strategies and building custom detections. “Today, our engineers manage 50 percent fewer investigations than they previously handled, allowing them to focus on higher-value work,” said Drew Gallis, staff security engineer at Affirm.

At the same time, streamlined workflows and a centralized alerting platform eliminated the inefficiencies of navigating disparate tools. This combination of AI automation and human expertise helped with critical outcomes like mean time to remediate (MTTR), which improved by an average of 40% over the last few years. The collaboration with Expel and AWS helps Affirm quickly address emerging security challenges without overburdening its internal resources, so the team can focus first and foremost on serving and protecting customers. With the support of Expel’s scalable, proactive approach to security operations, Affirm can focus on growing and expanding to new markets, including its recent launch in the UK. The partnership also enables the team to spend more time building and maintaining a proactive and robust security strategy in line with the trust and transparency central to its mission.

About Affirm

Affirm, which operates in the US, Canada, and the UK, is on a mission to deliver honest financial products that improve lives. By building a new kind of payment network—one based on trust, transparency, and putting people first—it empowers millions of consumers to spend and save responsibly and gives thousands of businesses the tools to fuel growth.

About AWS Partner Expel

Expel is a leading managed detection and response (MDR) provider trusted by some of the world’s most recognizable brands to expel their adversaries, minimize risk, and build security resilience. Expel’s 24/7/365 coverage spans a wide breadth of attack surfaces, including cloud, with transparency. Expel augments existing programs to help customers maximize their security investments and focus on building trust—with their customers, partners, and employees.

AWS Services Used

Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance.

Learn more »

Amazon GuardDuty

Protect your AWS accounts, workloads, and data with intelligent threat detection with Amazon GuardDuty

Learn more »

Amazon CloudTrail

Track user activity and API usage on AWS and in hybrid and multicloud environments with Amazon CloudTrail.

Learn more »

More Financial Services Success Stories

Showing results: 1-4
Total results: 55

no items found 

  • Financial Services

    Capitalizing on AWS with Harness: Trust Bank Reduces Lead Times by about 90% With Automated CI/CD Processes

    Launched in September of 2022, Trust Bank is the first of Singapore’s new wave of digital banks. It is also one of the fastest growing digital banks in the world with 16 percent of Singapore’s market share, or more than 800,000 customers. To keep pace with its rapid growth, Trust Bank needed an agile continuous integration and continuous delivery (CI/CD) solution that could seamlessly integrate with its Amazon Web Services (AWS) environments at scale. Following a careful evaluation, Trust Bank turned to AWS Partner Harness. With Harness fully integrated, Trust Bank reduced its lead time for deployment from two weeks to 24 hours and achieved continuous compliance through implementing all controls required to align with industry standards.

    2024
  • Financial Services

    Highnote Revolutionizes Payments with Visa and AWS

    Highnote is redefining embedded finance with a fully cloud-enabled platform powered by Visa Cloud Connect and Amazon Web Services (AWS). By streamlining connectivity to legacy solutions, Highnote has cut integration times from up to 18 months to just 4–6 months, delivering faster go-to-market opportunities.

    This innovative cloud connection with VisaNet ensures seamless, scalable transaction processing while offering significant cost savings. Highnote empowers customers to process payments globally with unmatched speed and reliability, opening a world of possibilities for their businesses. This wouldn’t be possible without our strong partnerships with AWS Partner Visa and AWS, driving true innovation in payments.

    2024
  • Financial Services

    BMO and FICO Transform Financial Services with AWS

    Bank of Montreal (BMO), a 200-year-old financial institution and eighth-largest bank in the Americas, selected AWS Partner FICO and Amazon Web Services (AWS) to modernize its credit decision. Facing challenges with legacy, on-premises infrastructure, BMO transitioned to cloud services through FICO’s Platform on AWS. This move has provided a secure, scalable environment and eliminated issues with updates, offering seamless, version-free upgrades. The partnership has enabled faster, lower-cost changes, reduced data processing times, and allowed for enhanced data integration—all driving better, quicker service for BMO’s 12 million customers.

    2024
  • Financial Services

    Eviden Builds Rapidly Scalable Solution for Likezero on AWS

    Likezero is a UK-based agreement intelligence software company, spun out of professional services company PwC. Its legal agreement application previously ran on PwC’s private network, and is also hosted by two major partners—the London Stock Exchange and S&P Global. Likezero needed a new cloud-based solution after the company became independent from PwC, so it turned to AWS Partner Eviden to help it run its service for customers on Amazon Web Services (AWS). Eviden developed a highly scalable system for Likezero on AWS in 2 months.

    2024
1 14

Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.