Partner Success with AWS / Financial Services / United States

February 2025
affirm
Expel

Affirm Reduces Manual Security Response Efforts by 50% with AWS Partner Expel

Learn how Affirm reduced the volume of security alerts requiring manual review by 50% with AWS Partner Expel.

Overview | Opportunity | Solution | Outcome | AWS Services Used

50%

reduction in manual security triage

3x

fewer engineers needed to scale security operations

12+

AWS accounts centralized into a single monitoring platform

40%

improvement in mean time to remediate

Overview

Affirm is a payment network that empowers consumers and helps merchants drive growth through flexible and transparent financing options. The company wanted to streamline its security operations program to address manual triage, decentralized tooling, and increasing alert fatigue. AWS Partner Expel offered a managed detection and response (MDR) service that integrated seamlessly with Affirm’s Amazon Web Services (AWS) environment. Expel MDRTM centralizes monitoring, automates routine tasks, and enhances detection and response workflows Expel reduced the volume of security alerts fielded by engineers by 50 percent and helped Affirm scale the foundations of its security operations program efficiently.

Happy successful businessman in suit shaking hand of business partner.

Opportunity | Overcoming Alert Fatigue and Operational Inefficiency

Affirm’s mission is to deliver honest financial products that improve people’s lives. Trust and transparency are at the heart of the company’s operations, and this extends to its cybersecurity program. “Our core values, which include ‘people come first’ and ‘no fine print,’ touch every part of the business,” says Sneha Regmi, director of security operations engineering at Affirm. “We make every decision—whether it’s about products, infrastructure, or operations—with security in mind. Protecting sensitive financial data is central to earning and maintaining our customers’ trust.” In fact, robust security features are a main reason Affirm chose AWS for its cloud environment.

Affirm initially used manual detection and response processes. Logs were not centralized across AWS environments, making it difficult for the security team to gain a comprehensive view in a timely manner. Various tools and log sources lacked seamless integration with AWS to correlate information across its distributed environments, which made scaling security operations difficult. As Affirm grew, security monitoring increased in complexity and volume. Security engineers and analysts faced alert fatigue from spending excessive time and energy in manually analyzing various cases. To address these challenges, Affirm needed an integrated solution to streamline workflows and enhance response times. The company also wanted to supplement its existing security operations team with added support that would help to dramatically enhance the existing monitoring capabilities, allowing the team to focus on higher-value engineering initiatives.

kr_quotemark

Without Expel, we would have needed to hire at least two or three times our current security engineering team to achieve this centralization.“

Guhan Kumaraguru
Staff Security Engineer, Affirm

Solution | Refocusing Resources with Managed Detection and Response

After exploring their options, the Affirm team selected Expel MDR, a service that blends AI and automation with human expertise to streamline security operations. It uses advanced automation capabilities to handle routine tasks such as log collection, normalization, and correlation, reducing the manual effort required by Affirm's security team. The service also incorporates machine learning and advanced analytics to identify potential threats and anomalies more effectively. With 24/7 real-time threat monitoring and response, Expel’s service determines which alerts are genuine and surfaces context-rich, actionable alerts to Affirm. During onboarding, Expel aligned its workflows with existing processes at Affirm to minimize disruptions. Expel’s customizable service integrated seamlessly with Affirm’s existing tools to streamline detection and response workflows. It centralizes logs and detections across services like Amazon GuardDuty, AWS CloudTrail, and Amazon Simple Storage Service (Amazon S3) in a unified system for analysis. Affirm engineers retained control over their operations and developed custom detections that Expel helped refine and integrate into the broader system.

Today, Expel handles the initial triage of day to day alerts and escalates to the Affirm team when deeper analysis is needed for high value complex findings. The company’s security operations platform, Expel WorkbenchTM, acts as a central hub that consolidates all logs, signals, and alerts into a single, easy-to-navigate interface. Affirm can then monitor its AWS environment while seamlessly managing its own custom detections in other applications, such as tracking interesting activities in single sign-on (SSO), Github, and other SaaS applications. Expel also provides additional coverage by augmenting built-in detections with custom logic, like identifying privilege escalation or suspicious proxy IP activity, to address Affirm’s unique requirements. Expel provides automated, consistent, real-time detections for Affirm across its distributed AWS environment. Expel also provides ongoing support through its live 24/7 SOC, including collaborative incident response, threat landscape advisories, and detection development. During significant incidents, Expel acts as an extension of the Affirm team, providing actionable recommendations and aligning responses with the company’s security goals. Regular communication between the two teams helps Affirm maintain a proactive and adaptable security strategy.

Outcome | Strengthening Security and Customer Trust

By centralizing monitoring across its AWS environment, Affirm streamlined its security operations, aggregating and normalizing data from over a dozen AWS accounts. “Without Expel, we would have needed to hire at least two to three times our current security engineering team to achieve this centralization,” said Guhan Kumaraguru, staff security engineer at Affirm. Expel MDR reduced the need for routine triage, freeing the Affirm security team to prioritize strategic initiatives like refining security strategies and building custom detections. “Today, our engineers manage 50 percent fewer investigations than they previously handled, allowing them to focus on higher-value work,” said Drew Gallis, staff security engineer at Affirm.

At the same time, streamlined workflows and a centralized alerting platform eliminated the inefficiencies of navigating disparate tools. This combination of AI automation and human expertise helped with critical outcomes like mean time to remediate (MTTR), which improved by an average of 40% over the last few years. The collaboration with Expel and AWS helps Affirm quickly address emerging security challenges without overburdening its internal resources, so the team can focus first and foremost on serving and protecting customers. With the support of Expel’s scalable, proactive approach to security operations, Affirm can focus on growing and expanding to new markets, including its recent launch in the UK. The partnership also enables the team to spend more time building and maintaining a proactive and robust security strategy in line with the trust and transparency central to its mission.

About Affirm

Affirm, which operates in the US, Canada, and the UK, is on a mission to deliver honest financial products that improve lives. By building a new kind of payment network—one based on trust, transparency, and putting people first—it empowers millions of consumers to spend and save responsibly and gives thousands of businesses the tools to fuel growth.

About AWS Partner Expel

Expel is a leading managed detection and response (MDR) provider trusted by some of the world’s most recognizable brands to expel their adversaries, minimize risk, and build security resilience. Expel’s 24/7/365 coverage spans a wide breadth of attack surfaces, including cloud, with transparency. Expel augments existing programs to help customers maximize their security investments and focus on building trust—with their customers, partners, and employees.

AWS Services Used

Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance.

Learn more »

Amazon GuardDuty

Protect your AWS accounts, workloads, and data with intelligent threat detection with Amazon GuardDuty

Learn more »

Amazon CloudTrail

Track user activity and API usage on AWS and in hybrid and multicloud environments with Amazon CloudTrail.

Learn more »

More Financial Services Success Stories

Showing results: 13-16
Total results: 61

no items found 

  • Financial Services

    AXA Konzern AG Becomes First German Cloud-Native Insurance Platform Using msg.Life Factory on AWS

    AXA Konzern AG (AXA Germany) is a large primary insurance provider in Germany, and part of the AXA Group. It has over 8,000 employees, 7.4 million customers, and generates annual revenues of around €12 billion. AXA Germany had been running its life insurance platform and back-office systems from an on-premises data center and, since 2015, was using msg.Life Factory, an industry-recognized policy administration system for life insurance. The solution was provided by msg insur:it, a subsidiary of AWS Partner msg, a Germany-based organization that specializes in developing IT solutions for different industries.

    2024

  • Financial Services

    VHV Group Migrates to SAP on AWS for Agility and Innovation with Netlution

    VHV Group, a large German insurance provider with international operations, moved several dozen on-premises SAP systems to SAP on AWS with the help of AWS Partner Netlution, gaining increased agility and performance, and overcoming concerns about hardware shortages. The speedy migration also enabled VHV Group to upgrade to S/4HANA while making sure that it complied with strict German financial regulations. Developers can now spin up test environments in minutes or hours rather than the weeks it previously took to procure and deploy new hardware.

    2024

  • Financial Services

    Kushki Uses Grafana Cloud to Centralize Their Observability Data

    As a leading digital payments provider in Latin America, Kushki is responsible for ensuring safe and successful electronic transactions for more than 200 customers across the region. The Ecuador-based company is 100% serverless using AWS Lambda and Amazon DynamoDB, as well as AWS Route53 for API user requests, AWS X-Ray for tracing, and Amazon CloudWatch for log files. To bring together all of those signals, Kushki used AW Partner Grafana Cloud to centralize visibility of their infrastructure.

    2024

  • Financial Services

    AB CarVal Optimizes Their Backup Operations With Druva

    Global investment management firm, AB CarVal, has navigated through ever-changing credit market cycles across 82 countries over 36 years. With AWS Partner Druva, AB CarVal was able to optimize their backup of Amazon EC2 instances, while mitigating operational costs. Hear from Scott Holm, Vice President of Technology Operations at AB CarVal, in this video.

    2024
1
23456
16

Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.

Contact Sales