Partner Success with AWS / Financial Services / United States

February 2025
affirm
Expel

Affirm Reduces Manual Security Response Efforts by 50% with AWS Partner Expel

Learn how Affirm reduced the volume of security alerts requiring manual review by 50% with AWS Partner Expel.

50%

reduction in manual security triage

3x

fewer engineers needed to scale security operations

12+

AWS accounts centralized into a single monitoring platform

40%

improvement in mean time to remediate

Overview

Affirm is a payment network that empowers consumers and helps merchants drive growth through flexible and transparent financing options. The company wanted to streamline its security operations program to address manual triage, decentralized tooling, and increasing alert fatigue. AWS Partner Expel offered a managed detection and response (MDR) service that integrated seamlessly with Affirm’s Amazon Web Services (AWS) environment. Expel MDRTM centralizes monitoring, automates routine tasks, and enhances detection and response workflows Expel reduced the volume of security alerts fielded by engineers by 50 percent and helped Affirm scale the foundations of its security operations program efficiently.

Happy successful businessman in suit shaking hand of business partner.

Opportunity | Overcoming Alert Fatigue and Operational Inefficiency

Affirm’s mission is to deliver honest financial products that improve people’s lives. Trust and transparency are at the heart of the company’s operations, and this extends to its cybersecurity program. “Our core values, which include ‘people come first’ and ‘no fine print,’ touch every part of the business,” says Sneha Regmi, director of security operations engineering at Affirm. “We make every decision—whether it’s about products, infrastructure, or operations—with security in mind. Protecting sensitive financial data is central to earning and maintaining our customers’ trust.” In fact, robust security features are a main reason Affirm chose AWS for its cloud environment.

Affirm initially used manual detection and response processes. Logs were not centralized across AWS environments, making it difficult for the security team to gain a comprehensive view in a timely manner. Various tools and log sources lacked seamless integration with AWS to correlate information across its distributed environments, which made scaling security operations difficult. As Affirm grew, security monitoring increased in complexity and volume. Security engineers and analysts faced alert fatigue from spending excessive time and energy in manually analyzing various cases. To address these challenges, Affirm needed an integrated solution to streamline workflows and enhance response times. The company also wanted to supplement its existing security operations team with added support that would help to dramatically enhance the existing monitoring capabilities, allowing the team to focus on higher-value engineering initiatives.

kr_quotemark

Without Expel, we would have needed to hire at least two or three times our current security engineering team to achieve this centralization.“

Guhan Kumaraguru
Staff Security Engineer, Affirm

Solution | Refocusing Resources with Managed Detection and Response

After exploring their options, the Affirm team selected Expel MDR, a service that blends AI and automation with human expertise to streamline security operations. It uses advanced automation capabilities to handle routine tasks such as log collection, normalization, and correlation, reducing the manual effort required by Affirm's security team. The service also incorporates machine learning and advanced analytics to identify potential threats and anomalies more effectively. With 24/7 real-time threat monitoring and response, Expel’s service determines which alerts are genuine and surfaces context-rich, actionable alerts to Affirm. During onboarding, Expel aligned its workflows with existing processes at Affirm to minimize disruptions. Expel’s customizable service integrated seamlessly with Affirm’s existing tools to streamline detection and response workflows. It centralizes logs and detections across services like Amazon GuardDuty, AWS CloudTrail, and Amazon Simple Storage Service (Amazon S3) in a unified system for analysis. Affirm engineers retained control over their operations and developed custom detections that Expel helped refine and integrate into the broader system.

Today, Expel handles the initial triage of day to day alerts and escalates to the Affirm team when deeper analysis is needed for high value complex findings. The company’s security operations platform, Expel WorkbenchTM, acts as a central hub that consolidates all logs, signals, and alerts into a single, easy-to-navigate interface. Affirm can then monitor its AWS environment while seamlessly managing its own custom detections in other applications, such as tracking interesting activities in single sign-on (SSO), Github, and other SaaS applications. Expel also provides additional coverage by augmenting built-in detections with custom logic, like identifying privilege escalation or suspicious proxy IP activity, to address Affirm’s unique requirements. Expel provides automated, consistent, real-time detections for Affirm across its distributed AWS environment. Expel also provides ongoing support through its live 24/7 SOC, including collaborative incident response, threat landscape advisories, and detection development. During significant incidents, Expel acts as an extension of the Affirm team, providing actionable recommendations and aligning responses with the company’s security goals. Regular communication between the two teams helps Affirm maintain a proactive and adaptable security strategy.

Outcome | Strengthening Security and Customer Trust

By centralizing monitoring across its AWS environment, Affirm streamlined its security operations, aggregating and normalizing data from over a dozen AWS accounts. “Without Expel, we would have needed to hire at least two to three times our current security engineering team to achieve this centralization,” said Guhan Kumaraguru, staff security engineer at Affirm. Expel MDR reduced the need for routine triage, freeing the Affirm security team to prioritize strategic initiatives like refining security strategies and building custom detections. “Today, our engineers manage 50 percent fewer investigations than they previously handled, allowing them to focus on higher-value work,” said Drew Gallis, staff security engineer at Affirm.

At the same time, streamlined workflows and a centralized alerting platform eliminated the inefficiencies of navigating disparate tools. This combination of AI automation and human expertise helped with critical outcomes like mean time to remediate (MTTR), which improved by an average of 40% over the last few years. The collaboration with Expel and AWS helps Affirm quickly address emerging security challenges without overburdening its internal resources, so the team can focus first and foremost on serving and protecting customers. With the support of Expel’s scalable, proactive approach to security operations, Affirm can focus on growing and expanding to new markets, including its recent launch in the UK. The partnership also enables the team to spend more time building and maintaining a proactive and robust security strategy in line with the trust and transparency central to its mission.

About Affirm

Affirm, which operates in the US, Canada, and the UK, is on a mission to deliver honest financial products that improve lives. By building a new kind of payment network—one based on trust, transparency, and putting people first—it empowers millions of consumers to spend and save responsibly and gives thousands of businesses the tools to fuel growth.

About AWS Partner Expel

Expel is a leading managed detection and response (MDR) provider trusted by some of the world’s most recognizable brands to expel their adversaries, minimize risk, and build security resilience. Expel’s 24/7/365 coverage spans a wide breadth of attack surfaces, including cloud, with transparency. Expel augments existing programs to help customers maximize their security investments and focus on building trust—with their customers, partners, and employees.

AWS Services Used

Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance.

Learn more »

Amazon GuardDuty

Protect your AWS accounts, workloads, and data with intelligent threat detection with Amazon GuardDuty

Learn more »

Amazon CloudTrail

Track user activity and API usage on AWS and in hybrid and multicloud environments with Amazon CloudTrail.

Learn more »

More Financial Services Success Stories

Showing results: 1-4
Total results: 61

no items found 

  • Financial Services

    Crece Más Drives 45% Sales Growth for Small Businesses with Facele and AWS

    Crece Más, a company devoted to helping entrepreneurs thrive, wanted to develop a platform to give small businesses tools to automate operations and grow—but struggled to secure funding. With the help of AWS Partner Facele and Amazon Web Services (AWS) infrastructure, Crece Más secured funding to develop a platform to manage inventory, sales, deliveries, and more. With an impressive new application, Crece Más has grown its customer base by 45 percent in just six months. The platform allows small businesses to scale, increase sales by up to 45 percent, and reduce operational costs by 25 percent, helping them expand into new markets and contribute to regional economic growth.

    2025
  • Financial Services

    Capital Express Reduce los Costos Operativos Mensuales en un 94% con NetRed y AWS

    La compañía de servicios de factoring Capital Express quería mejorar las evaluaciones de los clientes y hacer crecer su negocio, pero tenía un sistema obsoleto que dificultaba el acceso a los datos. La compañía recurrió al socio de AWS, NetRed, para migrar sus datos utilizando los servicios de Amazon Web Services (AWS). Gracias a la migración, Capital Express pudo crear Advance, una innovadora herramienta de gestión financiera que ofrece un procesamiento de datos en tiempo real. La implementación de Advance redujo los costos operativos mensuales en un 94 por ciento. También disminuyó el tiempo necesario para la inscripción de clientes y las consultas de TI a solo cinco minutos. Estas mejoras han agilizado las operaciones y permiten una prestación de servicios más rápida, lo que aumenta drásticamente el potencial de crecimiento de Capital Express y ayuda a satisfacer las necesidades de los clientes con mayor rapidez.

    2025
  • Financial Services

    Capital Express Reduces Monthly Operating Costs by 94% with NetRed and AWS

    Factoring services company Capital Express wanted to improve client evaluations and grow its business, but it had an outdated system that made accessing data difficult. The company teamed up with AWS Partner NetRed to migrate its data using capabilities from Amazon Web Services (AWS). Migrating helped Capital Express create Advance, an innovative financial management tool that offers real-time data processing. Implementing Advance cut monthly operating costs by 94 percent. It also reduced the time needed for client enrollment and IT consultations to just five minutes. These improvements streamlined operations and enabled faster service delivery, dramatically increasing the growth potential of Capital Express and helping it meet customer needs faster.

    2025
  • Financial Services

    MarketReader Launches Its Real-Time Market Analysis Platform and AI Newsletter in Eight Months Using Nasdaq® and AWS

    MarketReader is an artificial intelligence (AI) analytics platform providing the financial sector with data-driven explanations of real-time asset movement. During development, MarketReader experienced delays in data delivery and received incomplete datasets from its initial data provider—which reduced the quality of the platform’s insights. To launch its differentiated product, the MarketReader team moved to cloud-based data solutions from AWS Partner Nasdaq, hosted on Amazon Web Services (AWS), to obtain direct access to high-quality, real-time market data for all US-listed securities. This approach elevated MarketReader’s US market coverage, increased data delivery time by 98 percent, and helped the platform go live within eight months. MarketReader now delivers timely, accurate insights. It publishes a daily newsletter in only seven minutes, driving customer engagement and expanding the newsletter’s reach up to 400 percent beyond MarketReader’s current client base.

    2025
1 16

Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.