Practical cloud detection and response with Affirm and AWS

Most security teams are running the same playbook: ingest everything, tune later, hope the analysts can keep up. Affirm took a different approach with AWS, and the result is a program where the security team spends more time building than triaging.

Join Affirm's detection engineering team and AWS solution architects as they get specific about how it actually works: what's flowing from GuardDuty and CloudTrail into their detection pipeline, how onboarding a new AWS account goes from "we need to monitor this" to active coverage, and what the signal-to-noise math looks like across 15+ integrations, including how many alerts the team actually touches.

Key Takeaways:

• How Affirm onboards a new AWS account to active monitoring—what the process looks like from "we need to monitor this" to covered
• Where automation closes the loop without a human, and where it hands off to one
• The AI question, answered honestly: what works, where human judgment is still irreplaceable, and what would break if you tried to automate it away
• How reclaiming investigation time translates to actual engineering work and what Affirm's team built with the capacity they got back

You'll leave with a clear picture of how a lean cloud SecOps program actually runs—not what the vendor deck says, but what it takes to go from alert to closed case.