Fintech company extends its security team with Expel’s SOC-as-a-service and 24x7 monitoring

Expel’s native integration with GreenSky’s security stack allows firm to turn on managed detection and response (MDR) service in a single day

The company

Founded in 2006, GreenSky, Inc. is a leading technology company “Powering Commerce at the Point-of-Sale” for a growing ecosystem of merchants, consumers and banks. Their highly scalable, proprietary technology platform enables nearly 16,000 merchants to offer frictionless promotional payment options to consumers, driving increased sales volume and accelerated cash flow. Banks leverage GreenSky’s technology to provide loans to super-prime and prime credit consumers nationwide. Since their inception, over 2.4 million consumers have financed over $17 billion of commerce using GreenSky’s paperless, real time “apply and buy” technology.

As an innovative fintech company, GreenSky has been disrupting the lending business with on-the-spot financing via their network of contractors and bank partners. As a mobile-first financial services company, GreenSky is not itself a traditional lender or bank, yet rather a technology platform facilitating promotional financing at the point of commerce.

Expel’s approach to security felt more like a partnership — one where our two teams would work seamlessly together. ”

⎯ Lori Temples | Vice President, IT Security

The situation

GreenSky is growing rapidly — nearly 30 percent year over year. And Lori Temples, Vice President, IT Security, knew their security posture had to mature right alongside the business. As they implemented new solutions and added new security tech to their existing stack, they quickly realized they needed a managed detection and response (MDR) partner to monitor the signals coming from that tech.

“We desired 24×7 monitoring, but are not staffed to provide that service effectively,” recalled Temples. “We set out to find a third-party provider that could provide us with a security operations center (SOC) as a service. Ideally, we wanted one with analysts who were well-versed with cloud tools and architecture. We also wanted to work with a provider whose culture aligns with our culture at GreenSky.”

Evaluating options

GreenSky had a strong sense of what they needed — but weren’t sure where to find it. They spoke with multiple providers but ran into some roadblocks, as providers either required GreenSky to deploy additional hardware throughout GreenSky’s environment or did not work with GreenSky’s current tool set. Since GreenSky had already made significant investments in new security tech, they were looking for a provider to integrate with their existing tools.

A contact at one of GreenSky’s existing providers, Endgame, introduced Temples and her team to Expel. The team was immediately drawn to Expel’s ability to easily work with GreenSky’s tech stack.

“We interviewed several other companies in the space, including some of the big, well-known players,” said Temples. “But some of those other vendors would have required us to install appliances that we do not have the bandwidth to manage.”

“We were impressed with Expel’s cloud knowledge and also got the sense that they could provide more personalized service for us. Expel’s approach to security felt more like a partnership — one where our two teams would work seamlessly together.”

The speed of our onboarding with Expel was unbelievable. On the same day we signed the contract with Expel, we turned on the service and connected five of our security products. ”

⎯David Drake | Lead Security Engineer

How Expel helped

GreenSky already had strong security signals coming in from sources like Endgame, Palo Alto Networks, Office 365, OneLogin, Splunk and Amazon Web Services (AWS), to name a few.

During the POC, GreenSky was excited about partnering with Expel. “The speed of our onboarding with Expel was unbelievable,” recalled David Drake, Lead Security Engineer at GreenSky. “On the same day we signed the contract with Expel, we turned on the service and connected five of our security products. This was completed so quickly because Expel had native integrations. They moved with us at lightning speed.”

“There was just one virtual machine we needed to install. With Expel, it’s been a ‘set it and forget it’ type of arrangement from day one for infrastructure requirements,” Drake added.


Since GreenSky started working with Expel, their security team is able to dedicate more time to security-related work that’s unique to their business. They no longer have to be on the front lines when it comes to monitoring and managing alerts.

GreenSky and Expel communicate regularly via a dedicated Slack channel and also schedule monthly check-ins. This constant communication helps the two teams act as one. “We love the Slack channel. It makes it seem more like we’re true partners versus two different companies,” said Drake.

During their monthly check-ins, the Expel team presents data to GreenSky and makes recommendations on how to get more mileage out of their current security tech stack. For example, an Expel analyst noticed that GreenSky was paying for a feature within a particular security technology that they weren’t regularly using. The Expel analyst pointed this out to the team, made recommendations as to how GreenSky could take better advantage of this feature and ultimately helped the GreenSky team gain even better visibility into their network. GreenSky also offers feedback to Expel — for example, the team may point to an area where Expel could offer them greater visibility. This way both partners continually improve their processes and alignment.

“The data that the Expel team presents to us helps us identify and fix inefficiencies,” said Drake.

Benefits of partnering with Expel

  • Rapid detection and response to threats
  • Clear communication between teams
  • Quick, easy onboarding

Looking ahead

GreenSky continues to add new security tech to its stack — and as its security needs grow, the GreenSky team knows that “Expel is always willing to help.”

“As we continue to build new integrations and experiment with new security products and detection methods, the communication between the two teams becomes even more important,” mentioned Drake. “I can’t say enough good things about our shared Slack channel — it really keeps us from operating like two separate companies. We feel like we’re part of one big team.”