How WEX Modernized Cloud and AI Security While Cutting Its Tool Stack in Half

WEX® is a global financial technology leader that simplifies the business of running a business. Operating across payments, mobility, and healthcare benefits, WEX processes more than $200 billion in payments annually across 22 currencies — all under intense regulatory oversight. From PCI and SOC 2 to HITRUST, GDPR, and DORA, it manages a complex compliance landscape.

When Kyle Thomas joined as VP of Global Information Security, he inherited more than 70 fragmented security tools and siloed teams. “We were operating dozens of platforms, each with its own console, training requirements, and gaps,” Thomas said. “We needed to simplify, consolidate, and build a unified foundation.”

WEX turned to the CrowdStrike Falcon® platform, replacing legacy tooling across the enterprise in just 30 days and launching a long-term strategy of consolidation, automation, and compliance efficiency.

At the start of WEX’s transformation, the security stack spanned more than 70 tools. Within four years, Thomas cut that number nearly in half. CrowdStrike played a central role, eliminating more than a dozen point solutions while giving WEX a single pane of glass for threat detection, identity management, cloud security, and compliance reporting.

“Security budgets aren’t getting bigger,” Thomas explained. “CrowdStrike gave us a single platform that scales, integrates, and lets us do more with less.”

Today, nearly 200 users across security, IT, DevOps, and GRC teams rely on the Falcon platform to monitor and validate vulnerabilities, misconfigurations, and policy compliance. “Instead of three or four core admins doing everything, we’ve democratized security,” said Thomas. “Developers can check their own vulnerability scans, IT teams can validate remediations … it’s all in one place.”

That operational shift has paid off. Despite business and infrastructure growth, WEX’s security budget has remained flat for four years while security outcomes have improved.

WEX was an early adopter of CrowdStrike Falcon® Cloud Security. Over the past four years, the company has migrated 29 data centers into the cloud and now manages more than 500,000 resources across AWS, Azure, GCP, and Oracle.

“Falcon Cloud Security plugged directly into our CI/CD pipeline,” Thomas said. “It gave us visibility across every provider and helped us manage vulnerabilities and misconfigurations from development through production.”

That integration has fundamentally changed how WEX manages risk. Development and IT teams can now access dashboards to monitor their own cloud environments, leading to faster remediation and fewer silos between engineering and security.

“The biggest benefit is speed,” Thomas noted. “Remediation happens faster, audits move faster, and we’re all working from the same view of risk.”

Falcon Cloud Security also keeps pace with the rapid evolution of AWS services. “We don’t have to wait for annual updates,” he said. “As new AWS features come online, CrowdStrike is right there updating coverage and providing clear remediation guidance.”

AI is transforming how WEX operates, from processing healthcare claims to analyzing payment data. But with innovation comes risk. “AI is a double-edged sword,” Thomas said. “It’s powerful, but it brings new data privacy and regulatory challenges.”

To manage that risk, WEX uses CrowdStrike Falcon® AI Security Posture Management (AISPM) to monitor its AI-constructed environments and ensure models, datasets, and LLMs are configured securely. “AISPM plugs directly into our software development lifecycle,” he said. “It protects our AI environments from the first line of code to production.”

WEX is also using AI to transform its security operations. CrowdStrike® Charlotte AI accelerates detection and response by bringing generative and agentic AI directly into the Falcon platform. Charlotte AI acts as an agentic analyst — interpreting alerts, correlating events, and surfacing prioritized insights in real time. Leveraging rich telemetry and threat intelligence from across the Falcon platform, it analyzes patterns across endpoints, identities, and cloud workloads to identify likely true positives and reduce time wasted on false alarms.

For WEX, that intelligence translates into speed and clarity. “Charlotte AI acts as an early warning system for our SOC,” Thomas said. “It helps us cut through noise and focus on the alerts that truly matter, so our analysts can spend time on high-value investigation instead of manual triage.”

Operating across financial and healthcare sectors means WEX must maintain dozens of global certifications simultaneously. CrowdStrike serves as a core compliance control across every audit — from PCI DSS 4.0 to HITRUST, SOC 2, and GDPR.

“With CrowdStrike, we can walk an auditor through one platform that covers multiple control requirements,” Thomas explained. “It’s a single source of audit artifacts that significantly reduces our certification time.”

The Falcon platform’s unified visibility has transformed compliance from a reactive exercise into an ongoing process. “Our auditors see the same dashboards we use daily,” Thomas said. “That transparency saves time and builds trust.”

Through consolidation, automation, and modernization, WEX has gained control over a complex environment. The company’s lean security team manages a sprawling global footprint without adding headcount or cost.

“CrowdStrike has been a true partner,” Thomas emphasized. “They’re not just building for today’s problems, they’re building for what’s next. When AI and new threats emerge, we already have the tools to handle them.”

For organizations navigating cloud complexity and regulatory pressure, WEX’s story proves the power of a unified platform. “We’re doing more with less,” Thomas concluded. “We’ve simplified operations, strengthened compliance, and built a future-ready security program … all on CrowdStrike.”