Mars Forges New Visibility and Incident Response at Massive Scale

Material powers risk analysis and search across a complex, hybrid email footprint

Summary

  • Mars’ business model requires the security org to protect a very large, diverse surface area without direct control over all the technology used by every business unit.
  • Security needed visibility into email risk across an enormous environment with multiple domains and platforms, but the built-in tools were slow and incomplete, and their SIEM wasn't a good fit.
  • Material enabled Mars to have complete control over the infrastructure on which it runs. This helped the product meet their high bar for security and privacy.
  • Risk Analytics identified insecure settings, policy violations, and unsecure behavior, and facilitated strategic initiatives in leadership to improve posture.
  • With the help of Material’s investigative capabilities and search, the security team supercharged its incident response and investigations, while maintaining privacy.

“Material was simple to operate and trust even at our scale. There was no complex implementation and no disruption to go into production, and we had full access to our own cloud instance throughout. Within a couple of hours of deployment, we could analyze all the email data for all our domains across North America. It was remarkable.”

— Matt Pecorelli, Director - Cybersecurity Operations, Mars

With over 125,000 employees (“associates” in company lingo) around the globe, Mars is one of the world's largest companies and has been family owned for over 100 years. Its business extends beyond beloved confections to well-known brands in petcare, food, nutrition, and beyond.

Matt Pecorelli is the Director of Cybersecurity Operations and reports to Andrew Stanley, the Global CISO of Mars. Their mandate is to protect the company's significant footprint, while enabling Mars to operate with uncommon speed and agility. Mars designs its business units with enough freedom to act independently so they can move quickly to take advantage of new opportunities.

In this distributed model, Security succeeds by acting as a “center of excellence” and maintaining enough visibility to guide best practices and respond rapidly to problems as they arise. Given the importance of email to each of these businesses (and its associated risks at Mars and everywhere else) keeping billions of emails safe, secure, and usable is an exceptional challenge.

Fortunately, identifying and vetting new technology is a core competency of Mars. Andrew grasped the vision behind Material in under 20 minutes. Matt and his team easily ran a pilot on nearly twenty thousand mailboxes. They were blown away by the security, latency, and performance. A broad unstructured query for an urgent investigation that would have taken hours was returned in seconds by Material. With Material, Mars also identified and addressed unsecure settings and policy violations, achieving unprecedented visibility into email risk across the business.

Novel architecture drives a painless security review and a large-scale, multi-platform rollout

Material’s pilot at Mars was preceded by a painless and rapid security review. Unlike traditional SaaS, every deployment of Material is an isolated, single-tenant instance hosted on a public cloud platform. Customers get direct access to the infrastructure and can even lock out Material personnel for total privacy and control. To help comply with global data regulations they can also choose the region where the infrastructure and data resides for different sets of users. Thoughtful design of a uniquely strong security and privacy architecture quickly gained the necessary approval from the Global Privacy team and from Security leadership.

“Material was simple to operate and trust even at our scale. There was no complex implementation and no disruption to go into production, and we had full access to our own cloud instance throughout. Within a couple of hours of deployment, we could analyze all the email data for all our domains across North America. It was remarkable.”

— Matt Pecorelli, Director - Cybersecurity Operations, Mars

This deployment experience was unusual for an email security solution. Because Material integrates via email APIs, it doesn’t require changes to MX records or mail flows and can be deployed in minutes to specific users and groups. This allowed the team to kick off a pilot with nearly 20,000 mailboxes across domains on both Microsoft Office 365 and Google G Suite.

Risk Analytics delivers value in operations and strategy conversations

Visibility into email was critical for Matt and his team in order to find and address potential gaps. Their email platforms didn’t provide the type of reporting the team needed, “There is nothing like Material Risk Analytics built into our email. There is not enough to understand our email space and inform me of what’s not normal.” On top of that, with so many domains, across both cloud email platforms, getting a single view of top issues was impossible and tooling like PowerShell scripts couldn’t be used wall-to-wall. Material quickly provided unprecedented visibility and a “single pane of glass” into all email risk and administration and unlocked forward progress.

“Material provides a macro view of email risk and also distills it down to facilitate security conversations with non-technical senior leadership. You can take screenshots, present the evidence, and broker a conversation in a common language. It becomes so clear that it can’t be ignored. It not only provides critical inputs into our cloud strategy, but also drives real conversations and enforcement of controls.”

— Matt Pecorelli, Director - Cybersecurity Operations, Mars

Material’s Risk Analytics helped Matt’s team gain visibility into three key factors: sensitive content in email archives, third-party app use, and interaction with their large ecosystem of external partners. It identified usage of IMAP and POP (legacy email protocols that bypass MFA), forwarding to personal accounts, and other areas requiring attention. Material also helped with security evaluation of newly acquired businesses, a common and recurring need at many large organizations.

“When Mars acquires a company, we don’t immediately dictate their email architecture, but we do inherit their risk. Material allows us to quickly assess everything. This visibility into a newly acquired entity is a factor for security investments. It’s even better if I can have one solution that allows me to maintain a single global process like Material does for email.”

— Matt Pecorelli, Director - Cybersecurity Operations, Mars

Supercharging incident response with results in seconds; not hours

Beyond risk analysis, investigating and managing suspicious messages is critical for the security team. Like many organizations, Mars can’t risk overly broad admin access to email because the underlying roles in the cloud email platform are too powerful.

In addition to requiring very broad admin rights, the native search functionality in each email platform leaves a lot to be desired. Common issues include delays, confusing workflows, limits on interactive results, and lack of previews. At Mars’ scale, the challenge for time-strapped incident response team members is that much greater because of the multitude of tenants, domains, and mailboxes.

“Material accelerated our incident response and investigations. Previously, we couldn’t search for messages across platforms and domains. Search took hours to respond and was difficult to navigate. With Material, searching for suspicious messages is so straightforward and easy—it takes 20 seconds; not hours. It previews everything right there, with ability to hunt, peck and pivot right at your fingertips.”

— Matt Pecorelli, Director - Cybersecurity Operations, Mars

Thanks to more granular role-based access controls, Mars can grant the right permissions to exactly the security team members that need them—without having to make them global email admins. In addition, the system maintains an immutable audit log to further protect privacy.


After all of their experience with the product and the newfound visibility into risk, Matt and his team have been thrilled with the results and are looking forward to doing more to protect Mars and continue to foster more productivity with less risk.

Back to top ^

“Email is the number one vector through which credentials get compromised and data is exfiltrated. Material protects the users from themselves and from increasingly sophisticated attackers. We like the approach of inserting warnings to address behavioral components and taking action even after the fact to minimize dwell time of risk, without providing a barrier to the user.”

— Matt Pecorelli, Director - Cybersecurity Operations, Mars