Go back

Mars Forges New Visibility and Incident Response at Massive Scale

Material powers risk analysis and search across a complex, hybrid email footprint.

m read
Matt Pecorelli, Director Cybersecurity Operations, Mars
Matt Pecorelli
Director Cybersecurity Operations, Mars
Book a Demo
Matt Pecorelli
Matt Pecorelli
Director Cybersecurity Operations, Mars
“Material was simple to operate and trust even at our scale. There was no complex implementation and no disruption to go into production, and we had full access to our own cloud instance throughout. Within a couple of hours of deployment, we could analyze all the email data for all our domains across North America. It was remarkable.”
Matt Pecorelli
Matt Pecorelli
Director Cybersecurity Operations, Mars
“Material accelerated our incident response and investigations. Previously, we couldn’t search for messages across platforms and domains. Search took hours to respond and was difficult to navigate. With Material, searching for suspicious messages is so straightforward and easy—it takes 20 seconds; not hours. It previews everything right there, with ability to hunt, peck and pivot right at your fingertips.”
Matt Pecorelli
Matt Pecorelli
Director Cybersecurity Operations, Mars
“When Mars acquires a company, we don’t immediately dictate their email architecture, but we do inherit their risk. Material allows us to quickly assess everything. This visibility into a newly acquired entity is a factor for security investments. It’s even better if I can have one solution that allows me to maintain a single global process like Material does for email.”

With over 125,000 employees (“associates” in company lingo) around the globe, Mars is one of the world's largest companies and has been family owned for over 100 years. Its business extends beyond beloved confections to well-known brands in petcare, food, nutrition, and beyond.

Matt Pecorelli is the Director of Cybersecurity Operations and reports to Andrew Stanley, the Global CISO of Mars. Their mandate is to protect the company's significant footprint, while enabling Mars to operate with uncommon speed and agility. Mars designs its business units with enough freedom to act independently so they can move quickly to take advantage of new opportunities.

In this distributed model, Security succeeds by acting as a “center of excellence” and maintaining enough visibility to guide best practices and respond rapidly to problems as they arise. Given the importance of email to each of these businesses (and its associated risks at Mars and everywhere else) keeping billions of emails safe, secure, and usable is an exceptional challenge.

Fortunately, identifying and vetting new technology is a core competency of Mars. Andrew grasped the vision behind Material in under 20 minutes. Matt and his team easily ran a pilot on nearly twenty thousand mailboxes. They were blown away by the security, latency, and performance. A broad unstructured query for an urgent investigation that would have taken hours was returned in seconds by Material. With Material, Mars also identified and addressed unsecure settings and policy violations, achieving unprecedented visibility into email risk across the business.

Novel architecture drives a painless security review and a large-scale, multi-platform rollout

Material’s pilot at Mars was preceded by a painless and rapid security review. Unlike traditional SaaS, every deployment of Material is an isolated, single-tenant instance hosted on a public cloud platform. Customers get direct access to the infrastructure and can even lock out Material personnel for total privacy and control. To help comply with global data regulations they can also choose the region where the infrastructure and data resides for different sets of users. Thoughtful design of a uniquely strong security and privacy architecture quickly gained the necessary approval from the Global Privacy team and from Security leadership.

“Material was simple to operate and trust even at our scale. There was no complex implementation and no disruption to go into production, and we had full access to our own cloud instance throughout. Within a couple of hours of deployment, we could analyze all the email data for all our domains across North America. It was remarkable.”

This deployment experience was unusual for an email security solution. Because Material integrates via email APIs, it doesn’t require changes to MX records or mail flows and can be deployed in minutes to specific users and groups. This allowed the team to kick off a pilot with nearly 20,000 mailboxes across domains on both Microsoft Office 365 and Google G Suite.

Risk Analytics delivers value in operations and strategy conversations

Visibility into email was critical for Matt and his team in order to find and address potential gaps. Their email platforms didn’t provide the type of reporting the team needed, “There is nothing like Material Risk Analytics built into our email. There is not enough to understand our email space and inform me of what’s not normal.” On top of that, with so many domains, across both cloud email platforms, getting a single view of top issues was impossible and tooling like PowerShell scripts couldn’t be used wall-to-wall. Material quickly provided unprecedented visibility and a “single pane of glass” into all email risk and administration and unlocked forward progress.

“Material provides a macro view of email risk and also distills it down to facilitate security conversations with non-technical senior leadership. You can take screenshots, present the evidence, and broker a conversation in a common language. It becomes so clear that it can’t be ignored. It not only provides critical inputs into our cloud strategy, but also drives real conversations and enforcement of controls.”

Material’s Risk Analytics helped Matt’s team gain visibility into three key factors: sensitive content in email archives, third-party app use, and interaction with their large ecosystem of external partners. It identified usage of IMAP and POP (legacy email protocols that bypass MFA), forwarding to personal accounts, and other areas requiring attention. Material also helped with security evaluation of newly acquired businesses, a common and recurring need at many large organizations.

“When Mars acquires a company, we don’t immediately dictate their email architecture, but we do inherit their risk. Material allows us to quickly assess everything. This visibility into a newly acquired entity is a factor for security investments. It’s even better if I can have one solution that allows me to maintain a single global process like Material does for email.”

Supercharging incident response with results in seconds; not hours

Beyond risk analysis, investigating and managing suspicious messages is critical for the security team. Like many organizations, Mars can’t risk overly broad admin access to email because the underlying roles in the cloud email platform are too powerful.

In addition to requiring very broad admin rights, the native search functionality in each email platform leaves a lot to be desired. Common issues include delays, confusing workflows, limits on interactive results, and lack of previews. At Mars’ scale, the challenge for time-strapped incident response team members is that much greater because of the multitude of tenants, domains, and mailboxes.

“Material accelerated our incident response and investigations. Previously, we couldn’t search for messages across platforms and domains. Search took hours to respond and was difficult to navigate. With Material, searching for suspicious messages is so straightforward and easy—it takes 20 seconds; not hours. It previews everything right there, with ability to hunt, peck and pivot right at your fingertips.”

Thanks to more granular role-based access controls, Mars can grant the right permissions to exactly the security team members that need them—without having to make them global email admins. In addition, the system maintains an immutable audit log to further protect privacy.

After all of their experience with the product and the newfound visibility into risk, Matt and his team have been thrilled with the results and are looking forward to doing more to protect Mars and continue to foster more productivity with less risk.

“Email is the number one vector through which credentials get compromised and data is exfiltrated. Material protects the users from themselves and from increasingly sophisticated attackers. We like the approach of inserting warnings to address behavioral components and taking action even after the fact to minimize dwell time of risk, without providing a barrier to the user.”
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.