Challenge
As they undertook their digital transformation, Mars needed to get visibility into their growing cloud environment and a complete asset inventory.
Mars wanted to build a trusted process and relationship with DevOps teams for remediation.
Mars wanted to implement guardrails and standards for the cloud and needed to better understand the state and risks they had.
Solution
Wiz's agentless solution deployed in minutes and brought immediate visibility into areas of the cloud the security team weren't aware of.
Wiz enabled Mars to build trust with DevOps teams with prioritized, context-rich risks for remediation.
Mars has strengthened their cloud security posture with a solution that provides insight into their cloud assets and risks so they can build better processes and standards.
Mars is a multinational consumer goods company known for their confectionary. Over the past several years, they have moved to the cloud and have developed new expertise and ways of working to support that. They primarily use Azure to centralize their user-driven services and innovate their digital offerings. As their cloud usage continues to expand, the security organization strives to build a collaborative relationship with developer and DevOps teams at Mars to ensure that their cloud security posture can keep pace with their speed of innovation.
With many teams deploying to the cloud and introducing new technologies, the security team was faced with a responsibility to map and understand what was in the cloud as they shifted from a model where deployments were managed by core IT to one owned by a wide range of development teams. Their main priorities were to get visibility into everything in their cloud environment, both core and secondary assets, and to develop strong, trusted relationships with DevOps to ensure that they were able to remediate any issues that arose as efficiently as possible.
When you bring in a new tool, you need to convince people of the benefit and build trust in the data. A lot of security tools err on the side of false positives and over-finding. DevOps never forgets those. Once you get a false positive, DevOps starts to lose faith in your results. We haven't had that with Wiz. When Wiz finds something, it's there. Of all tools we work with, we get the least push back when we go to DevOps with an issue from Wiz.
Greg PoniatowskiHead of Threat and Vulnerability Management, Mars
They set out to find a cloud-native infrastructure security solution that could deliver visibility into the entire span of their cloud environment and deep context into risks that would help the security team work more effectively and quickly with DevOps to prioritize and remediate issues. After a thorough examination of the market, they found Wiz.
Wiz demystifies a lot of the Azure world. It gives us visibility into the environment better than anything else so we can comprehend it well enough to talk to other teams, despite not being cloud experts. And we know that if Wiz identifies something as critical, it actually is. We can see the specific elements that come together to elevate an issue to a severe standing.
Illyan TytelLandscape Integrity Monitoring Senior Lead, Mars
Wiz unifies several cloud security technologies, including CSPM, CWPP, CIEM, and vulnerability management and weaves together the interconnected risk factors across multiple layers to identify the highest priority issues. Wiz’s Security Graph lets Mars visualize their cloud environment and see how everything interacts and connects. The visibility into assets across the cloud, from PaaS to containers to VM images, and the ability to map the relationships between them brought value to both security and operations teams, and the full context around risks presented in an intuitive manner helped Mars build trust in the importance of the issues that Wiz flagged across security, developer, and operations teams.
Wiz has helped us with critical issues across the board. With Log4j, for example, Wiz was the first solution we had that could check for it, and the one that worked the best. With OMIGOD, our teams in Europe were able to identify and remediate it themselves before the security team in the US even woke up because they could see the problem directly in Wiz. It makes security feel much more real when teams can have access directly, rather than sifting through reports from the security team.
Greg PoniatowskiHead of Threat and Vulnerability Management, Mars
Over 8-12 months with Wiz, Mars was able to affect a sea change in their security posture. They got a full asset inventory of their cloud environment for the first time and were able to make measurable improvements to their security posture across the board. They started with external access and exposure, expanded to configuration and compliance, and, more recently, began shifting security left through image scanning in the pipeline.
The confidence we've gotten about what's in our environment and how it's configured that Wiz provides enables us to report to leadership on what we're doing in cloud security and why. For example, we can say with confidence that Wiz is 100% deployed, which we've never been able to say with an agent- based solution. We don't have that level of confidence anywhere else - only in the cloud. The cloud went from being our least understood to our most understood space, and that was entirely due to Wiz.
Greg PoniatowskiHead of Threat and Vulnerability Management, Mars
The security team was able to build trust with developers and operations through Wiz. With rich data into their cloud and its risks, Mars was able to push for new standards and guide rails around security, helping to mature the organization. The integrations that Wiz brought out-of-the-box allowed DevOps teams to plug Wiz into their workflows, so they could move faster and see any issues that arose directly rather than as reports from security.
Mars has found an engaged cloud security partner in Wiz that they can collaborate with to keep up with the speed of change and complexity in the cloud. With Wiz in place, Mars has made the cloud the best understood part of their environment, so they can enable their developer and DevOps teams to innovate and move quickly.
