Mars Lands and Expands Its Data Capabilities With Splunk

With an aggressive acquisition strategy and teams’ increased appetite for data, Mars needed to capture demands coming from IT, security and business sectors across vastly different subsidiaries.

Thanks to the Splunk platform, Mars now has a single, comprehensive view of all data sources for immediate alerts, proactive optimization and improved decision-making across the organization.

Mars bars are only the beginning.

One of the largest privately held companies in the United States, Mars, Inc. goes far beyond confections with the production of other food services for humans and pets alike, along with animal care services.

Though it originally came to prominence through sweet treats like Mars bars, Milky Way bars, M&M’s, Snickers and more, Mars has vastly expanded through a tactful and aggressive acquisition strategy of organizations ranging from the chewing gum giant Wrigley Jr. Company to animal hospital chain VCA, Inc.

Now, Mars must take a smart, data-driven approach to ensure its quickly expanding global ecosystem of disparate technologies, production flows and services continues to run smoothly.

Turning Data Into Outcomes
  • Expanded access to data to about 300 people globally while sharing insights within different subsidiary SOCs and NOCs
  • Optimizes cloud performance globally through centralized control and optimization
  • Filters and normalizes data to ensure optimal use of compute resources and infrastructure

Meeting the Growing Demand for Data

Across Mars’ teams and businesses, there’s been a consistent increase in appetite for data. “This is not a problem, it’s actually a great thing. But it presents a challenge when you have disparate sources of data and different platforms housing it,” says Antonio Guedes, security analytics senior lead at Mars. “It can be especially hard to get a single point of view of all the information. But Splunk has made it possible to get that single view of systems health while also offering smart ways of alerting, automating and remediating any possible issues.”

With Splunk, Mars provides specific feedback to stakeholders about issues in their processes. Where once they could only call out issues in general terms, the Mars team can now give prescriptive directions in near real time to remediate issues fast.

Data Stream Processor
Collect, process and distribute data to Splunk and other destinations in milliseconds with real-time stream processing.

Additionally, streaming analytics capabilities introduced with Splunk Data Stream Processor (DSP) are helping optimize infrastructure and resources. With DSP, Mars can aggregate data once thought to be too redundant for ingest, then filter that data to include only segments of interest. “DSP is allowing Mars to meet the demands of a broader group of stakeholders that need responsive, accessible dashboards and metrics for monitoring across varied systems and platforms,” says Greg Poniatowski, area leader of information security at Mars. “DSP is allowing us to quickly normalize data while removing some of the load from our Splunk infrastructure, reducing delays and increasing the impact of data visibility.”

Integration Helps Optimize Security and IT Ops

An aggressive acquisition strategy requires the ability to onboard new players while extending security and IT monitoring services with speed and scale. Yet when new subsidiaries bring their own infrastructure and cloud instances, the environment can quickly become challenging to manage, especially from a security perspective. DSP allows the security team to create a single repository of security-relevant data from numerous tools across the entire Mars subsidiary portfolio and their respective SOCs. With a unified location, the team can accelerate troubleshooting issues and improve overall security posture.

“For instance, integration with ServiceNow is key. Alerts are generated in Splunk for dozens of different use cases, some of them critical,” says Poniatowski. “But Splunk goes further, automatically generating the appropriate incident tickets in ServiceNow or in the Security Incident Response module and streamlining our SOC and IT operations.”

From Working Hard to Working Smart

“Before Splunk, logging was done in a disjointed manner. The lack of cohesiveness made it difficult to have an overarching perspective,” says Guedes.

“We started tackling this problem when we began creating dashboards that are business-oriented. Now we have about 45 dashboards that are all connected to a central one that has it all. The next step is to expand this to other markets beyond the three major business processes we’re working with now.”

As we mature with it, it’s become apparent that Splunk is the solution for our broader issues. Now, we have over 300 users all self-serving their own insights from Splunk.
Antonio Guedes
Security Analytics Senior Lead, Mars, Inc.

Mars started with Splunk for security and IT. But it has quickly become the default tool for analytics across Mars’ businesses. “As we mature with it, it’s become apparent that Splunk is the solution for our broader issues as well,” says Guedes. “Now, we have over 300 users all self-serving their own insights from Splunk. In addition to monitoring insights, we’re also looking forward to using machine learning for predictive capabilities.”

Mars realized that the organization needed a new mindset that focused on better insights beyond security and IT operations. Insights into business processes as a whole, not just from one-off solutions sprinkled across the IT environment, are now critical. Mars will continue to rely on Splunk to further this approach to data, fueling innovation and sharpening the organization’s competitive edge across the globe.

It was initially looking like Splunk would be one among many tools in a larger platform. But as new capabilities like DSP are rolled out, we’re starting to see it more as a platform. It’s flexible, we don’t have to buy other capabilities, and integrations are being continuously built in."
— Greg Poniatowski, Area Leader of Information Security
Industry: Manufacturing
Do More With Splunk