Mars enhances operational technology device management across 124 factories with Defender for IoT

Global candy maker Mars needed to optimize the security of its operational technology (OT) and sought a solution that could meet its stringent requirements. The company’s security strategy mandates that critical OT devices remain disconnected from the internet. However, it needed a security solution that could work across 124 widely varying global sites. That meant finding an Internet of Things (IoT) security application adaptable to the Mars air-gapped environment, yet capable of transmitting key data to a centralized system when needed. Only one solution checked off the requirements on its list: Microsoft Defender for IoT.

Keeping a global network of devices safer

Mention of the global powerhouse Mars evokes the luscious sensation of its flagship Mars chocolate bar. However, Mars is more than just a confectionery giant. In addition to its Mars Snacking brand, which produces Mars bars and other sweet treats like Skittles, Snickers, and Twix, the company offers highly regarded pet nutrition and veterinary care services.

To keep up with customer demand, Mars runs industrial equipment throughout 124 global sites. Recognizing the importance of safeguarding its operational technology (OT) and industrial control systems (ICS) that monitor and control the equipment in their factories, Mars embarked on a mission to strengthen its security. Mars envisioned a comprehensive solution that it could use to improve asset vulnerability, discovery, and risk management. After assessing available options, in 2019 Mars chose a standout solution: Microsoft Defender for IoT.

Discovering the key ingredient—factory cybersecurity

Securing factories globally presents multifaceted challenges for multinational companies like Mars. Depending on the region, the company tailors its various facilities to deliver vastly different products, from the legendary M&Ms to Royal Canin dog nutrition products, which involves accommodating diverse constraints, conditions, and degrees of IT sophistication among local staff. As part of its cybersecurity strategy, Mars restricts its factory devices to on-premises communication. The company also follows the US National Institute of Standards and Technology (NIST) framework, a methodology that organizations can use to pinpoint their cybersecurity risks and create strategies for managing them.

Rick Nicola, Senior Industrial Cyber Security Engineer at Mars, describes an intensive search for the right solution. “The diversity of our factories and the different levels of expertise in the IT teams at each one makes it challenging to provide standardized security,” he says. To address this challenge, his Industrial Security team of eight used the NIST framework to develop a roadmap that compared where Mars stood in relation to the team’s cybersecurity goals. The NIST framework designates five major cybersecurity functions: Identify, Protect, Detect, Respond, and Recover. Using this framework, the team created a prioritized list of criteria essential for an effective OT security solution, resulting in what Nicola calls “competitive testing.” Mars also engaged a separate technology partner to analyze the leading contenders. That rigorous process revealed a clear winner. “Defender for IoT moved us ahead in four NIST categories,” continues Nicola. “It’s a great fit for Mars.”

Refining the recipe for OT security

Mars manages a range of devices, totaling 50,000 to 60,000, which includes non-ICS devices like domain controllers. While Mars segregates its OT devices from the internet for security reasons, this approach has made it complex to monitor devices across the entire environment. The Industrial Security team has taken steps to configure about 15,000 of its OT devices, such as production equipment sensors in factories, for local, on-premises management under Defender for IoT. This configuration allows data to feed into its Azure cloud environment while confining control over those devices to the closed, air-gapped environments of individual factories. Despite the plethora of vendors supplying those devices—such as ethernet-based weighing equipment, flow meters, and several types of production tools—Nicola’s team uses Defender for IoT for comprehensive device discovery, staying informed and proactive.

The team exports the data to its ServiceNow configuration management database. “Thanks to the ease of interoperability between Defender for IoT and non-Microsoft tools like ServiceNow, we’re expanding control of our OT devices to things like obsolescence management,” says Nicola. “It’s one of the puzzle pieces we needed to put in place to optimize both software and hardware administration.”

Conducting a smooth rollout

The Industrial Security team found a receptive audience with the Chief Information Security Officer and other high-level stakeholders. “Company leadership immediately recognized the value of Defender for IoT,” says Nicola. “It wasn’t a hard pitch.” The diverse IT teams in the Mars factories ranging from highly technical engineering staff to part-time IT administrators with different job focuses and varying levels of experience also embraced the rollout. However, Nicola had to overcome competing priorities. Fortunately, his extensive experience working directly with associates on the factory floors had seeded trust. “The associates in our factories recognized the need, but their normal to-do lists are long,” he explains. “Ensuring that they understood why this was such a high priority was key to our Defender for IoT rollout’s success.”

Deploying the solution globally called for creative planning. Nicola’s team engaged local partners for help in each region and freely consulted with the Defender for IoT expert who remained available to support Mars. “Defender for IoT is not only a great product, but it’s also backed by an excellent team,” says Nicola. “I can’t say enough about how tremendous our Microsoft consultant from the Defender for IoT Cloud Security Engineering team was. He connected us with the right people when we needed them. It’s been a terrific journey.”

Savoring success

With numerous global brands to protect, Mars prioritizes security. Yet for Nicola, the value of business continuity and consumer trust doesn’t easily convert to a specific number. “There’s more to consider beyond the costs of ownership and lost production time associated with security breaches,” he says. “The value of Defender for IoT also includes improved malware protection, our site-based associates gaining visibility into OT networks, and empowering our threat hunting teams with new tools.”

Along with increased peace of mind for stakeholders and IT security–related teams, Mars accrued other benefits. “As we rolled out Defender for IoT, we found several network infrastructure components that needed attention,” notes Nicola. “That process made our system healthier and more robust.” He’s quick to point out that the health of a system depends on the people who manage it, and the rollout has brought about a skills upgrade as associates learn to monitor systems with Defender for IoT. “The associates who work on our OT factory networks are gaining skills and knowledge and becoming savvier about their systems. Overall, they’re simply a more capable workforce.”

Nicola looks forward to completing the rollout, increasing automation with runbooks, and eventually connecting Defender for IoT with a security information and event management system. For now, he’s enjoying the global camaraderie and the chance to build on the strength of the Mars systems. “It’s the most fun I’ve ever had in a job,” says Nicola. Most of all, he’s excited about the result. “I’m proud of our Defender for IoT deployment. We’re using it to bring our security practices in line with our vision.”

Find out more about Mars on X, Facebook, and LinkedIn.