Mars is a family-owned, future-facing company with brands, products, and services used worldwide for generations. With over 140,000 associates worldwide, Mars is committed to taking daily action that will help build a better world tomorrow.
Mars’s security team only had one engineer that could use their existing SOAR to its full extent. They knew they needed a platform that was accessible and intuitive for anyone on the team to adopt. With Tines, adoption became possible for everyone on the team due to its ease of use and being no-code.
As a result of onboarding the team to Tines, Mars has consolidated 200 Phantom playbooks into 50 Tines stories. Gregory Poniatowski, Director of Cyber Threat and Vulnerability at Mars, discusses how Tines empowers his team and their plans going forward.
Although their previous SOAR platform fulfilled their basic needs, only one person on the Mars security team could adequately use the tool. This inaccessibility led to slow initial adoption and long lead times to introduce new use cases. There is a quantifiable business impact in this situation – if only one person can sufficiently use a SOAR platform, the organization is at risk when that person takes a vacation or sick day, or leaves the company. If the security operations team can’t build new use cases quick enough, they are left vulnerable. In 2023, the average cost of a security breach is $5 million, the costs of which could be devastating for a company.
The Mars security team knew they needed a platform that worked better for their whole team, to avoid that vulnerability. Through their CISO, the team learned of Tines and requested a demo.
The main objective was to achieve parity with the use cases on their existing SOAR platform. Their solution requirements were:
Flexibility to integrate into their internal and external systems
Intuitive for teams with and without scripting skills
Ability for users to operate at a higher speed
Lower their mean time to resolution for their use cases
Not only were these objectives achieved, but they were surpassed due to Tines’s flexibility – the team consolidated use cases and is now venturing into more use cases than before. The one engineer that managed Splunk now works much faster within Tines, which allows them to address new workflow ideas. On top of that, the Mars teams that would never have been able to use Splunk can use Tines because of the no-code approach.
While Mars had planned for some time to move away from the Splunk SOAR product, they hadn’t decided to move from the platform in its entirety. During the final stages of procurement, the decision was made and required a much faster transition in a very short period. Moving SOAR is a big lift on its own, add in moving SIEMs and you can be looking at a massive lift. But, Mars felt assured in their level of protection with Tines in place. The sheer volume of use cases they built in a short period of time secured that confidence.
Once you know that you’ve got an automation solution in place that covers most of your use cases that supply true positives for incidents done within a few weeks [...] you know that you’ve got a level of protection.”
Now, with the help of Tines professional services, Mars has not one but five teams using Tines within six months of signing.
Mars achieved parity through Tines very quickly. They built their entire library of playbooks, which took years in Splunk, in just a matter of months with Tines with the help of Tines support and onboarding teams. This allowed coverage of 80-90% of sources for true positives to be achieved within a few weeks. On top of that, onboarding new members to the tool takes Mars one day, compared to one to two months for Splunk.
For the Mars security team, Tines has worked out at a greater value than they expected. “We have more stories available than we anticipated because when we originally priced it out, we did like-for-like. We knew we had 200 use cases in [Splunk] Phantom [ … ] and because of the flexibility of the Tines platform, we were able to consolidate use cases, which is a happy accident.”
One of the people on my team with a heavy Microsoft background was initially skeptical about Tines because he felt we could just use Microsoft Power Automate, but what he realized very quickly was that you could until you run into an automation use case that leverages things that are outside of the Microsoft ecosystem where Power Automate just doesn’t operate.
He’s now a heavy advocate for Tines! He was converted very quickly because of the flexibility that you just don’t get with something like Power Automate.”
Tines gives Mars the opportunity to introduce automation to other teams that don’t code, such as IT and data analytics, so they can spend more time on high-value tasks.
“We saw the opportunity to use it beyond security because it’s very easy to engage with, simple, and easily adaptable too. It gives us an opportunity to bring automation into areas of the organization that just don’t have developers to implement automation in the more traditional [code] way.”
The team is putting together metrics to get buy-in from other teams – for cybersecurity, the value metric is time-saved and mean time to resolution, but for teams like IT operations, it’s dollars saved (due to the use of lots of third-party vendors), and Tines solves for this too.