Mondelēz International Builds a Modern SOC with CrowdStrike

In just two years, Mondelēz International transformed its global cybersecurity operations from fragmented and reactive to streamlined and automated.

Powered by the AI-native CrowdStrike Falcon® cybersecurity platform, the global snacking company cut its mean-time-to-detect to under 15 minutes and mean-time-to-mitigate to just two hours — a shift from its former state, where security alerts routinely triggered mass device reimaging with no investigation.

“Previously, manual and ad hoc processes made it difficult to quickly identify and respond to security alerts,” said Emmett Koen, Senior Director of Cybersecurity Operations and North America Regional CISO at Mondelēz. “Now we have structured, measurable progress, thanks in large part to the Falcon platform.”

That transformation started with a clear directive: Simplify operations, consolidate tools, and expand protections across the enterprise. Mondelēz started with endpoint security and expanded its CrowdStrike protections over the years to include identity protection, cloud security, and next-gen SIEM — all from a single platform, agent, and console.

As one of the earliest beta testers of CrowdStrike Falcon® Next-Gen SIEM, Mondelēz played a hands-on role in shaping the product roadmap. The team’s feedback helped CrowdStrike refine core capabilities around log parsing, data modeling, and correlation. 

“We moved forward with next-gen SIEM because CrowdStrike listened,” said Koen. “We asked for better parsing, better correlation, and a stronger data model — and they delivered.”

Today, Falcon Next-Gen SIEM plays a critical role in Mondelēz’s security operations. The company uses it to ingest and analyze high-value security telemetry, including Falcon logs, Windows event logs, Active Directory activity, Tenable vulnerability data, network logs, and results from penetration testing engagements. Falcon Next-Gen SIEM allows the team to centralize and correlate this data to detect threats faster and with greater accuracy.

“Falcon Next-Gen SIEM gives us the right data in the right place,” Koen explained. “It’s our go-to for high-fidelity detection and fast, efficient investigations. It’s not just about storing logs, it’s about turning telemetry into action.”

That action has led to measurable security improvements. Before Falcon Next-Gen SIEM, the company had no structured SOC metrics and no clear escalation paths. Today, it reports sub-15-minute mean time to detect and a two-hour mean time to mitigate. “The metrics didn’t exist before — we were just reimaging machines when we got alerts,” said Koen. “Now, we can see what’s happening, respond quickly, and continuously improve.”

Costs have also dropped. With its advanced compression and index-free architecture, Falcon Next-Gen SIEM saves Mondelēz an estimated $800,000 USD per year in long-term storage costs compared to its previous legacy SIEM.

Mondelēz has embraced AI across the SOC. The addition of CrowdStrike® Charlotte AI™ brought even more speed and precision to Mondelēz’s security operations. Charlotte AI provides real-time context enrichment, intuitive summaries, and agentic investigative guidance — helping analysts quickly understand what happened, why it matters, and what to do next.

“Charlotte AI helps our analysts understand what’s happening — fast,” said Koen. “It’s not just about speed, it’s about confidence and consistency across the team.”

Mondelēz also benefits from CrowdStrike’s AI-generated parsers, which have replaced manual log onboarding with automated normalization aligned to the Falcon platform’s standardized data model. What used to take days or weeks can now be done in hours.

“Before AI parsers, building integrations was a manual, painful process,” Koen added. “Now, we can stand up new parsers fast and align everything to a consistent data model. That frees up analysts to focus on threats.”

Together, Falcon Next-Gen SIEM and CrowdStrike’s AI capabilities help Mondelēz stay ahead of adversaries — combining speed and intelligence into integrated workflows.

CrowdStrike has also helped Mondelēz simplify and consolidate its security stack without sacrificing capability. With a single lightweight agent and unified console, the Falcon platform provides visibility and control across endpoint, identity, cloud, and log telemetry.

That broad coverage means fewer tools, fewer vendors, and far less complexity. “CrowdStrike does the heavy lifting so my team can focus on securing the business,” Koen said. “Instead of stitching together tools, we’re making decisions based on real-time, correlated data.”

Mondelēz has taken full advantage of the Falcon platform’s breadth. In addition to endpoint detection and response, the company uses CrowdStrike Falcon® Identity Protection to monitor and secure critical Active Directory infrastructure, enforce multifactor authentication (MFA), and detect risky access behaviors. It reports saving $379,000 USD a year alone in time spent mitigating attack paths to privileged accounts.

“The identity module has delivered huge value,” said Koen. “It’s helped us proactively identify gaps and misconfigurations before they became security events.”

The company has also invested in CrowdStrike Falcon® Cloud Security, part of its broader shift to AWS and cloud-native infrastructure. As Mondelēz migrates core systems like SAP to SAP RISE on AWS, Falcon Cloud Security provides visibility, compliance monitoring, and runtime protection across hybrid and multicloud workloads. That cloud coverage is key to enabling a secure, scalable foundation for the company’s global digital transformation.

CrowdStrike’s partnerships with AWS and EY are key components of Mondelēz’s success. The company is in the midst of a global cloud transformation, migrating SAP systems and hundreds of workloads from Azure to AWS. Its internal engineering team — spread across the U.S., Europe, and India — has built a fully automated CI/CD pipeline that now provisions secure workloads with Falcon Cloud Security in under 20 seconds, complete with posture management, threat detection, and continuous monitoring.

“AWS and CrowdStrike are both essential to our digital and security strategy,” Koen said. “And EY has been an incredible partner, helping us implement, integrate, and continuously improve our security operations.”

As a trusted advisor, EY helped Mondelēz move from a legacy SIEM solution to a modern, AI-native architecture with CrowdStrike. That partnership, combined with CrowdStrike’s innovation engine, is enabling Mondelēz to stay ahead of increasingly complex threats.

Koen compares his SOC to emergency medical services: fast, responsive, and containment-first. “With today’s breakout times, you can’t afford to wait.”

With CrowdStrike, Mondelēz has the speed, intelligence, and integration to make that strategy work — and the agility to keep evolving. Whether it’s onboarding new log sources, responding to emerging threats, scaling cloud operations, or tightening identity controls, the Falcon platform is central to the company’s cybersecurity mission.

“There’s no finish line in cybersecurity,” concluded Koen. “But with CrowdStrike, we’re not just reacting anymore … we’re leading.”

See how Mondelēz uses Falcon Next-Gen SIEM to power its AI-native SOC