Because Falcon Identity Protection is part of the unified Falcon platform, Mondelēz didn’t have to integrate or manage a separate identity solution. The same single agent and console that powers endpoint, cloud, and data security, along with other CrowdStrike protections that Mondelēz already relies on, also provides its identity protection — simplifying operations and accelerating time to value.Like many global enterprises, Mondelēz operates in a hybrid identity environment with both on-premises Active Directory and cloud-based identity providers. That complexity can be a goldmine for adversaries: Every stale account, overprovisioned user, or weak authentication pathway is a potential entry point.
It also integrates with Falcon telemetry from endpoints and other sources to enrich detections and accelerate investigations. “The identity module has delivered huge value,” said Koen. “It’s helped us proactively identify gaps and misconfigurations before they became security events.”
Closing Identity Gaps in a Hybrid World
“Whether it’s brute force attempts, lateral movement, or insider threats, identity is often the first and last step in the attack chain,” said Emmett Koen, Senior Director of Cybersecurity Operations and North America Regional CISO at Mondelēz.
“Instead of stitching together tools, we’re making decisions based on real-time, correlated data,” said Koen. “That’s a game changer for our team.”
This kind of real-time enforcement is built into the solution. Analysts can stop active identity-based threats with the same agility and confidence they bring to endpoint protection.
From Visibility to Action
This shift from reactive to proactive has allowed the team to reduce attack surface and enforce zero trust principles without needing to deploy additional agents or bolt-on products. In fact, by reducing time spent mitigating attack paths to privileged accounts, Mondelēz estimates it’s saving 9,000 USD annually.
With Falcon Identity Protection, Mondelēz gained improved visibility into accounts, privileges, group memberships, and risky behaviors across its entire identity ecosystem. Instead of relying on periodic audits or siloed tools, the team now has a real-time view of who is accessing what — and whether that activity poses a threat.
- Password spraying
- Kerberoasting
- Suspicious privilege escalation
- Lateral movement via RDP or VPN
CrowdStrike’s standardized identity risk scoring and reporting also support compliance and audit readiness, giving stakeholders clear insight into user activity and organizational exposure.
Enforcing MFA and Blocking Risky Access
Mondelēz International is one of the world’s largest snack companies, with brands like Oreo, Ritz, and Cadbury sold in more than 150 countries. But behind the scenes, it’s also become a model for modern cybersecurity — replacing fragmented tools and reactive workflows with a unified, AI-native defense strategy.
To close those gaps, Mondelēz deployed CrowdStrike Falcon® Identity Protection, a module of the Falcon platform that delivers real-time visibility into identity-based threats, continuous monitoring of user behavior, and proactive enforcement across both cloud and on-premises infrastructure.
With Falcon Identity Protection, the company has the visibility, automation, and control to defend against modern identity-based attacks. As hybrid work and cloud adoption continue to accelerate, Mondelēz’s approach shows what’s possible when identity protection is treated not as a bolt-on but as a core pillar of enterprise security.
Hardening Posture and Reducing Risk
The platform continuously monitors for signs of credential abuse and identity-based attack techniques, such as:
“CrowdStrike doesn’t just alert us to risk,” said Koen. “It gives us the tools to shut it down immediately.”
At the heart of that shift is a recognition that identity is the modern attack surface, and protecting it requires more than traditional security tools can offer.
Stronger Security Without Added Complexity
One standout success came when Mondelēz used Falcon Identity Protection to enforce multifactor authentication (MFA) for RDP sessions — a frequent target for attackers using stolen or brute-forced credentials. By dynamically blocking access and enforcing conditional policies, the team was able to lock down a key exposure point without disrupting business operations.
Since deploying the CrowdStrike Falcon® cybersecurity platform, Mondelēz has achieved measurable improvements in detection and response. The security team reports sub-15-minute mean time to detect and a two-hour mean time to mitigate. More importantly, it’s shifted from disorder to control — eliminating operational blind spots, automating key processes, and enabling faster decisions across the board.
In addition to threat detection and response, Falcon Identity Protection helps Mondelēz strengthen its overall identity hygiene. The tool continuously scans for misconfigured accounts, excessive privileges, and risky group memberships. It then provides prioritized remediation guidance.
