Inside the SecOps Team at bet365: Moving your SIEM to the Cloud

By Matthias Maier

Hello,

I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London. bet365 is the world’s largest online sports betting company, and operating in 150+ countries, you can imagine the complexities of the cyber security posture with the team balancing different regulatory requirements with delivering a service where every nanosecond counts.

Reasons to Mature SecOps

On stage, John shared how challenging it is to recruit and retain security professionals. To best utilise the team, bet365 focuses primarily on proactive SecOps improvements, working closely with IT and DevOps Teams to adapt and build new security & fraud use cases. Doing “real” cyber security should be the focus.

Sizing up the SIEM

bet365 SIEM

With over 400+ users across 24 different departments working regularly with Splunk and adding unpredictable workloads through simple searches to ML use cases – governance quickly becomes critical. If you then add that the security team maintains over 210+ correlations spanning across 164 different types of technologies/data sources from 14,000+ systems – you get a feeling that there is some work to do – but also that the system becomes a critical platform that serves the entire business.

Migrating Splunk to Cloud

To free up the Security Team and ensure they focus on real cyber security and fraud use cases – the bet365 team decided to migrate the on-premises environment to Splunk Cloud as a managed service. As a result of the migration, they freed up the time of more than 4 FTE’s, and increased their security use case deployments by 25%. They noticed 50% less internal network traffic and reduced the time it took to backup & restore from 1 day to just minutes.

On top of this, John partnered with the DevOps team to run governance and day to day responsibilities. This brought positive effects as it leads to better alignment within their wider Dev community.

To see the full modernization journey from bet365, including lessons learnt and tips for others, you can check the presentation out here: https://www.slideshare.net/Splunk/inside-secops-at-bet365

Thanks so much to the bet365 team and John for taking the stage and sharing an authentic story that we can all learn from.

Best,

Matthias

Building Better Implementations With the Splunk Success Framework

The Splunk Success Framework contains best practices to help you decrease time to value, drive adoption, and enable Splunk environments to scale as you grow.

Customers & Community 5 Min Read

Splunk in Financial Services

Customers & Community 2 Min Read

Your Self-Managed Journey to Digital Resilience

No matter your industry, starting point, or organizational size, the Use Case Explorers for Security and Observability will help you improve digital resilience.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.