Inside the SecOps Team at bet365: Moving your SIEM to the Cloud

By Matthias Maier

Hello,

I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London. bet365 is the world’s largest online sports betting company, and operating in 150+ countries, you can imagine the complexities of the cyber security posture with the team balancing different regulatory requirements with delivering a service where every nanosecond counts.

Reasons to Mature SecOps

On stage, John shared how challenging it is to recruit and retain security professionals. To best utilise the team, bet365 focuses primarily on proactive SecOps improvements, working closely with IT and DevOps Teams to adapt and build new security & fraud use cases. Doing “real” cyber security should be the focus.

Sizing up the SIEM

bet365 SIEM

With over 400+ users across 24 different departments working regularly with Splunk and adding unpredictable workloads through simple searches to ML use cases – governance quickly becomes critical. If you then add that the security team maintains over 210+ correlations spanning across 164 different types of technologies/data sources from 14,000+ systems – you get a feeling that there is some work to do – but also that the system becomes a critical platform that serves the entire business.

Migrating Splunk to Cloud

To free up the Security Team and ensure they focus on real cyber security and fraud use cases – the bet365 team decided to migrate the on-premises environment to Splunk Cloud as a managed service. As a result of the migration, they freed up the time of more than 4 FTE’s, and increased their security use case deployments by 25%. They noticed 50% less internal network traffic and reduced the time it took to backup & restore from 1 day to just minutes.

On top of this, John partnered with the DevOps team to run governance and day to day responsibilities. This brought positive effects as it leads to better alignment within their wider Dev community.

To see the full modernization journey from bet365, including lessons learnt and tips for others, you can check the presentation out here: https://www.slideshare.net/Splunk/inside-secops-at-bet365

Thanks so much to the bet365 team and John for taking the stage and sharing an authentic story that we can all learn from.

Best,

Matthias

Empowering the Global Workforce: The Splunk Authorized Learning Partner Program

Splunker Sophie Mills shares a closer look at the Splunk Authorized Learning Partner (ALP) Program, which is committed to scaling and expanding the education and adoption of Splunk to customers, partners, and Splunkers by building a community of certified Splunk learning partners.

Customers & Community 1 Min Read

Technical Education Can Drive Long Term Success for Organizations

Technical education is critical to driving digital transformation and on going business resilience for customers at any point in their data journey.

Customers & Community 2 Min Read

Exploring Security and Observability on Splunk Lantern

Learn how the new Use Case Explorers can help you expand your Splunk environment to yield the best results as fast as possible.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.