Inside the SecOps Team at bet365: Moving your SIEM to the Cloud

By Matthias Maier

Hello,

I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London. bet365 is the world’s largest online sports betting company, and operating in 150+ countries, you can imagine the complexities of the cyber security posture with the team balancing different regulatory requirements with delivering a service where every nanosecond counts.

Reasons to Mature SecOps

On stage, John shared how challenging it is to recruit and retain security professionals. To best utilise the team, bet365 focuses primarily on proactive SecOps improvements, working closely with IT and DevOps Teams to adapt and build new security & fraud use cases. Doing “real” cyber security should be the focus.

Sizing up the SIEM

bet365 SIEM

With over 400+ users across 24 different departments working regularly with Splunk and adding unpredictable workloads through simple searches to ML use cases – governance quickly becomes critical. If you then add that the security team maintains over 210+ correlations spanning across 164 different types of technologies/data sources from 14,000+ systems – you get a feeling that there is some work to do – but also that the system becomes a critical platform that serves the entire business.

Migrating Splunk to Cloud

To free up the Security Team and ensure they focus on real cyber security and fraud use cases – the bet365 team decided to migrate the on-premises environment to Splunk Cloud as a managed service. As a result of the migration, they freed up the time of more than 4 FTE’s, and increased their security use case deployments by 25%. They noticed 50% less internal network traffic and reduced the time it took to backup & restore from 1 day to just minutes.

On top of this, John partnered with the DevOps team to run governance and day to day responsibilities. This brought positive effects as it leads to better alignment within their wider Dev community.

To see the full modernization journey from bet365, including lessons learnt and tips for others, you can check the presentation out here: https://www.slideshare.net/Splunk/inside-secops-at-bet365

Thanks so much to the bet365 team and John for taking the stage and sharing an authentic story that we can all learn from.

Best,

Matthias

Tesco - Delivering When It Mattered Most

Customers are our best storytellers at Splunk, and our latest EMEA customer case study is no exception. The team at retail giant Tesco are true Data Heroes, harnessing the power of the data to rapidly scale it’s digital business to put food on the table of millions of customers.

Customers & Community 2 Min Read

AI Predictions Are Fueling Greater Cyber Up-Skilling Needs

Use our new Splunk Education e-book to guide the cybersecurity learning journey in this AI-dominated era.

Customers & Community 2 Min Read

Follow Splunk Down a Guided Path to Resilience

The Prescriptive Adoption Motions for Security and Observability offer technical expertise, best practices, and product knowledge to help you with key use cases.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.