I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London. bet365 is the world’s largest online sports betting company, and operating in 150+ countries, you can imagine the complexities of the cyber security posture with the team balancing different regulatory requirements with delivering a service where every nanosecond counts.
Reasons to Mature SecOps
On stage, John shared how challenging it is to recruit and retain security professionals. To best utilise the team, bet365 focuses primarily on proactive SecOps improvements, working closely with IT and DevOps Teams to adapt and build new security & fraud use cases. Doing “real” cyber security should be the focus.
Sizing up the SIEM
With over 400+ users across 24 different departments working regularly with Splunk and adding unpredictable workloads through simple searches to ML use cases – governance quickly becomes critical. If you then add that the security team maintains over 210+ correlations spanning across 164 different types of technologies/data sources from 14,000+ systems – you get a feeling that there is some work to do – but also that the system becomes a critical platform that serves the entire business.
Migrating Splunk to Cloud
To free up the Security Team and ensure they focus on real cyber security and fraud use cases – the bet365 team decided to migrate the on-premises environment to Splunk Cloud as a managed service. As a result of the migration, they freed up the time of more than 4 FTE’s, and increased their security use case deployments by 25%. They noticed 50% less internal network traffic and reduced the time it took to backup & restore from 1 day to just minutes.
On top of this, John partnered with the DevOps team to run governance and day to day responsibilities. This brought positive effects as it leads to better alignment within their wider Dev community.
To see the full modernization journey from bet365, including lessons learnt and tips for others, you can check the presentation out here: https://www.slideshare.net/Splunk/inside-secops-at-bet365
Thanks so much to the bet365 team and John for taking the stage and sharing an authentic story that we can all learn from.