Inside the SecOps Team at bet365: Moving your SIEM to the Cloud


I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London. bet365 is the world’s largest online sports betting company, and operating in 150+ countries, you can imagine the complexities of the cyber security posture with the team balancing different regulatory requirements with delivering a service where every nanosecond counts. 

Reasons to Mature SecOps 

On stage, John shared how challenging it is to recruit and retain security professionals. To best utilise the team, bet365  focuses primarily on proactive SecOps improvements, working closely with IT and DevOps Teams to adapt and build new security & fraud use cases. Doing “real” cyber security should be the focus. 

Sizing up the SIEM 

bet365 SIEM

With over 400+ users across 24 different departments working regularly with Splunk and adding unpredictable workloads through simple searches to ML use cases – governance quickly becomes critical. If you then add that the security team maintains over 210+ correlations spanning across 164 different types of technologies/data sources from 14,000+ systems – you get a feeling that there is some work to do – but also that the system becomes a critical platform that serves the entire business. 

Migrating Splunk to Cloud

To free up the Security Team and ensure they focus on real cyber security and fraud use cases – the bet365 team decided to migrate the on-premises environment to Splunk Cloud as a managed service. As a result of the migration, they freed up the time of more than 4 FTE’s, and increased their security use case deployments by 25%. They noticed 50% less internal network traffic and reduced the time it took to backup & restore from 1 day to just minutes. 

On top of this, John partnered with the DevOps team to run governance and day to day responsibilities. This brought positive effects as it leads to better alignment within their wider Dev community. 

To see the full modernization journey from bet365, including lessons learnt and tips for others, you can check the presentation out here:


Thanks so much to the bet365 team and John for taking the stage and sharing an authentic story that we can all learn from.



Matthias Maier is Product Marketing Director at Splunk, as well as a technical evangelist in EMEA, responsible for communicating Splunk's go-to market strategy in the region. He works closely with customers to help them understand how machine data reveals new insights across application delivery, business analytics, IT operations, Internet of Things, and security and compliance. Matthias has a particular interest and expertise in security, and is the author of the Splunk App for IP Reputation. Previously, Matthias worked at TIBCO LogLogic and McAfee as a senior technical consultant. He is also a regular speaker at conferences on a range of enterprise technology topics.

Show All Tags
Show Less Tags