John Eccleshare, Head of Compliance and Information Security at bet365, discusses bet365's migration of their Splunk deployment to Splunk Cloud. Some key points: - bet365 processed 3 TB of data per day in their on-prem Splunk deployment but scaling it for new use cases was challenging. - Migrating to Splunk Cloud improved performance, enhanced security capabilities, and freed up 4 FTEs by reducing maintenance and upgrade work. - Lessons learned included needing more business input on requirements and migrating sooner for increased agility. Recommendations included running parallel deployments during migration and using professional services.

1. JOHN ECCLESHARE
HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365
INSIDE SECOPS AT BET365: THE
PLAYBOOK FOR SIMPLICITY AND
ENTERPRISE SCALABILITY

2. © 2022 SPLUNK INC.
Today’s Speakers
Strategic Advisor
Splunk
Kirsty Paine
Head of Information Security and Compliance
bet365
John Eccleshare

3. © 2022 SPLUNK INC.
Our fundamental belief
Security is a data problem
An incident is
an incident
All data
is security
relevant

4. © 2022 SPLUNK INC.
The Data-Centric Modern SOC
Threat Detection, Investigation and Response
Data Platform
Intelligence Management
Threat Research
Analytics
Automation and Orchestration
Detect/Correlate
Predict/Prevent
Discover/Prepare
Analyze/Investigate
Report/Comply
Triage/Respond
Unparalleled
Ecosystem
• Apps
• Technical architectures
• Connections
• Partners
• Community

5. © 2022 SPLUNK INC.
Splunk Threat Detection, Investigation
and Response Solution
The tools you need to build a modern, data-centric SOC
Splunk Platform
Threat Intelligence Management
Splunk Threat Research / SURGe
Splunk Enterprise Security
Splunk SOAR
Splunkbase
• 2,700+ integrations
Detect/Correlate
Predict/Prevent
Discover/Prepare
Analyze/Investigate
Report/Comply
Triage/Respond

6. © 2022 SPLUNK INC.
Splunk #1 Worldwide by Revenue in 2021
for SIEM
• Splunk is the SIEM market share leader for 2021
capturing 30% of the global market
• The Security market grew 23% YoY to $61B in
2021. SIEM market is now $4.1B growing 20% in
2021
• *Others = Vendors beyond the top 8 vendors in
this space
Chart created by Splunk based on Gartner research.
Source: Gartner, Inc., Market Share: All Software Markets, Worldwide 2021; Neha Gupta; April 12,
2022.
Splunk
IBM
Microsoft
LogRhythm
Micro Focus
Exabeam
RSA
Securonix
Other
30%
17%
11%
5%
5%
4%
4%
3%
21%
Total Market
$4.1B
+20%

7. JOHN ECCLESHARE
HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365
INSIDE SECOPS AT BET365: THE
PLAYBOOK FOR SIMPLICITY AND
ENTERPRISE SCALABILITY

8. bet365
World's Largest
sports betting company
Largest Employer
private sector in Stoke on Trent
Business centres based in Stoke, Manchester,
Malta and Gibraltar
150+
Countries
6000+
Employees world wide
1500+
Employees in IT

9. Standards our SecOps team follows
Industry Standard
Principles
Open Web Application
Security Project
(OWASP) (NIST)
National Institute of
Standards and
Technology
ISO27001
PCI-DSS

10. Our SIEM
3 TB
Data volume processed per day
14,000+
Source systems
Splunk Cloud 400+
Users in Splunk
SecOps 500+
Dashboards
164
Different data sources
Enterprise
Security
210+
correlations maintained
250+
Searches per minute
270+
Terabytes of historical logs
24
different teams utilizing Splunk

11. Symptoms that you need to mature / modernise your
SecOps environment
We were too
reactive regarding
SecOps
improvements
Recruitment was
becoming number
one priority just to
keep up with the
business
Infrastructure
growth in
demands were
significant
More complex
correlations & more
data
Governance/guard rails
put in place

12. Scale and Resilience
● Cloud architecture is designed to offer
resilience and to remove the burden from on-
prem DCs / Resource & Infrastructure
● We gained a highly resilient posture almost
overnight
● We couldn't scale quickly enough to
facilitate all business uses cases
● Had to consider our on-prem architecture for
each use case and more often than not,
undertake a re-design (This took time!)
● Moved business engagement into
DevOps with a full end-to-end delivery
life cycle (DLC)
● Day-to-day operation also moved to
DevOps
● Better alignment with the day-to-day
responsibilities and deliverables within
our wider Dev community

13. Migrating Splunk to Cloud
From 1 Day
To Minutes
Backup & Restore
50% less
Internal Network
Traffic
25% more
Security Use
Cases Deployed
4 FTEs
Freed up as a
result of the Splunk
Cloud migration
The Benefits
• Increased performance
• No more Hardware refresh and scaling anymore
• Enhanced our Security Capabilities
• Upgrades / Enhancements / Patching - Happens with little or no involvement from
us. No need for downtime or extra resource to facilitate.

14. • Quicker to respond to the Executive team with
MI/KPIs
• More proactive in terms of threat analysis and
mitigations
• Data has become a lot cleaner and not as noisy
• Regulatory requirements can be scoped and delivered
with more efficiency and effectiveness
100+/- password resets each Monday morning
(random simple ad-hoc KPI needed, and turned over in less than 20 minutes)
Senior Stakeholder Management

15. Lessons learnt
● With a migration of this scale and magnitude, we took some things for granted
○ We needed to spend more time with the wider business to fully understand
their use case(s)
○ We were pretty naive to their non-functional requirements
● SecOps isn't just about Security – consider all aspects of the business
● We should’ve done this sooner…

16. Recommendations
● Don’t be afraid to ‘double-up’
○ Run in parallel with your on-prem solution until you’re
comfortable everything is as it should be
● Fully research which cloud provider you choose for your
SaaS if you can…
○ Different providers have different roadmaps, choose
one that suits your business / requirements
● Professional Services (PS) is a must
○ Don’t think you can do this alone…

17. Thank you