John Eccleshare, Head of Compliance and Information Security at bet365, discusses bet365's migration of their Splunk deployment to Splunk Cloud. Some key points:
- bet365 processed 3 TB of data per day in their on-prem Splunk deployment but scaling it for new use cases was challenging.
- Migrating to Splunk Cloud improved performance, enhanced security capabilities, and freed up 4 FTEs by reducing maintenance and upgrade work.
- Lessons learned included needing more business input on requirements and migrating sooner for increased agility. Recommendations included running parallel deployments during migration and using professional services.
7. JOHN ECCLESHARE
HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365
INSIDE SECOPS AT BET365: THE
PLAYBOOK FOR SIMPLICITY AND
ENTERPRISE SCALABILITY
8. bet365
World's Largest
sports betting company
Largest Employer
private sector in Stoke on Trent
Business centres based in Stoke, Manchester,
Malta and Gibraltar
150+
Countries
6000+
Employees world wide
1500+
Employees in IT
9. Standards our SecOps team follows
Industry Standard
Principles
Open Web Application
Security Project
(OWASP) (NIST)
National Institute of
Standards and
Technology
ISO27001
PCI-DSS
10. Our SIEM
3 TB
Data volume processed per day
14,000+
Source systems
Splunk Cloud 400+
Users in Splunk
SecOps 500+
Dashboards
164
Different data sources
Enterprise
Security
210+
correlations maintained
250+
Searches per minute
270+
Terabytes of historical logs
24
different teams utilizing Splunk
11. Symptoms that you need to mature / modernise your
SecOps environment
We were too
reactive regarding
SecOps
improvements
Recruitment was
becoming number
one priority just to
keep up with the
business
Infrastructure
growth in
demands were
significant
More complex
correlations & more
data
Governance/guard rails
put in place
12. Scale and Resilience
● Cloud architecture is designed to offer
resilience and to remove the burden from on-
prem DCs / Resource & Infrastructure
● We gained a highly resilient posture almost
overnight
● We couldn't scale quickly enough to
facilitate all business uses cases
● Had to consider our on-prem architecture for
each use case and more often than not,
undertake a re-design (This took time!)
● Moved business engagement into
DevOps with a full end-to-end delivery
life cycle (DLC)
● Day-to-day operation also moved to
DevOps
● Better alignment with the day-to-day
responsibilities and deliverables within
our wider Dev community
13. Migrating Splunk to Cloud
From 1 Day
To Minutes
Backup & Restore
50% less
Internal Network
Traffic
25% more
Security Use
Cases Deployed
4 FTEs
Freed up as a
result of the Splunk
Cloud migration
The Benefits
• Increased performance
• No more Hardware refresh and scaling anymore
• Enhanced our Security Capabilities
• Upgrades / Enhancements / Patching - Happens with little or no involvement from
us. No need for downtime or extra resource to facilitate.
14. • Quicker to respond to the Executive team with
MI/KPIs
• More proactive in terms of threat analysis and
mitigations
• Data has become a lot cleaner and not as noisy
• Regulatory requirements can be scoped and delivered
with more efficiency and effectiveness
100+/- password resets each Monday morning
(random simple ad-hoc KPI needed, and turned over in less than 20 minutes)
Senior Stakeholder Management
15. Lessons learnt
● With a migration of this scale and magnitude, we took some things for granted
○ We needed to spend more time with the wider business to fully understand
their use case(s)
○ We were pretty naive to their non-functional requirements
● SecOps isn't just about Security – consider all aspects of the business
● We should’ve done this sooner…
16. Recommendations
● Don’t be afraid to ‘double-up’
○ Run in parallel with your on-prem solution until you’re
comfortable everything is as it should be
● Fully research which cloud provider you choose for your
SaaS if you can…
○ Different providers have different roadmaps, choose
one that suits your business / requirements
● Professional Services (PS) is a must
○ Don’t think you can do this alone…