SlideShare a Scribd company logo

Inside SecOps at bet365

Download as PPTX, PDF
Splunk
Splunk

John Eccleshare, Head of Compliance and Information Security at bet365, discusses bet365's migration of their Splunk deployment to Splunk Cloud. Some key points: - bet365 processed 3 TB of data per day in their on-prem Splunk deployment but scaling it for new use cases was challenging. - Migrating to Splunk Cloud improved performance, enhanced security capabilities, and freed up 4 FTEs by reducing maintenance and upgrade work. - Lessons learned included needing more business input on requirements and migrating sooner for increased agility. Recommendations included running parallel deployments during migration and using professional services.

Technology
1 of 17
JOHN ECCLESHARE HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365 INSIDE SECOPS AT BET365: THE PLAYBOOK FOR SIMPLICITY AND ENTERPRISE SCALABILITY
© 2022 SPLUNK INC. Today’s Speakers Strategic Advisor Splunk Kirsty Paine Head of Information Security and Compliance bet365 John Eccleshare
© 2022 SPLUNK INC. Our fundamental belief Security is a data problem An incident is an incident All data is security relevant
© 2022 SPLUNK INC. The Data-Centric Modern SOC Threat Detection, Investigation and Response Data Platform Intelligence Management Threat Research Analytics Automation and Orchestration Detect/Correlate Predict/Prevent Discover/Prepare Analyze/Investigate Report/Comply Triage/Respond Unparalleled Ecosystem • Apps • Technical architectures • Connections • Partners • Community
© 2022 SPLUNK INC. Splunk Threat Detection, Investigation and Response Solution The tools you need to build a modern, data-centric SOC Splunk Platform Threat Intelligence Management Splunk Threat Research / SURGe Splunk Enterprise Security Splunk SOAR Splunkbase • 2,700+ integrations Detect/Correlate Predict/Prevent Discover/Prepare Analyze/Investigate Report/Comply Triage/Respond
© 2022 SPLUNK INC. Splunk #1 Worldwide by Revenue in 2021 for SIEM • Splunk is the SIEM market share leader for 2021 capturing 30% of the global market • The Security market grew 23% YoY to $61B in 2021. SIEM market is now $4.1B growing 20% in 2021 • *Others = Vendors beyond the top 8 vendors in this space Chart created by Splunk based on Gartner research. Source: Gartner, Inc., Market Share: All Software Markets, Worldwide 2021; Neha Gupta; April 12, 2022. Splunk IBM Microsoft LogRhythm Micro Focus Exabeam RSA Securonix Other 30% 17% 11% 5% 5% 4% 4% 3% 21% Total Market $4.1B +20%
JOHN ECCLESHARE HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365 INSIDE SECOPS AT BET365: THE PLAYBOOK FOR SIMPLICITY AND ENTERPRISE SCALABILITY
bet365 World's Largest sports betting company Largest Employer private sector in Stoke on Trent Business centres based in Stoke, Manchester, Malta and Gibraltar 150+ Countries 6000+ Employees world wide 1500+ Employees in IT
Standards our SecOps team follows Industry Standard Principles Open Web Application Security Project (OWASP) (NIST) National Institute of Standards and Technology ISO27001 PCI-DSS
Our SIEM 3 TB Data volume processed per day 14,000+ Source systems Splunk Cloud 400+ Users in Splunk SecOps 500+ Dashboards 164 Different data sources Enterprise Security 210+ correlations maintained 250+ Searches per minute 270+ Terabytes of historical logs 24 different teams utilizing Splunk
Symptoms that you need to mature / modernise your SecOps environment We were too reactive regarding SecOps improvements Recruitment was becoming number one priority just to keep up with the business Infrastructure growth in demands were significant More complex correlations & more data Governance/guard rails put in place
Scale and Resilience ● Cloud architecture is designed to offer resilience and to remove the burden from on- prem DCs / Resource & Infrastructure ● We gained a highly resilient posture almost overnight ● We couldn't scale quickly enough to facilitate all business uses cases ● Had to consider our on-prem architecture for each use case and more often than not, undertake a re-design (This took time!) ● Moved business engagement into DevOps with a full end-to-end delivery life cycle (DLC) ● Day-to-day operation also moved to DevOps ● Better alignment with the day-to-day responsibilities and deliverables within our wider Dev community
Migrating Splunk to Cloud From 1 Day To Minutes Backup & Restore 50% less Internal Network Traffic 25% more Security Use Cases Deployed 4 FTEs Freed up as a result of the Splunk Cloud migration The Benefits • Increased performance • No more Hardware refresh and scaling anymore • Enhanced our Security Capabilities • Upgrades / Enhancements / Patching - Happens with little or no involvement from us. No need for downtime or extra resource to facilitate.
• Quicker to respond to the Executive team with MI/KPIs • More proactive in terms of threat analysis and mitigations • Data has become a lot cleaner and not as noisy • Regulatory requirements can be scoped and delivered with more efficiency and effectiveness 100+/- password resets each Monday morning (random simple ad-hoc KPI needed, and turned over in less than 20 minutes) Senior Stakeholder Management
Lessons learnt ● With a migration of this scale and magnitude, we took some things for granted ○ We needed to spend more time with the wider business to fully understand their use case(s) ○ We were pretty naive to their non-functional requirements ● SecOps isn't just about Security – consider all aspects of the business ● We should’ve done this sooner…
Recommendations ● Don’t be afraid to ‘double-up’ ○ Run in parallel with your on-prem solution until you’re comfortable everything is as it should be ● Fully research which cloud provider you choose for your SaaS if you can… ○ Different providers have different roadmaps, choose one that suits your business / requirements ● Professional Services (PS) is a must ○ Don’t think you can do this alone…
Thank you

Recommended

IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Splunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at Airbus
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
Session Sponsored by Splunk: Splunk for the Cloud, in the Cloud
Session Sponsored by Splunk: Splunk for the Cloud, in the CloudSession Sponsored by Splunk: Splunk for the Cloud, in the Cloud
Session Sponsored by Splunk: Splunk for the Cloud, in the Cloud
Amazon Web Services
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
Kamal Mouline
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
 
Splunk Enterprise Security
Splunk Enterprise Security Splunk Enterprise Security
Splunk Enterprise Security
Md Mofijul Haque
 

Recommended

IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Splunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at Airbus
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
Session Sponsored by Splunk: Splunk for the Cloud, in the Cloud
Session Sponsored by Splunk: Splunk for the Cloud, in the CloudSession Sponsored by Splunk: Splunk for the Cloud, in the Cloud
Session Sponsored by Splunk: Splunk for the Cloud, in the Cloud
Amazon Web Services
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
Kamal Mouline
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
 
Splunk Enterprise Security
Splunk Enterprise Security Splunk Enterprise Security
Splunk Enterprise Security
Md Mofijul Haque
 
Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
Ismaeel Enjreny
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
HostedbyConfluent
 
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
Splunk
 
How to justify the economic value of your data investment
How to justify the economic value of your data investmentHow to justify the economic value of your data investment
How to justify the economic value of your data investment
Splunk
 
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays
 
One agent, one click, and the future of data ingest with Elastic
One agent, one click, and the future of data ingest with ElasticOne agent, one click, and the future of data ingest with Elastic
One agent, one click, and the future of data ingest with Elastic
Elasticsearch
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
Camilo Fandiño Gómez
 
Gathering Operational Intelligence in Complex Environments at Splunk
Gathering Operational Intelligence in Complex Environments at SplunkGathering Operational Intelligence in Complex Environments at Splunk
Gathering Operational Intelligence in Complex Environments at Splunk
MuleSoft
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
Shift left Observability
Shift left ObservabilityShift left Observability
Shift left Observability
Eric D. Schabell
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 

More Related Content

What's hot

George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
 
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
HostedbyConfluent
 
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays
 
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays
 
Shift left Observability
Shift left ObservabilityShift left Observability
Shift left Observability
Eric D. Schabell
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 

What's hot (20)

Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
Apache Kafka With Spark Structured Streaming With Emma Liu, Nitin Saksena, Ra...
 
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...apidays Paris 2022 - Adding a mock as a service capability to your API strate...
apidays Paris 2022 - Adding a mock as a service capability to your API strate...
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
 
How to justify the economic value of your data investment
How to justify the economic value of your data investmentHow to justify the economic value of your data investment
How to justify the economic value of your data investment
 
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
apidays Paris 2022 - Agile API delivery with Feature Toggles, Rafik Ferroukh,...
 
One agent, one click, and the future of data ingest with Elastic
One agent, one click, and the future of data ingest with ElasticOne agent, one click, and the future of data ingest with Elastic
One agent, one click, and the future of data ingest with Elastic
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
Gathering Operational Intelligence in Complex Environments at Splunk
Gathering Operational Intelligence in Complex Environments at SplunkGathering Operational Intelligence in Complex Environments at Splunk
Gathering Operational Intelligence in Complex Environments at Splunk
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
Shift left Observability
Shift left ObservabilityShift left Observability
Shift left Observability
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Similar to Inside SecOps at bet365

SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.E
Nuvollo
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.E
Nuvollo
 
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Precisely
 

Similar to Inside SecOps at bet365 (20)

Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
 
SplunkLive! Paris 2018: Legacy SIEM to Splunk
SplunkLive! Paris 2018: Legacy SIEM to SplunkSplunkLive! Paris 2018: Legacy SIEM to Splunk
SplunkLive! Paris 2018: Legacy SIEM to Splunk
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS)
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Meeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.EMeeting Nuvollo - La passerelle-I.D.E
Meeting Nuvollo - La passerelle-I.D.E
 
Nuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.ENuvollo and La passerelle-I.D.E
Nuvollo and La passerelle-I.D.E
 
SplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT BreakoutSplunkLive! London - Splunk App for Stream & MINT Breakout
SplunkLive! London - Splunk App for Stream & MINT Breakout
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Best of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsBest of .conf22 Session Recommendations
Best of .conf22 Session Recommendations
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Inside SecOps at bet365

  • 1. JOHN ECCLESHARE HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365 INSIDE SECOPS AT BET365: THE PLAYBOOK FOR SIMPLICITY AND ENTERPRISE SCALABILITY
  • 2. © 2022 SPLUNK INC. Today’s Speakers Strategic Advisor Splunk Kirsty Paine Head of Information Security and Compliance bet365 John Eccleshare
  • 3. © 2022 SPLUNK INC. Our fundamental belief Security is a data problem An incident is an incident All data is security relevant
  • 4. © 2022 SPLUNK INC. The Data-Centric Modern SOC Threat Detection, Investigation and Response Data Platform Intelligence Management Threat Research Analytics Automation and Orchestration Detect/Correlate Predict/Prevent Discover/Prepare Analyze/Investigate Report/Comply Triage/Respond Unparalleled Ecosystem • Apps • Technical architectures • Connections • Partners • Community
  • 5. © 2022 SPLUNK INC. Splunk Threat Detection, Investigation and Response Solution The tools you need to build a modern, data-centric SOC Splunk Platform Threat Intelligence Management Splunk Threat Research / SURGe Splunk Enterprise Security Splunk SOAR Splunkbase • 2,700+ integrations Detect/Correlate Predict/Prevent Discover/Prepare Analyze/Investigate Report/Comply Triage/Respond
  • 6. © 2022 SPLUNK INC. Splunk #1 Worldwide by Revenue in 2021 for SIEM • Splunk is the SIEM market share leader for 2021 capturing 30% of the global market • The Security market grew 23% YoY to $61B in 2021. SIEM market is now $4.1B growing 20% in 2021 • *Others = Vendors beyond the top 8 vendors in this space Chart created by Splunk based on Gartner research. Source: Gartner, Inc., Market Share: All Software Markets, Worldwide 2021; Neha Gupta; April 12, 2022. Splunk IBM Microsoft LogRhythm Micro Focus Exabeam RSA Securonix Other 30% 17% 11% 5% 5% 4% 4% 3% 21% Total Market $4.1B +20%
  • 7. JOHN ECCLESHARE HEAD OF COMPLIANCE AND INFORMATION SECURITY, BET365 INSIDE SECOPS AT BET365: THE PLAYBOOK FOR SIMPLICITY AND ENTERPRISE SCALABILITY
  • 8. bet365 World's Largest sports betting company Largest Employer private sector in Stoke on Trent Business centres based in Stoke, Manchester, Malta and Gibraltar 150+ Countries 6000+ Employees world wide 1500+ Employees in IT
  • 9. Standards our SecOps team follows Industry Standard Principles Open Web Application Security Project (OWASP) (NIST) National Institute of Standards and Technology ISO27001 PCI-DSS
  • 10. Our SIEM 3 TB Data volume processed per day 14,000+ Source systems Splunk Cloud 400+ Users in Splunk SecOps 500+ Dashboards 164 Different data sources Enterprise Security 210+ correlations maintained 250+ Searches per minute 270+ Terabytes of historical logs 24 different teams utilizing Splunk
  • 11. Symptoms that you need to mature / modernise your SecOps environment We were too reactive regarding SecOps improvements Recruitment was becoming number one priority just to keep up with the business Infrastructure growth in demands were significant More complex correlations & more data Governance/guard rails put in place
  • 12. Scale and Resilience ● Cloud architecture is designed to offer resilience and to remove the burden from on- prem DCs / Resource & Infrastructure ● We gained a highly resilient posture almost overnight ● We couldn't scale quickly enough to facilitate all business uses cases ● Had to consider our on-prem architecture for each use case and more often than not, undertake a re-design (This took time!) ● Moved business engagement into DevOps with a full end-to-end delivery life cycle (DLC) ● Day-to-day operation also moved to DevOps ● Better alignment with the day-to-day responsibilities and deliverables within our wider Dev community
  • 13. Migrating Splunk to Cloud From 1 Day To Minutes Backup & Restore 50% less Internal Network Traffic 25% more Security Use Cases Deployed 4 FTEs Freed up as a result of the Splunk Cloud migration The Benefits • Increased performance • No more Hardware refresh and scaling anymore • Enhanced our Security Capabilities • Upgrades / Enhancements / Patching - Happens with little or no involvement from us. No need for downtime or extra resource to facilitate.
  • 14. • Quicker to respond to the Executive team with MI/KPIs • More proactive in terms of threat analysis and mitigations • Data has become a lot cleaner and not as noisy • Regulatory requirements can be scoped and delivered with more efficiency and effectiveness 100+/- password resets each Monday morning (random simple ad-hoc KPI needed, and turned over in less than 20 minutes) Senior Stakeholder Management
  • 15. Lessons learnt ● With a migration of this scale and magnitude, we took some things for granted ○ We needed to spend more time with the wider business to fully understand their use case(s) ○ We were pretty naive to their non-functional requirements ● SecOps isn't just about Security – consider all aspects of the business ● We should’ve done this sooner…
  • 16. Recommendations ● Don’t be afraid to ‘double-up’ ○ Run in parallel with your on-prem solution until you’re comfortable everything is as it should be ● Fully research which cloud provider you choose for your SaaS if you can… ○ Different providers have different roadmaps, choose one that suits your business / requirements ● Professional Services (PS) is a must ○ Don’t think you can do this alone…