External reviews are not included in the AWS star rating for the product.
During my time at MetaBase Q and as a partner integrator of ServiceNow, I had the chance to understand and be part of projects integrating SOCs, NOCs, and Security Operation Centers with Devo.
Mostly enterprise customers invest money in security information and event management or security orchestration, automation, and response, such as SOAR or SIEMs.
Devo integrates with QRadar, Mitre clouds, and Watson.
For complex ecosystems with Fortinet, ServiceNow, and configuration management of the database with ServiceNow, the dashboards and reports that Devo brings together with their interfaces are very effective. I don't have experience working with other tools besides Devo related to these use cases. Comparing with the SIEM of IBM, one needs great skills in interpreting data on IBM, Fortinet, or Palo Alto. Devo offers quick dashboards that are easy to understand and use.
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo.
Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability.
The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
The single pane of glass that Devo offers could be improved. The tools in Devo's active ports need enhancement in their investigative capabilities. The drill-down reports capabilities, while useful, could be more refined. This is particularly evident when dealing with failed login attempts and determining true versus false positives.
Integrations with other sandboxes could be improved to better interpret data using AI and machine learning models.
I am a Strategic Account Executive.
Positive
Compared to Fortinet, Devo is easier to use. However, when using ServiceNow, hardware asset management, and software asset management, there is an opportunity to improve on hardware asset management. They simplify the analyst's time to value, particularly in relation to hardware asset management and software asset management, which are very niche markets.
The primary model of SOAR is good. Compared to main competitors, Splunk, Microsoft Sentinel, or Elastic Security, Devo is average in pricing. It's not as expensive as Splunk, and not as inexpensive as other solutions.
Regional support in Mexico or Latin America could be improved, as currently almost all support is in English. For account management or partners of ServiceNow or IBM, they have local support, which is an area where Devo could improve.
On a scale of one to ten, I rate Devo a seven out of ten.
Devo is a SIEM replacement technology used to run security operations. It centralizes security management within a business, functioning as a core system for a SOC. This system is the central cybersecurity hub, helping manage and streamline service tickets.
One of Devo's standout features is its cloud-first architecture, which sets it apart from many traditional SIEM providers that still rely on legacy, on-premise solutions. While many companies have started shifting to the cloud, Devo offers a hybrid solid approach with full cloud deployment. This mature architecture is one of Devo's significant strengths. Unlike other providers like Fortinet and Sentinel, which handle specific security parts, Devo offers a more comprehensive, end-to-end solution, making it one of the most advanced SaaS products.
They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, when an event comes in with many tickets, the best systems excel at correlating and grouping the different instances or alerts into a single instance or ticket, providing context. Their correlation engines sometimes miss the mark, leading to false positives. They're not as strong as other vendors, like SentinelOne, regarding AI power and data or event correlation.
I have been using Devo as a partner for four years now.
Devo's stability is a strong point. As a SaaS provider, they've had no performance issues.
I rate the solution’s stability a ten out of ten.
When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product.
They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses.
I rate the solution's scalability a nine out of ten.
The community support is excellent. I rate the direct support around eight, mainly because the company is based in America and has more support infrastructure there than in Europe. In the U.S., the support level rating should be closer to ten.
Positive
The initial setup is easy. They have a lot of out-of-the-box integrations and are quite lightweight in their implementation. There are plenty of options for integration, which I would consider one of their strengths. One standout feature beyond data analytics and real-time diagnostics is something called DeepTrace. If I recall correctly, this feature involves automated threat hunting and investigation. It uses AI to expedite the investigation process, identifying attack chains and conducting root cause analysis without human intervention. Essentially, they're using AI to perform tasks typically done by analysts, automating the investigation process. When you start an investigation, their AI-driven tool provides the best guess at identifying the problem, potentially offering root cause analysis without human involvement. You can either use their suggested analysis or investigate further if needed. This DeepTrace feature is likely one of the unique selling points of their platform, making it a significant differentiator for them.
I rate the initial setup an eight out of ten, where one is difficult and ten is easy.
Compared to Splunk or SentinelOne, it is really expensive.
I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
It integrates several critical components, such as SIEM, SOAR, and UEBA, to make it a robust solution for SOCs. The platform's cloud-based architecture ensures excellent performance, scalability, and quick deployment, particularly beneficial in environments with heavy production loads or when integrating additional tools.
Devo provides near-real-time capability for threat alerts, analysis, and updates. This allows SOC teams to stay on top of security incidents as they happen. Additionally, the platform excels in visualization, providing clear and timely dashboards that help SOCs avoid missing critical incidents or failing to interpret data correctly. Its user-friendly design allows for high-level overviews and detailed drill-downs, ensuring security professionals can quickly grasp the situation and act.
They push AI as their differentiation, calling it a next-gen SIEM. It offers a more inclusive platform that delivers end-to-end security for the entire customer. Using some weighting system, they use AI to drive down false positive rates by determining whether something is a real threat. They have an AI-powered system that assesses if an issue is real, though the specifics of how it works are difficult to explain. This includes machine learning and algorithms designed to identify complex issues, with some of that learning built into the tool. However, this is pretty standard for most SIM platforms today. The biggest challenge for SIEMs has been to make the information they present smarter and more context-heavy. This is not a differentiation but rather being on par with other AI-driven platforms that aim to reduce false positives and minimize manual checks.
I 100% recommend the solution. It can help most medium to large enterprises develop their IT capabilities to advance quickly. However, if you're already at the top of your field and willing to invest heavily, some pedigree products might offer a ten out of ten experience, but that would be due to the higher cost and specialized features.
Overall, I rate the solution an eight out of ten.
During the pandemic, small and medium companies didn't buy big servers. Latin American countries only used Devo in industries, maybe banks or security government projects. We create server appliances, such as servers plus switches.
I am a sales and technical support engineer, and Devo has a really good website for creating custom configurations. I can easily create a customized server with their website, so it's a great product for sales engineers.
The price is one problem with Devo. Huawei, Lenovo, and Gigabyte are all cheaper than Devo. I rate Devo's price an eight out of ten because it is expensive.
I've used Devo since the start of the pandemic about three years ago.
We have had some issues, but everything was fine after we updated the firmware. We need to update it every six months. The solution's stability is good otherwise. I have also had issues with the power supply, but I found the problem was with the integrator because they installed it with no UPS at the beginning of the project.
There's not a high level needed to scale the solution. We have great management software that allows you to manage and get alerts on events that could create a problem in the future.
I like their technical support. They respond in one business day, and they are always available. I always do the first level of technical support, but if I need to solve something quickly, and if the problem is hardware, Devo might send, for example, a power supply or a technician to change something.
Positive
We have two options with the initial setup. One is we buy the chassis from the OEM and customize the server. I prefer the OEM server because we have a customized image-focused VLAN, so it is easier for the integrator or customer to set it up. You just need to open the box, turn the server on, and they are ready to install the DNS software.
We have another option where we resell only the Devo server. We are just starting to do this, and it is not easy to assemble because we need a lot of skill.
The time taken to deploy Devo depends. If the final customer has everything done, or if everything is correctly installed, the rack, the air conditioner, or the UPS, it takes two to three hours at most to customize the server and the network card. We need two or three people for labor when the integrator installs the server. We need just one person to configure the server.
We sometimes choose integrators to set up the solution. I have training on the solution and sometimes help customers deploy Devo.
We considered other products because Devo is expensive. Huawei and Lenovo are cheaper, and they say there are no complaints or issues.
I rate Devo a nine out of ten.
The most valuable feature of the solution is the log retention time. The dashboarding, what Devo calls Activeboards, is a very useful feature enabling rendering a range of insights from data and related detections. Devo enables collaborative working across security teams within the platform.
Devo continues to invest in their analytic capability and the platform's durability. Regarding the service management side, Devo are maturing their service management, ensuring they are absolutely on it when they have service incidents or problems with the service. I think the tool offers a great and promising future because the platform's fundamentals are good.
In general, over time Devo should look to provide more customization options and support wraps.
We have been using Devo for two years. We use the solution's latest version.
The solution is stable, there have been rare instances where Devo has lost some accessibility and other issues, which they resolved rapidly. Devo are improving on their service management side to ensure fast recovery from issues. High stability in a cloud native platform is key.
Scalability is one of Devo's strengths. Its ability to scale is good, and for a customer, the scalability works out of the box, they can accommodate all customers from small and up to enterprise-sized customers.
Customer service management is prompt and improving enabling faster recovery from issues.
Neutral
The setup phase required technical input and that increases with the scale of the project, but Devo are willing to assist.
The solution is deployed in Devo’s cloud. It is possible to get Devo on-premises, but that is not the main offering.
Deploying Devo you can get the right security outcomes within a few weeks to a month. Its heavily dependent on the scope of the solution.
Devo is taking on the market leaders, and their pricing is commensurate with that strategy.
Core and additional features Devo provide guidance around and help in making value-based pricing discussions.
It is important with any SIEM deployment cloud-based or otherwise to have an experienced implementation team. The implementation team should be prepared to engage closely with the SIEM vendor to get the best from the scope of the deployment.
Overall, I rate the product an eight out of ten.