"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"It's very, very versatile."
"The solution offers very good monitoring."
"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
"There are many features that are good for clients who are looking for a good SIEM solution. They like the ease of creating a business that is effective and impressive."
"ArcSight gives us better visibility into threats that were unknown earlier."
"The filters and the ability to do what you want are the most valuable features. There is nothing that you cannot do in this solution. It has all the features, which makes it very dynamic."
"The solution is pretty stable."
"Stable solution with good customer service support."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"The ability to ingest different log types from many different products in our environment is most valuable."
"It's basically one of the best SIEM products on the market."
"Its compatibility with other SIEMS is very useful."
"The scalability is good."
"The most valuable features are how stable and easy to use Splunk is."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"I would like to have the ability to create more complex dashboards."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"Could benefit from a more modern interface."
"Currently lacks SOAR feature."
"The customer experience could be improved."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"I would like to have a feature that gives us an entire report listing what devices are integrated."
"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"Deployment is not difficult but the lock sources and configurations can take time."
"The product is relatively expensive."
"If you monitor too much, you can lose performance on your systems."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"The implementation and the scanning of the logs can be difficult."
"The documentation is in definite need of improvement."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
ArcSight is Micro Focus' leading Security Information and Event Management (SIEM) solution. ArcSight helps businesses protect their data through compliance solutions and security analytics.
There are a number of different products and solutions in the ArcSight family so you are able to pick and choose those that are best suited to your business requirements.
With ArcSight, IT can:
Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.
Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
ArcSight Enterprise Security Manager (ESM) is ranked 9th in Security Information and Event Management (SIEM) with 17 reviews while Splunk is ranked 1st in Security Information and Event Management (SIEM) with 54 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.6, while Splunk is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "A mature and simple to use product, but needs a cloud deployment option". On the other hand, the top reviewer of Splunk writes "Very versatile for many use cases". ArcSight Enterprise Security Manager (ESM) is most compared with IBM QRadar, McAfee ESM, LogRhythm NextGen SIEM, RSA NetWitness Logs and Packets (RSA SIEM) and NetIQ Sentinel, whereas Splunk is most compared with Dynatrace, Datadog, IBM QRadar, ELK Logstash and Fortinet FortiAnalyzer. See our ArcSight Enterprise Security Manager (ESM) vs. Splunk report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.