We just raised a $30M Series A: Read our story
Art Faccio
Director Cyber Threat Intelligence at IGT
Featured Review
Real User
Top 5
Makes it easy to see all our network, endpoint, and cloud on one dashboard, instead of having to jump from system to system

Pros and Cons

  • "The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
  • "Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."

What is our primary use case?

We use it for monitoring our core set of network devices, our key systems. We're collecting all the log traffic and using it as a platform to correlate and set up alerts to monitor, and looking for any suspicious behavior.

How has it helped my organization?

One of our early use cases is for compliance and we've set up dashboards that pull in the logs that we need. We have formatted it the way we need it to look and when we meet with internal audit we just show them the dashboard and they have all the information that they need. That's one of the early wins that we've had with it.

When it comes to network, endpoint, and cloud visibility, Devo makes it easy to see all of that. It's all on one dashboard, it's all visible. Instead of having to jump from system to system to system, we can see all of our web traffic and we can see endpoint stats, and whether we need to investigate anything. It's very useful. It definitely raises the level of confidence when we need to take action, compared to our last tool. When a forensic investigation moves forward and we have to do a deeper dive, all that data is there. And the integration team that we're working at Devo is very good at tuning it and showing us what we need. They show us how to extract the relevant pieces and not worry about the less relevant pieces of information.

The solution has saved us time, although we're still in the learning stage. We've only had it in place for three months. I would venture that it's probably saving a few hours a week per analyst, but I expect that to grow as we get better at using it.

What is most valuable?

It's very intuitive. The interface is extremely useful. You can perform many functions from one page. In other tools that we looked at, you'd have to toggle back and forth between screens and you'd have to exit one menu and copy and paste things into another section. With Devo you can do everything using drop-downs. It's very user-friendly when creating queries and dynamic lists. You can modify the interface to look the way you want with columns and sorting. It's very well thought out.

It provides high-speed search capabilities and near real-time analytics. These things are extremely important. 

It's also very easy to pull data into it from various log sources, even if they're custom homegrown apps. The parsers are also very easy to use.

What needs improvement?

If all of the connectors for the third-parties were there, it would be a solid 10. Everything else about it is right there. It's a newer product, so we knew going in that there would be some growing pains and that some things might not be available because not all third-parties would be included.

For how long have I used the solution?

I've been using Devo for about three months.

What do I think about the stability of the solution?

So far, it's been rock-solid. There have been no issues at all.

What do I think about the scalability of the solution?

It should be able to grow as we need it to. It is a SaaS solution, so if we need more data we just purchase more bandwidth.

The size of our environment is about 14,000 users, globally, and about 20,000 endpoints.

How are customer service and technical support?

We haven't had to use their technical support yet. We've only been working with the integration team.

They've been great through the deployment. Obviously, there are going to be little bumps in the road and their team has been very helpful. I've worked with other integration teams that wouldn't even look at the possibility of an issue being at their end until you exhaustively proved that it wasn't at your end. Devo, on the other hand, was very willing to help. They would jump on a call, review the config with us and look through it. They're very willing to spend time and investigate with you; not just push it back on you to double-check everything. They have also pulled in other resources. If the integration engineer didn't know an answer, he would very quickly, usually on the same call or later that day, get another engineer on the phone who was knowledgeable, and we would work through the issue. They're very responsive and it's a very good customer experience. Customer service is very important to them.

Their willingness to go the extra mile and just jump on a call anytime, without having to schedule a call, is an example of where they have exceeded expectations. The project lead would just jump on a call and answer questions anytime.

How was the initial setup?

It was fairly easy to deploy. We had a good deal of on-premises devices where we installed a relay that forwards the log information to the cloud. We also use a large number of SaaS tools. With those it was just a matter of an API connector. Things went very smoothly.

Getting logged in to it and getting logs identified took a week and a half to two weeks.

There were three members of my team involved. One was more focused on getting the collector built and connected, and getting all of our internal log sources forwarding to that. I had two other engineers working on the deployment side, working on rules and carving out the data to send it to specific buckets. Those three are also the ones who take care of maintenance of the solution. We're still in the early stages so we're tweaking things and constantly modifying and figuring out our internal processes.

What about the implementation team?

We used Devo's integration professional services. They worked alongside with my team and they have been excellent.

What was our ROI?

So far we've seen ROI from the fact that when the auditor comes in quarterly and looks at it, as happened the other day, they are extremely impressed. The return value is going to be there. It's already starting, where we're creating custom dashboards for various groups to look at their own data. We don't have to provide reports anymore. We just give them the data and they can log in and look at whatever they want in real time.

It's going to be huge as we move further down the road and we learn to better utilize the tool. We have some big plans for it.

What's my experience with pricing, setup cost, and licensing?

Regarding pricing they were in the ballpark with most of the others we looked at, but one of the things that put them above and beyond is the 400 days of storage. That's big. 

They're a newer company so they may have cut better deals, but they were in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more.

The fact that Devo only charges for ingestion works great for us. In some of the other solutions we looked at, depending on what you were doing with the data, extra charges were assessed. If you wanted to pull playbooks in, that was an extra charge. If you wanted to ingest certain types of logs from certain systems, that was an upcharge. In our environment and our business model, the month-to-month fluctuating charges just weren't an option, and many of the other solutions are going down that road. Devo provides good value: "Hey, here's your ingest, here's what you're licensed for, and here's what your annual bill is going to be. And if you go over that, then you true-up the next year." So it is a beneficial model for us.

Overall, with the pricing model, Devo enables us to ingest more data compared to other solutions we evaluated. We don't have to worry about being billed more if we use any additional functionality or that we may have to set a cap on the ingest for the month or the week.

Which other solutions did I evaluate?

The fact that the solution keeps 400 days of hot data to look for historical patterns was extremely important because many of the competitors kept 90 days or maybe six months. We looked at the big choices that most other companies use. And with those competitors, if you wanted the extra data, it would be put into warm or cold storage and to utilize it you'd have to pull it back in.

Another one of Devo's advantages is, as I've mentioned, the user experience. It's well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.

There are a few drawbacks to it. Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution. Most of our third-parties are working on them because it seems that Devo is making some waves in the industry and more and more people are using them. But that has been what we've had to do with three of our third-parties that didn't have a connector. Devo had to create one, and, once again, their customer service was great. They just built it for us and it worked.

When it comes to analyst threat-hunting and incident response, because there are so many options, and Devo has the ability to do many things from one screen, the workflow is a lot more organic and natural. That means you can drill down to the level you need to and pull in the data you need from one screen. You don't have to keep moving around in Devo. It's much more configurable and the options are there to pretty much dig as deep as you need, from one screen.

Overall, Devo approached things a little differently and that's why we ended up going with them.

What other advice do I have?

We did a pretty good job of this, but with hindsight it is always something that we could have done better: the planning of the project. So have a good idea of what logs you want to ingest, right out of the gate, and have the necessary internal teams ready to get you what you need. The pre-planning is the most important thing. We had the relay built and functional for getting the data from site to cloud, literally in 20 minutes. If we had been a little better organized on our end, the implementation would have taken one week instead of a week and a half to two weeks.

So the most important piece of advice in a deployment like this is to know your data. Know what you want and make sure your teams, including the IT teams that need to build the virtual machines, are ready to get the hardware in place quickly.

From my point of view, and from what my team has told me, everything is intuitive and user-friendly. From a logistics point of view, everything is well laid out and well thought out.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
JS
CEO at a tech vendor with 1,001-5,000 employees
MSP
Top 10
Decreased our MTTR with its immediate visibility, prepackage dashboards, and alerting

Pros and Cons

  • "Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
  • "There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."

What is our primary use case?

We use it for visibility and alerting in a cybersecurity security use case. 

It is a very specific deployment in the sense that it's not general. We integrated it with our own technology. We are a SaaS vendor. The way we integrated Devo was to put it into our platform as an alerting layer. Because you will be doing executables at your computer all the time, such as opening an email, a browser, or Word, all these things are tracked via telemetry. We take all that raw data for events, essentially enriching it with the classification service that we have as a unique part of our own service. So, if you're opening Word or sending an email, we enrich that with our classification, e.g., malware, then we send it to Devo. We build dashboards and alerts based on that. 

Before, you would have a tool just for cybersecurity. Now you have an impressive tool that takes no effort at all. Suddenly, because of the Devo layer, you have an intelligence tool with no extra deployment effort on the side of the customer to see visibility.

Devo is a powerful interface and platform which will ingest our data coming from an endpoint protection solution, putting it in a format and dashboard, then connecting tools where you extract them into an intelligence platform, oversight, or security. That's essentially what we do.

How has it helped my organization?

The solution manages 400 days of hot data for us, which is amazing. We just send it to the Devo platform, then it is there for our customers. It is quite a unique feature because other cybersecurity players typically have a lot of limitations. They normally offer two weeks of historic data with a pain offering of a month. We are sort of unique in the industry because we can offer a year due to Devo. When you're looking at cybersecurity breaches, you will notice that normally attackers have been in your network for more than 300 days. This is the average time that you've been breached and you didn't know, and it's actually close to what we have with Devo. A shorter period of time would be less useful to us.

Because of the module, our customers now have immediate access to telemetry in a way that they didn't have before. The way that we integrate it with a click of a button, activating the Devo module, suddenly they will have immediate access to it. Therefore, the automation and value for customers is quite impressive. 

What is most valuable?

Ease of use: Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphical interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive.

We find the solution’s Activeboards and widgets to be understandable and flexible. Before the summer, we are looking to expand the ability for people to do their own dashboards and variations off-the-shelf.

It performs well. There is a lot of telemetry in our case, and it is cybersecurity. The telemetry is integrated with a lot of data. You need to look at it in real-time because if you are under attack, then you need to see that immediately: What's going on, where it's coming from, where is the zero patient, etc. This is all the while that you're conducting threat detection. The performance is amazing.

The solution’s real-time analytics of security-related data works well for us. It's a module that we buy from the Devo platform and have as a vertical for the customization of our sessions and alerting. It's great for us to know that they will be taking care of our customers. We don't touch it and are very satisfied.

What needs improvement?

There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler. 

Lookup tables could be used to minimize the performance impact in bringing together two different sources of data together and correlating them. This could be something that they could improve, but maybe this has already been fixed.

For how long have I used the solution?

Five to six years, going back to 2014.

What do I think about the stability of the solution?

Maybe two to three times over six years we have found some issues in the system, but normally it is immediately sorted out.

We don't have to worry about how it is maintain and managed over time. That is in their hands, and it is working great.

We have a product manager who maintains the Devo modules part-time (50 percent). There are also five to seven people from our development team who ensure everything is properly integrated. Once every two years, we do a professional services project from them.

What do I think about the scalability of the solution?

We've never found any limitations or drawback included in the data to ingest, map, and integrate into the platform. There have been no issues with scalability.

From a machine data and ingestion perspective, it would be probably be something around a million devices. People actually using the platform is probably several tens of thousands because that's the number of our partners who have sold a Devo module at some point.

Devo is part of our performance, so the more we grow, the more we will need it as part of that blend of growth.

How are customer service and technical support?

The technical support is very good. Devo is a typical vendor with very capable, technical people who can get to the root cause quickly.

Which solution did I use previously and why did I switch?

We implemented Devo into our platform from scratch. McAfee and other solutions don't have this offering yet. This was a new thing in 2014 when we implemented it.

How was the initial setup?

The initial setup was quite straightforward. The deployment was a few months, then we were up and running.

The only thing we needed to do for implementation was to choose what part of the event information that we would send to Devo, who would need to map that, parse it, and put it into their platform in a way that was understood in order to give the information back to users in a way that it would make sense. For dashboards, prepackaged, and off-the-shelf cybersecurity intelligence, we needed to choose the information that we would send them. They needed to ingest it and make sense of the dashboards that we needed to show our customers. It was a relatively simple, straightforward project on both sides. We saw very huge volumes immediately.

We first launched the product in 2014, then did a major lifting in 2015. On a continuous basis, we are adding new features that Devo releases. 

What about the implementation team?

We have a big development team as we are a vendor. 

It took two people from our company a few months to deploy the solution with seven people (max) from Devo.

What was our ROI?

The solution has decreased our mean time to remediation (MTTR) because of the immediate visibility, the prepackage dashboards, and the alerting that we built. With Devo, even if you didn't have any patch solution in place, you could just click in the platform and it could tell you when, where, and what endpoints were seen by Devo in the last year. Then, you can print a list of those computers and the IT people can just go to those to upgrade the patches. In a situation like WannaCry, as long as you know what you're looking for, the fix is immediate. For example, we have one customer who had a situation where they were waiting months for remediation. With Devo, it is immediate because it is available with a report.

The way that we charge our customers is not the same way we are charged by Devo. We need to keep it under control so it makes economical sense for us to sell our model based off of Devo. That's why we don't expand in an infinite way what we send to the Devo platform. We charge on an endpoint basis per license, subscription, or input annually. That's our business model. Devo charges based on ingestion and the time you store, which can be different one month to three months to a year. Therefore, it was difficult to build a model in the beginning that would work for us. That's why we limit the amount of ingestion that we do in the customers' platforms.

The ROI been great. The fact that we could launch it in a few months instead of a couple of years, that's a return on investment. Also, when you put all the costs together, it is less to have done it than with the open source approach.

What's my experience with pricing, setup cost, and licensing?

We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom. However, we built this vertical model extending our portfolio, which is actually a Devo based model.

We have a very simple invoice every month based on ingestion and the seniority of the data stored, which I think is the standard way they charge. Then, every other year we make a charge on a specific professional services project based on our module integration, which is probably unique for us compared to a standard customer.

Which other solutions did I evaluate?

We were thinking of going with Elasticsearch or an open source solution, but it would have been one to two years of development internally.

We went with Devo which represented more of our core: scalability, stability, and ingestion. All these things are where Devo really excels. We were looking for something focused on enterprise environments.

For patching, the MTTR is immediate compared to a typical Microsoft tool. 

What other advice do I have?

Internal development is underrated. It is a good choice not to invent it all yourself. You should focus on your core business. It made sense to choose Devo to focus on the machine data issues while we focused on cybersecurity and the intelligence that we could build with the platform.

Open source is a good option in some cases, but not for us and our needs.

I would rate the solution as a nine (out of 10).

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
MU
IT manager at a tech services company with 1,001-5,000 employees
Real User
Top 10
Versatile, scalable, and has a very useful single user interface

Pros and Cons

  • "It's very, very versatile."
  • "Technical support could be better."

What is our primary use case?

We are primarily using the solution as a cloud observability platform.

Most use cases are related to service operations, not security operations. This is due to the fact that in security operations our company uses Splunk and other platforms. In this case, in my team, we are using Devo for service operations requirements. We correlate across metrics and trace on that data to understand root causes. For example, we'll look at metrics in jobs, time processes, root cause investigations where we have fails, job performance, deals, payments, et cetera. 

What is most valuable?

With Devo, you integrate and run as a fully managed service. We are very interested in the total of severability for IT and the organization all in a one user interface. With Devo, all analysis is done in a graphical user interface. That gives our analysts the confidence to investigate a problem and fix it.

For example, we can have a lot of matrices and trace data in a single user interface. We can eliminate swivel chair analysis among tools for a streamlined workflow that gives us the most direct path to the root course. 

Devo provides great structural data. Its business-rich data set means better, smarter machine learning and this leads to a smarter analysis of anomalies and a stronger predictive analysis.

Devo, unlike other vendors, doesn't charge extra for playbooks and automation. 

It's very, very versatile. 

Service Operations is a tool inside the product. It offers a constant standard with advanced machine learning. The Devo machine learning workbench also enables you to bring in your own custom-built machine learning models. This is very interesting for us.

What needs improvement?

I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the operations teams they also need analytics. They also need to report to the senior management or other teams. The reporting needs to be customized. You can build some widgets in terms of analytics and representations, however, I want to export these dashboards or these widgets in a PDF file. While you can explore everything as a PDF, it's not very complete. I am missing some customization capabilities in order to build a robust, meaningful report.

The initial setup is a little complex.

Technical support could be better.

There do seem to be quite a few bugs within the version we are using.

In the next update, I'd like it if they explain more about the Devo framework. The Devo framework is a tool inside the product. It's a prototype. It is a tool that provides to the customer a map of processes or a workflow, for example, with an HTML application with a front end. My understanding is that each component of this front attaches data with the queries. It might be customized. I'd like to generally understand this better.

I'd like to understand DevoFlow. Up to now, usage could send data to the platform, retrieve it and enrich it by generating graphs and analytics. However, it's my understanding that Flow provides users the ability to process the data in real-time by defining complex workflows as soon as data arrives in the platform so that you can make analytics in a sequence. I'd like to better understand these new capabilities.

For how long have I used the solution?

I've been working with the solution for one and a half to two years or so. 

What do I think about the stability of the solution?

At this moment I consider the solution to be stable. However, I find that I perform any little fixes throughout a project. There are bugs here and there that I do contend with. I'd prefer to have these fixed as opposed to having to install a whole new version.

What do I think about the scalability of the solution?

In the beginning, there were not more than 20 to 25 users. However, our objective remains to get 100 people on the product. We add them little by little due to the nature of our projects.

In terms of scalability, it's a product well-focused on expansion. As a SaaS, they provide you more architecture, more machines in terms of performance, et cetera. We're quite happy with its capability to expand.

How are customer service and technical support?

Technical support needs to be more direct. For example, when we submit a ticket, the support team will delegate a task to the operations team, for example, or various other teams. This muddles the transparency. We're unsure as to who is in charge of fixing the problem. I simply want an answer to my problem and I want them to fix it and tell me what is wrong. I don't need to know it was sent here, there, or there. We are not 100% satisfied with the level of service provided to us.

How was the initial setup?

The initial setup was a little bit complex, however, we had great support from the Devo team. We are using the public cloud - not on-premise. They provided us the infrastructure. The complexity was mostly around how to build the VPN securitization, the tunnel, as this tunnel was built by us, not by Devo. We, therefore, had to build a lot of technical tests of communications. This was complex.

With Devo, we have to connect by LLDP protocol. For example, Devo at the beginning shows the users as an email and a password. In our company, we needed to connect this mechanism of access to our own mechanism of the corporation. We had to deal with the protocol of connectivity of users, FSAA, for example. Sometimes this was difficult and we had to make a lot of test connections, et cetera.

There isn't too much maintenance required. Devo provides the product. I have to ensure that the mechanism of communication is stable and in continuous service. Our VPN with the tunnel is the responsibility of us while the persistence of data and the performance of searching data representation is the responsibility of Devo.

What about the implementation team?

Devo assisted us with the implementation process.

What's my experience with pricing, setup cost, and licensing?

Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side on the data ingestion. If you sign a contract, you are able to process as much as 500 gigabytes per day. With this price, you can connect 10 people, 20 people, 18 people, 80 people - it's very good. It's very efficient in terms of the cost of the license. 

Depending on if you are ingesting more than you sign up for, you have to pay more. There is potential for extra costs only in this one aspect, and not in the other services, or in other people who connect to the product. 

Devo provides you professional services. Professional services is a manner to give service to the clients in terms of consultants. Expert consultants help the customer to design the business case and can show them how to build it. This is an extra option, for people who want to take advantage of their insights.

Which other solutions did I evaluate?

I have done a lot of assessments with Devo against other products such as Elasticsearch, Kibana, Splunk, and Datadog, among others.

What other advice do I have?

We're just customers and end-users.

We are using the most recent version of the product.

We are using Devo in a public cloud with some other web service we have secured with a VPN built in the company so that it's tunnel secured.

I would rate the solution at an eight out of ten. If the solution required fewer fixes and was a bit more flexible, I would rate it higher.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Devo. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,382 professionals have used our research since 2012.
LV
Digital Security VP at a tech services company with 201-500 employees
Real User
Top 20
Scales well, good support, high-speed search capabilities, and offers good visibility

Pros and Cons

  • "In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
  • "I would like to have the ability to create more complex dashboards."

What is our primary use case?

We have several use cases for Devo. The first is related to the security center (SOC) operations, and they do the log correlation for Devo security.

We now have fraud use cases and application monitoring use cases, and we're starting to work on some use cases related to business analytics.

How has it helped my organization?

Devo provides us with high-speed search capabilities and real-time analytics, which is the most important thing for us. The reason is that when we need to analyze something, we need to have the information as fast as possible. It needs to be easy to use because if we have a security incident, or an application monitoring incident, we need to find the problem as quickly as possible, and have the ability to fix it.

It is difficult to correlate in terms of security and application monitoring but in terms of fraud, we have the ability to correlate a lot of different log sources to form a picture. This gives us the ability to reduce fraud cases by 40%.

In our environment, we retain some of our logs for 10 years. This is important for us because of regulatory requirements. We have critical information stored that is related to anti-money laundering, and the law requires us to be able to provide it quickly.

Devo provides us with more clarity when it comes to network, endpoint, and cloud visibility. We use it to ingest a lot of the related information. If you need to detect threats, you need to have the ability to find the network connections, and also the cloud-based connections that the threat actor is trying to access. This is the very reason that we are ingesting all of this information.

This solution helps us to release the full potential of our data, which is one of the most important things that we do. By creating the dashboards that work in real-time, we can see how our services are being used and we can monitor our security ecosystem.

Overall, using Devo has saved us time when compared to our previous security solutions. I estimate that it took us 10 times longer to achieve the same thing without Devo. 

What is most valuable?

What we find most valuable is the ability to create complex features in the engine, and to do real-time dashboarding. In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time.

Devo, as with almost all of the analytics products, is a product that you need to learn how to use. Fortunately, with just a short training time of perhaps four hours, you can get a lot of power with the tool. Overall, it's pretty easy to use.

What needs improvement?

I would like to have the ability to create more complex dashboards.

For how long have I used the solution?

We implemented Devo in 2016 and started using it in production in 2017.

What do I think about the stability of the solution?

Stability-wise, Devo is a good solution.

What do I think about the scalability of the solution?

Scalability is one of the most powerful features. We started with five terabytes and we are now at 30, with almost the same performance. That is pretty scalable.

We have more than 500 users. The roles are security analysts, business users, application developers, and the IT operations team.

We plan to increase our usage in the next couple of years.

How are customer service and support?

The vendor monitors the application and it is quite good. When we were last having a problem, it was solved within two hours.

Devo has a customer-first approach. They are quite open to discussing new features, and they like to be close to the customer to understand any problems that they have.

The support team has exceeded our expectations, in particular, when it came to the implementation. We originally had a four-year plan and in six months, everything was completed. The originally planned work was done, and the work for the next three and a half years was also done.

Which solution did I use previously and why did I switch?

Prior to Devo, we were using QRadar and Elastic. We switched because Devo is more powerful and the scalability is better.

With respect to analyst threat hunting and incident response, you can create a lot of complex dashboards and consequently, it is easier to perform a deep dive. It is really aligned with Splunk in terms of capabilities and usability.  Our analysis had data from different solutions to work with and they preferred to use what was coming from Devo.

How was the initial setup?

The initial setup is straightforward. It took approximately one week to deploy.

The Devo implementation team came to our building and installed everything. After that, we moved all of our information, which included creating a copy of all of the logs that we had in the other solutions. Once that was complete, we were able to start working with Devo.

Our implementation strategy was originally part of a four-year plan. However, we finished the full implementation early and the four years were reduced to six months.

What about the implementation team?

Devo professional services assisted us with the implementation.

We have two full-time people in charge of maintenance. This includes tasks like implementing new services, doing correlations, alerts, and management.

What was our ROI?

Devo allows us to ingest more data compared to other solutions, using the same infrastructure. For example, compared to Splunk using the Capacity Planning Tool, Devo can ingest almost double the information in terms of events per second.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are billed annually and per terabyte. This seems to be that the market is generally going to.

Which other solutions did I evaluate?

We created an alternative business plan that used QRadar and Elastic, and finally, we selected Devo because it was most aligned with our strategy.

Comparing the cost and value of Devo versus these other solutions, I think that it's very efficient. We're getting a lot of power for the cost, which is good.

What other advice do I have?

Devo provides multi-tenant cloud-native architecture but in our organization, I would rate it a six out of ten in terms of importance. The feature is important, although not so much for our specific use case. I don't expect that this will change in the next few years.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate