No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs Devo comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 18, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.0
Anomali offers cost-effective solutions with significant ROI, reducing manual effort and enhancing efficiency through automation and AI-driven tasks.
Sentiment score
7.0
Companies saw high ROI with Devo's scalability, data aggregation, cost savings, faster response, and improved security intelligence.
Analyst productivity has improved significantly, with hours saved because of automation and AI-driven work that Anomali performs.
Global Leadership Council at a tech company with 10,001+ employees
Anomali provides us with a very cost-effective value compared to the market, and I would rate it ten out of ten for return on investment metrics.
Solution Delivery Advisor at a tech vendor with 10,001+ employees
There is a return on investment concerning time and effort saved by 40% after implementing Anomali.
Security Consultant at Deloitte
 

Customer Service

Sentiment score
5.0
Anomali offers excellent enterprise support with quick, reliable assistance, though smaller client attention and professionalism have recently declined.
Sentiment score
6.7
Devo's team is praised for professionalism, quick responses, flexibility, and a customer-first approach despite some escalation delays.
They have strong onboarding and deployment assistance, provide a dedicated technical account manager for large customers, and engage in regular product updates and customer interaction.
Global Leadership Council at a tech company with 10,001+ employees
The technical support at Anomali is excellent.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
It doesn't seem very professional how they're handling support anymore.
Enterprise Security Architect V at FirstEnergy
I rate the customer support a nine out of ten because of their timely technical guidance and responsiveness during the deployment and troubleshooting periods.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
 

Scalability Issues

Sentiment score
8.0
Anomali offers scalable solutions by smoothly handling extensive threat data and integrating with security systems, supporting organizational growth.
Sentiment score
7.3
Devo's cloud architecture enables seamless scalability, supporting large enterprises effortlessly, with strong AWS integration ensuring robust performance.
The scalability is massive, allowing us to store millions of indicators.
Enterprise Security Architect V at FirstEnergy
I believe Anomali's scalability is good; whether it is an organization for ten people or one hundred thousand people, the job a threat intel platform has to do will be the same.
Sr. Threat Intelligence Analyst at a tech vendor with 10,001+ employees
Anomali's scalability is impressive as a mature platform capable of processing large amounts of threat intelligence and indicators of compromise data.
Global Leadership Council at a tech company with 10,001+ employees
Devo is a unified SIEM solution designed to handle growing log volumes and enterprise-scale monitoring requirements.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
 

Stability Issues

Sentiment score
8.4
Users praise Anomali's high stability and enterprise-grade reliability, noting consistent performance despite occasional platform function changes.
Sentiment score
7.3
Devo is stable and reliable, with minor issues swiftly addressed, maintaining high user satisfaction for security operations.
From a reliability perspective, Anomali consistently injects threat feeds, works on automation, performs reliable API integrations, and supports enterprise scale globally.
Global Leadership Council at a tech company with 10,001+ employees
For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
Enterprise Security Architect V at FirstEnergy
The good thing is that they have a health check page, and if any issues arise, they notify us.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
It is stable and reliable for our security operations.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
 

Room For Improvement

Anomali needs enhanced AI, simplified interfaces, better integration, consistent tagging, flexible reporting, clearer pricing, and intuitive workflows.
Devo users seek improvements in customization, integration, security, AI capabilities, usability, responsiveness, and pricing for enhanced functionality and experience.
Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Anomali's ability to correlate and integrate different Threat Intel platforms, such as Mandiant and PolySwarm, is another valuable feature, removing duplicacy and enabling the application of specific IOCs across various security controls.
Associate Consultant at a tech vendor with 1,001-5,000 employees
This is particularly evident when dealing with failed login attempts and determining true versus false positives.
Strategic Account Executive at a computer software company with 51-200 employees
UI improvements, a simplified dashboard, or an easier reporting workflow could further improve analyst productivity.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
The cost is a little higher compared to other tools such as DataDog or Elasticsearch, so they could work on reducing costs.
Senior Cloud Engineer at a tech services company with 201-500 employees
 

Setup Cost

Anomali pricing is medium to high, with contracts of one to two years, managed by senior staff in discussions.
Devo's pricing is straightforward and competitive, with per-gigabyte charges, 400-day storage, and no hidden fees.
Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side.
Associate Consultant at a tech vendor with 1,001-5,000 employees
My experience with Anomali's pricing is that it is higher compared to other open-source alternatives.
Senior Information Technology Security Consultant at Mideast Data Systems
My experience with pricing, setup cost, and licensing is that there are not many follow-ups, but once we interacted with the product team or the leadership of Anomali, they managed a lot with us, and it all paid off to reach a conclusion that we would continue with this product.
Solution Delivery Advisor at a tech vendor with 10,001+ employees
 

Valuable Features

Anomali excels in threat intelligence by efficiently automating data integration, improving response times, and reducing manual workloads.
Devo offers fast analytics, advanced query capabilities, and customizable dashboards, enhancing security workflows with seamless threat intelligence integration.
Regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Correlating IOCs with the telemetry data we are ingesting from our data sources allows us to pull monthly reports identifying how many assets and users interacted with malicious content, giving insight into whether communications failed or users accessed restricted content, providing complete visibility of the IOCs traveling throughout our environment.
Associate Consultant at a tech vendor with 1,001-5,000 employees
It aggregates intelligence from hundreds of sources, automatically de-duplicates, applies risk scoring, applies context, and reduces much manual effort.
Global Leadership Council at a tech company with 10,001+ employees
When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins.
Strategic Account Executive at a computer software company with 51-200 employees
When the analyst uses queries to search, it pulls the data quickly, in a second, which aids us greatly with the investigation.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
It utilizes 400 days of hot data, allowing queries to run very fast and yield results quicker than other tools in terms of security and SIEM capability.
Senior Cloud Engineer at a tech services company with 201-500 employees
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
10th
Average Rating
8.0
Reviews Sentiment
6.2
Number of Reviews
13
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Advanced Threat Protection (ATP) (11th), Threat Intelligence Platforms (TIP) (3rd), Extended Detection and Response (XDR) (11th)
Devo
Ranking in Security Information and Event Management (SIEM)
27th
Average Rating
8.4
Reviews Sentiment
6.6
Number of Reviews
25
Ranking in other categories
Log Management (27th), IT Operations Analytics (7th), AIOps (19th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 1.4%, up from 0.3% compared to the previous year. The mindshare of Devo is 1.2%, up from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Anomali1.4%
Devo1.2%
Other97.4%
Security Information and Event Management (SIEM)
 

Featured Reviews

TarunKumar11 - PeerSpot reviewer
Global Leadership Council at a tech company with 10,001+ employees
Strategic threat intelligence has improved detection speed and consistently reduces analyst workload
Anomali can be improved in various aspects. Its AI-driven automation can further advance, and AI-powered investigation summaries can improve. User experience could be enhanced through simplification of workflows. Better board-level cyber risk dashboards could provide easier visualization. Additionally, Anomali could work on simplifying the pricing structure. Although it excels in threat intelligence aggregation and operationalization, stronger GenAI capability, improved executive reporting, and a more intuitive workflow for analysts would further increase SOC efficiency and add more business value. Regarding Anomali's AI capabilities, governance and security are quite good. Anomali has incorporated AI and machine learning primarily to improve correlation and prioritization. These capabilities are valuable but could be more mature. The platform could achieve better threat correlation, prioritization, more anomaly detection, and allow AI to accelerate intelligence analysis while further improving quality and relevance. The accuracy and reliability of Anomali's AI output are fairly reasonable and good. The AI engine works well, but this capability could be improved. Better threat correlation with threat actors, certain indicators of compromise, malware, and campaigns is possible. Threat prioritization could increase, and alert noise could be reduced through further de-duplication. While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon.
FR
Strategic Account Executive at a computer software company with 51-200 employees
Has improved investigative workflows with interactive dashboards and simplified data correlation
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
6%
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
8%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise14
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise12
 

Questions from the Community

What is your experience regarding pricing and costs for Anomali Enterprise?
My experience with pricing involved a yearly, two-year contract; I can't specify the setup cost, but it was aligned with our budget, so I consider it good.
What needs improvement with Anomali ThreatStream?
I can mention one point regarding improvements for Anomali, which is more enhanced reporting flexibility. The reporting provided to us is not too detailed and could be more enhanced. Better filteri...
What is your primary use case for Anomali ThreatStream?
I was using Anomali primarily for threat intelligence operations, security monitoring, and threat detection initiatives. I was part of the SOC team, and my role and responsibilities involved workin...
What is your experience regarding pricing and costs for Devo?
Pricing generally depends on the scale, data ingestion requirements, and integrations for what the enterprise monitoring needs. I have not been part of the procurement process, so I am not aware of...
What needs improvement with Devo?
One improvement area for Devo could be simplifying some configuration and improving the onboarding for new analysts because it is quite complex for fresher or new analysts who are handling Devo.UI ...
What is your primary use case for Devo?
Devo serves as our centralized log monitoring, threat investigation, alert monitoring, and security analytics platform. We use it to collect logs from multiple systems so we can correlate the event...
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
No data available
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Find out what your peers are saying about Anomali vs. Devo and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.