ArcSight Enterprise Security Manager (ESM) vs Devo comparison

ArcSight Enterprise Securit...

Read 22 Devo reviews

2,008 Views
839 Comparison Views

95% willing to recommend

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

ArcSight Enterprise Security Manager (ESM) and Devo are two competing products in the realm of security management. User reviews indicate that Devo has an edge over ArcSight ESM due to its advanced features and user satisfaction despite ESM's competitive pricing and support.

Features: ArcSight ESM's valuable features include real-time threat detection, comprehensive reporting, and centralized event correlation. Devo, on the other hand, excels with scalability, flexibility, and an adaptable feature set that better aligns with diverse needs.

Room for Improvement: Users suggest that ArcSight ESM could benefit from a more intuitive design, faster processing speeds, and streamlined administration. Devo, while generally well-regarded, could enhance its alerting system, integrate more native connectors, and improve its user interface for better utility.

Ease of Deployment and Customer Service: ArcSight ESM's deployment can be complex, requiring substantial effort and time. Users acknowledge the knowledgeable customer service but often need extensive support. Devo offers a smoother deployment process with thorough documentation and quicker setup. Users find Devo's customer service responsive and helpful, making Devo more user-friendly in terms of deployment and client support.

Pricing and ROI: ArcSight ESM offers competitive pricing and strong support, but some users find the cost high compared to the value delivered. Devo, although expensive, provides high ROI through its features and ease of use. Users generally feel that Devo's benefits justify the price, leading to a higher overall satisfaction with the investment.

To learn more, read our detailed ArcSight Enterprise Security Manager (ESM) vs. Devo Report (Updated: June 2025).

ArcSight Enterprise Security Manager (ESM) vs. Devo

June 2025

Download the complete report

Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

ArcSight Enterprise Securit...

Ranking in Security Information and Event Management (SIEM)

21st

Average Rating

7.8

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

No ranking in other categories

Devo

Ranking in Security Information and Event Management (SIEM)

25th

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Log Management (27th), IT Operations Analytics (8th), AIOps (17th)

Mindshare comparison

As of June 2025, in the Security Information and Event Management (SIEM) category, the mindshare of ArcSight Enterprise Security Manager (ESM) is 1.1%, down from 1.5% compared to the previous year. The mindshare of Devo is 1.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

Gaurav Ranade

CTO at Rah Infotech Pvt Ltd

Excels at performing regression and correlation on the data

ArcSight is a legacy technology, and many customers want AI-powered technologies integrated with it. That hasn't been done yet, but ArcSight needs to catch up with the newer solutions and technologies available in the market. It can't just rely on the legacy technology from 2010 or 2012. You can't run that in 2024. It's a legacy technology with its own limitations. Customers often face issues that other software or newer solutions can resolve easily. That's the main challenge we face from customers right now. So, the only concerns are that AI needs to be integrated and scalability improved. Those are the main areas to be improved.

Read full review

Michael Wenn

CEO / Co-Founder at Aiops ltd

Has cloud-first architecture with SIEM technology to run security operations

When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature of ArcSight ESM is its ease of use."

"The real-time analysis adds value."

"The stability of ArcSight Enterprise Security Manager is good."

"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."

"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."

"Feature-rich solution which provides better network visibility for improved security"

"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."

"ArcSight gives us better visibility into threats that were unknown earlier."

More ArcSight Enterprise Security Manager (ESM) pros

"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."

"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."

"Scalability is one of Devo's strengths."

"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."

"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."

"Devo has a really good website for creating custom configurations."

"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."

"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."

More Devo pros

Cons

"Currently lacks SOAR feature."

"They also could improve the product by integrating user and identity behavior analytics."

"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."

"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."

"The UI interface is somewhat complex and needs to be simplified."

"We would like the ability to easily identify either unused resources or those that are being used sub-optimally."

"The security area has room for improvement."

"The visualization is not very good compared to Splunk."

More ArcSight Enterprise Security Manager (ESM) cons

"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."

"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."

"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."

"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."

"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."

"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."

"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."

"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."

More Devo cons

Pricing and Cost Advice

"ArcSight can be a little bit expensive because of the area that we work in and the cost. Licensing is mostly on a yearly basis, not monthly."

"The pricing model is expensive compared to open-source alternatives."

"Thanks to Micro Focus's licensing model, as an MSSP, we are able to see a complete return on our investment almost immediately."

"We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

"Price-wise, ArcSight ESM was a bit high compared to competitors, which factored into our decision to switch to Splunk. It couldn't cover all our business needs for what we wanted to implement."

"We have a license to use this solution. The price of ArcSight Enterprise Security Manager is expensive."

"It's a good price, it's one of the cheaper solutions."

More ArcSight Enterprise Security Manager (ESM) pricing and cost advice

"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."

"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."

"Devo is a hosted or subscription-based solution, whereas before, we purchased QRadar, so we owned it and just had to pay a maintenance fee. We've encountered this with some other products, too, where we went over to subscription-based. Our thought process is that with subscription based, the provider hosts and maintains the tool, and it's offsite. That comes with some additional fees, but we were able to convince our upper management it was worth the price. We used to pay under 10k a year for maintenance, and now we're paying ten times that. It was a relatively tough sell to our management, but I wonder if we have a choice anymore; this is where the market is."

"Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."

"We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."

"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."

"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."

"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."

More Devo pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

856,873 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Jun 28, 2015

Qradar vs. ArcSight

Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Computer Software Company

15%

Manufacturing Company

Government

Financial Services Firm

18%

Computer Software Company

15%

University

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?

In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...

What do you like most about ArcSight Enterprise Security Manager (ESM)?

We utilize ArcSight ESM for real-time threat detection in our organization. We have custom rules that we've developed on top of the WAN services, along with scheduled licensing activities.

What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?

ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools. It is worth the investment if you are considering the cost.

What do you like most about Devo?

Devo has a really good website for creating custom configurations.

What is your experience regarding pricing and costs for Devo?

Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.

What needs improvement with Devo?

They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...

Trellix ESM vs ArcSight Enterprise Security Manager (ESM)

Comparisons

Compared 24% of the time

Splunk Enterprise Security vs ArcSight Enterprise Security Manager (ESM)

Compared 14% of the time

Elastic Security vs ArcSight Enterprise Security Manager (ESM)

Compared 10% of the time

Wazuh vs ArcSight Enterprise Security Manager (ESM)

Compared 6% of the time

Google Chronicle Suite vs ArcSight Enterprise Security Manager (ESM)

Compared 6% of the time

More ArcSight Enterprise Security Manager (ESM) Competitors

IBM Security QRadar vs Devo

Compared 16% of the time

Microsoft Sentinel vs Devo

Compared 15% of the time

Splunk Enterprise Security vs Devo

Compared 14% of the time

LogRhythm SIEM vs Devo

Compared 5% of the time

Wazuh vs Devo

Compared 5% of the time

More Devo Competitors

Product Reports

ArcSight Enterprise Security Manager (ESM)

April 2025

ArcSight Enterprise Security Manager (ESM) report

Download ArcSight Enterprise Security Manager (ESM) product report

Download Devo product report

June 2025

Also Known As

Micro Focus ArcSight, HPE ArcSight, ArcSight

No data available

Overview

ArcSight Enterprise Security Manager (ESM) is a powerful SIEM solution for analyzing, collecting, correlating, and reporting on security event information. ArcSight ESM analyzes information from all of your data sources while helping your organization maintain high security. In addition, the solution is very customizable and enables users to create their own company-specific rule sets to automatically trigger instant alerts.

ArcSight Enterprise Security Manager (ESM) Features

Real-time threat detection
Visualization and reporting capabilities
Patented log management
Personalized dashboards
Scalable event monitoring
Seamless integration with your existing SOC tools
Behavior profiling
Data and user monitoring
Application monitoring
Analytics
Deployment/support simplicity

ArcSight Enterprise Security Manager (ESM) Benefits

Some of the benefits of using ESM include:

Real-time information: ArcSight ESM can correlate data from any source in real-time to detect incidents before they become a breach.

Compliance: Optional compliance packs enable packaged reports for PCI, SOX, and IT Governance.

Security analytics: With ArcSight ESM, you can build and maintain a security operation center (SOC) through big data security analytics.

Integration: ArcSight ESM allows you to integrate SOC with network operations, service desk, CMDB, business intelligence, Hadoop, email security, application security, threat feeds, and more.

Speed: ArcSight ESM provides excellent speed of event collection with patented log management tools.

Advanced detection: ArcSight ESM can detect unusual or unauthorized activities as they occur, preventing business disruptions.

Decrease threat exposure: By implementing ArcSight ESM, you reduce threat exposure because the solution detects threats in real time.

Operational efficiency: ArcSight ESM makes it possible for you to automate responses with ArcSight’s native SOAR, which saves your organization time, and therefore increases your operational efficiency.

Reviews from Real Users

Below are some reviews and helpful feedback written by ArcSight Enterprise Security Manager (ESM) users.

A Head of Professional Services at a computer software company says, “The simplicity of the solution is the most valuable aspect of the product. The product is quite mature. It's been around for a long time. The integration is easy for the most part.”

A Managing partner at a tech services company states that the solution is “Good at consolidating logs, fairly stable, and can scale.”

PeerSpot user Abbasi P., Vice President Derivatives Ops IT at a financial services firm, explains, “The user interfaces are quite good and speedy, and I like the consoles too. The typology and the setup are also good.”

A Chief Technological Officer at a tech services company says, "It is a very useful tool for intelligence building because it has many use cases and many rule sets."

An Associate Vice President at a consumer goods company comments, “We primarily use the solution for its technology including its independent logs, and those types of things. The solution offers very good monitoring. The product's log management and event management capabilities are excellent. There are a lot of really good analytical components. It helps us focus on analysis.”

OpenText

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Sample Customers

Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel