Try our new research platform with insights from 80,000+ expert users

Devo vs IBM Security QRadar comparison

Devo and IBM are both solutions in the Security Information and Event Management (SIEM) category. Devo is ranked #25 with an average rating of 8.5, while IBM is ranked #4 with an average rating of 7.9. Devo holds a 1.1% mindshare in SIEM, compared to IBM’s 8.2% mindshare. Additionally, 95% of Devo users are willing to recommend the solution, compared to 91% of IBM users who would recommend it.
Devo
Read 22 Devo reviews
  • 2,008 Views
  • 839 Comparison Views
95% willing to recommend
IBM Security QRadar
Read 209 IBM Security QRadar reviews
  • 12,243 Views
  • 7,343 Comparison Views
91% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Apr 6, 2025

IBM Security QRadar and Devo are prominent competitors in the SIEM market, each offering unique strengths. IBM Security QRadar excels in built-in security intelligence, while Devo holds an upper hand with its advanced data visualization and multi-tenancy features.

Features: IBM Security QRadar's standout features include its ability to extract information from raw logs, comprehensive threat protection, and built-in correlation rules that enhance real-time threat detection. On the other hand, Devo's highlights include its Activeboards for effortless data visualization and support for multi-tenant environments, helping ensure compliance without data isolation issues. Both solutions offer scalability, but QRadar particularly emphasizes security intelligence, while Devo focuses on intuitive visual analytics.

Room for Improvement: QRadar could benefit from enhanced graphical analytics, better API support, and improvements in integration with other IBM security platforms. Customization and vulnerability scanner accuracy also need attention. Devo, meanwhile, could enhance visual analytics in its Activeboards and extend third-party integrations. A more robust detection suite and streamlined user interface would help it stand out further.

Ease of Deployment and Customer Service: QRadar offers flexible deployment options, including hybrid cloud environments, though user experiences with technical support vary by region. Devo is appreciated for its straightforward, cloud-native architecture and deployment settings. However, both solutions have mixed customer service ratings, with QRadar facing potential delays in support escalation.

Pricing and ROI: QRadar's event-per-second-based licensing is seen as complex and costly, yet many value its security benefits. Devo, employing a gigabyte-based pricing model, offers a transparent and competitive pricing structure, though metadata charges contribute to higher upfront costs. Despite this, Devo's clear pricing makes it appealing for budget-conscious enterprises. Both solutions are noted for delivering solid ROI, with Devo particularly favored for its predictability in cost management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Devo vs. IBM Security QRadar Report (Updated: June 2025).
Buyer's Guide
Devo vs. IBM Security QRadar
June 2025
Download the complete report
Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Devo
Ranking in Log Management
27th
Ranking in Security Information and Event Management (SIEM)
25th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
22
Ranking in other categories
IT Operations Analytics (8th), AIOps (17th)
IBM Security QRadar
Ranking in Log Management
5th
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
209
Ranking in other categories
User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (18th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (13th)
 

Mindshare comparison

As of June 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Devo is 1.1%, up from 1.0% compared to the previous year. The mindshare of IBM Security QRadar is 8.2%, down from 9.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Michael Wenn - PeerSpot reviewer
Has cloud-first architecture with SIEM technology to run security operations
When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"It centralizes security management within a business, functioning as a core system for a SOC."
More Devo pros
"The stability is good."
"The dashboard is easy to use and easy to understand what's going on and what the alerts mean."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
"The simplicity of the solution is the best feature."
"This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise."
"There are other third-party plugins that we can use."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
More IBM Security QRadar pros
 

Cons

"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"I would like to have the ability to create more complex dashboards."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
More Devo cons
"This solution is on-premise and many customers are moving to the cloud base solution."
"The quoting and the dashboard session could be improved. It should be more user-friendly."
"QRadar needs a lot of fine tuning"
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
"They should introduce some automation into the product."
"I have noticed the interface has room for improvement."
"IBM technical support is always terrible."
More IBM Security QRadar cons
 

Pricing and Cost Advice

"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
"I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
"Our licensing fees are billed annually and per terabyte."
"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."
More Devo pricing and cost advice
"There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk."
"There is an annual license required for this solution."
"It is very expensive."
"It's too expensive."
"An X-Force feed is free with QRadar."
"There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option."
"Licensing can be costly depending on your architecture."
"They can give us some scalability and flexibility on pricing. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment and grow business in the market. If I start a license today and take around 10,000 EPS, and after a month, there is an increase in the number of clients on my platform, I can increase the number of licenses. I can add 5,000 EPS on a yearly basis."
More IBM Security QRadar pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
856,873 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
15%
University
8%
Government
8%
Computer Software Company
16%
Financial Services Firm
11%
Educational Organization
10%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Devo?
Devo has a really good website for creating custom configurations.
See all answers
What is your experience regarding pricing and costs for Devo?
Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
See all answers
What needs improvement with Devo?
They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...
See all answers
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What is your experience regarding pricing and costs for IBM Security QRadar?
When comparing with Splunk, IBM Security QRadar's cost is reasonable. Splunk is more expensive than IBM Security QRadar.
See all answers
 

Comparisons

Microsoft Sentinel vs Devo Logo
Microsoft Sentinel vs Devo
Compared 15% of the time
Splunk Enterprise Security vs Devo Logo
Splunk Enterprise Security vs Devo
Compared 14% of the time
LogRhythm SIEM vs Devo Logo
LogRhythm SIEM vs Devo
Compared 5% of the time
Wazuh vs Devo Logo
Wazuh vs Devo
Compared 5% of the time
Datadog vs Devo Logo
Datadog vs Devo
Compared 5% of the time
More Devo Competitors
Splunk Enterprise Security vs IBM Security QRadar Logo
Splunk Enterprise Security vs IBM Security QRadar
Compared 15% of the time
Microsoft Sentinel vs IBM Security QRadar Logo
Microsoft Sentinel vs IBM Security QRadar
Compared 9% of the time
Sentinel vs IBM Security QRadar Logo
Sentinel vs IBM Security QRadar
Compared 7% of the time
Elastic Security vs IBM Security QRadar Logo
Elastic Security vs IBM Security QRadar
Compared 6% of the time
Security Onion vs IBM Security QRadar Logo
Security Onion vs IBM Security QRadar
Compared 1% of the time
More IBM Security QRadar Competitors
 

Product Reports

Buyer's Guide
Devo
June 2025
Devo reportDownload Devo product report
Buyer's Guide
IBM Security QRadar
June 2025
IBM Security QRadar reportDownload IBM Security QRadar product report
 

Also Known As

No data available
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Devo

IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which areas pose a potential threat, and which areas are critical. This will help streamline workflows by eliminating the need to pivot between tools.

IBM Security QRadar is built to address a wide range of security issues and can be easily scaled with minimal customization effort required. As data is ingested, QRadar administers automated, real-time security intelligence to swiftly and precisely discover and prioritize threats. The platform will issue alerts with actionable, rich context into developing threats. Security teams and analysts can then rapidly respond to minimize the attackers' strike. The solution will provide a complete view of activity in both cloud-based and on-premise environments as a large amount of data is ingested throughout the enterprise. Additionally, QRadar’s anomaly detection intelligence enables security teams to identify any user behavior changes that could be indicators of potential threats. 

IBM QRadar Log Manager

To better help organizations protect themselves against potential security threats, attacks, and breaches, IBM QRadar Log Manager gathers, analyzes, preserves, and reports on security log events using QRadar Sense Analytics. All operating systems and applications, servers, devices, and applications are converted into searchable and actionable intelligent data. QRadar Log Manager then helps organizations meet compliance reporting and monitoring requirements, which can be further upgraded to QRadar SIEM for a more superior level of threat protection.

Some of QRadar Log Manager’s key features include:

  • Data processing and capture on any security event
  • Disaster recovery options and high availability 
  • Scalability for large enterprises
  • SoftLayer cloud installation capability
  • Advanced threat protection

Reviews from Real Users

IBM Security QRadar is a solution of choice among users because it provides a complete solution for security teams by integrating network analysis, log management, user behavior analytics, threat intelligence, and AI-powered investigations into a single solution. Users particularly like having a single window into their network and its ability to be used for larger enterprises.

Simon T., a cyber security services operations manager at an aerospace/defense firm, notes, "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."

A management executive at a security firm says, "What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."

IBM
 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Buyer's Guide
Devo vs. IBM Security QRadar
June 2025
Free Report: Devo vs. IBM Security QRadar
Find out what your peers are saying about Devo vs. IBM Security QRadar and other solutions. Updated: June 2025.
DOWNLOAD NOW
856,873 professionals have used our research since 2012.
See our Devo vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.