Devo vs NetWitness Platform comparison

Devo and NetWitness are both solutions in the Log Management category. Devo is ranked #27 with an average rating of 8.5, while NetWitness is ranked #22 with an average rating of 7.6. Devo holds a 0.6% mindshare in Log Management, compared to NetWitness’s 0.3% mindshare. Additionally, 95% of Devo users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.

Devo

Read 22 Devo reviews

1,990 Views
947 Comparison Views

95% willing to recommend

NetWitness Platform

Read 37 NetWitness Platform reviews

768 Views
480 Comparison Views

75% willing to recommend

Devo

NetWitness Platform

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Devo are two prominent solutions in cybersecurity. Devo seems to have the upper hand due to its scalability and flexible data ingestion, making it suitable for complex environments.

Features: NetWitness Platform offers comprehensive threat detection, forensic analysis, and deep network insights. Devo provides scalability, flexible data ingestion, and extensive analytics features with a granular level of detail.

Room for Improvement: NetWitness Platform needs to enhance integration capabilities, simplify operational complexities, and improve usability. Devo requires more refined real-time alerting mechanisms, an improved search function, and additional user-friendly enhancements.

Ease of Deployment and Customer Service: NetWitness Platform's deployment is intricate and time-consuming, requiring significant expertise, but it has responsive and helpful customer support. Devo offers a smoother, quicker deployment process and provides substantial guidance, although some users mention longer wait times for support.

Pricing and ROI: NetWitness Platform involves higher initial setup costs but delivers solid ROI through robust performance. Devo offers flexible pricing models that appeal to a range of budgets, and despite higher costs, its extensive features justify the price with users reporting satisfactory ROI.

To learn more, read our detailed Devo vs. NetWitness Platform Report (Updated: April 2025).

Buyer's Guide

Devo vs. NetWitness Platform

April 2025

Download the complete report

Helped 849,686 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Devo

Ranking in Log Management

27th

Ranking in Security Information and Event Management (SIEM)

28th

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

IT Operations Analytics (6th), AIOps (15th)

NetWitness Platform

Ranking in Log Management

22nd

Ranking in Security Information and Event Management (SIEM)

22nd

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2025, in the Log Management category, the mindshare of Devo is 0.6%, down from 0.8% compared to the previous year. The mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

Michael Wenn

CEO / Co-Founder at Aiops ltd

Has cloud-first architecture with SIEM technology to run security operations

When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.

Read full review

MdZaman

IT manager at a agriculture with 10,001+ employees

Really scalable for enterprise customers

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."

"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."

"Scalability is one of Devo's strengths."

"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."

"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."

"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."

"Devo has a really good website for creating custom configurations."

"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."

More Devo pros

"The solution is really scalable for the high-end power, enterprise customer."

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."

"Their technical support responds quickly and are knowledgable."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"

"Incident management is its most valuable feature."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"The most valuable features are the threat prediction and network forensics."

More NetWitness Platform pros

Cons

"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."

"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."

"I would like to have the ability to create more complex dashboards."

"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."

"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."

"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."

"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."

"My opinion on the solution's technical support is not as great as it could be because of the issues I have faced regarding the service management element."

More Devo cons

"The tool's integration capability isn't so great."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"Technical support could be improved."

"There are instances where you try to run the reports and then it does not give you the desired outcome."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"The product's licensing models are complex to understand. This particular area needs improvement."

"The solution should have more integration capabilities with different platforms."

More NetWitness Platform cons

Pricing and Cost Advice

"The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this point they do, but when we first negotiated with them, there were only three or four tiers."

"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."

"Our licensing fees are billed annually and per terabyte."

"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."

"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."

"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."

"I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."

"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."

More Devo pricing and cost advice

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"The product price was reasonable for my region and the market."

"This is a pricey solution; it's not cheap."

"The licenses are good but the cost is very expensive."

"Our license is for one year."

"We are on an annual license for the use of the solution."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

More NetWitness Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

849,686 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

15%

Government

University

Computer Software Company

19%

Financial Services Firm

17%

Government

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Devo?

Devo has a really good website for creating custom configurations.

See all answers

What is your experience regarding pricing and costs for Devo?

Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.

See all answers

What needs improvement with Devo?

They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...

See all answers

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

Comparisons

IBM Security QRadar vs Devo

Compared 17% of the time

Splunk Enterprise Security vs Devo

Compared 17% of the time

Microsoft Sentinel vs Devo

Compared 16% of the time

LogRhythm SIEM vs Devo

Compared 6% of the time

Wazuh vs Devo

Compared 6% of the time

More Devo Competitors

Splunk Enterprise Security vs NetWitness Platform

Compared 28% of the time

IBM Security QRadar vs NetWitness Platform

Compared 18% of the time

Elastic Security vs NetWitness Platform

Compared 14% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 11% of the time

RSA enVision vs NetWitness Platform

Compared 10% of the time

More NetWitness Platform Competitors

Product Reports

Buyer's Guide

Devo

April 2025

Download Devo product report

Buyer's Guide

NetWitness Platform

April 2025

Download NetWitness Platform product report

Also Known As

No data available

RSA Security Analytics

Overview

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Devo

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel

Los Angeles World Airports, Reply

Buyer's Guide

Devo vs. NetWitness Platform

April 2025

Free Report: Devo vs. NetWitness Platform

Find out what your peers are saying about Devo vs. NetWitness Platform and other solutions. Updated: April 2025.

DOWNLOAD NOW

849,686 professionals have used our research since 2012.

See our Devo vs. NetWitness Platform report.

See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.