

Trellix ESM and Devo compete in the realm of security information and event management solutions. Based on user reviews, Devo seems to have the upper hand due to its superior features and functionality.
Features: Trellix ESM provides valuable features such as automated threat detection, flexible integration, and strong customer service. Devo offers powerful analytics, real-time threat detection, and advanced capabilities, leading to higher user satisfaction regarding features.
Room for Improvement: Trellix ESM needs a more intuitive system, reduced complexity in setup, and streamlined workflows. Devo could improve by offering more customization options, better documentation, and enhanced user training materials.
Ease of Deployment and Customer Service: Trellix ESM’s deployment is straightforward, supported by strong customer service that eases user adoption. Devo also offers smooth deployment but has slightly less stellar customer service.
Pricing and ROI: Trellix ESM users are generally satisfied with its pricing and ROI, finding it cost-effective. Devo, despite higher costs, delivers a compelling ROI due to its advanced features, justifying the investment for users.
I rate the customer support a nine out of ten because of their timely technical guidance and responsiveness during the deployment and troubleshooting periods.
I would rate support for Trellix ESM 10 out of 10 because if we connect with the support in the UK, we get excellent support.
It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.
Devo is a unified SIEM solution designed to handle growing log volumes and enterprise-scale monitoring requirements.
Scalability is quite easier with Trellix ESM, because all we need to do is add more receivers to it, so it can go to any point.
It is stable and reliable for our security operations.
This is particularly evident when dealing with failed login attempts and determining true versus false positives.
UI improvements, a simplified dashboard, or an easier reporting workflow could further improve analyst productivity.
The cost is a little higher compared to other tools such as DataDog or Elasticsearch, so they could work on reducing costs.
If there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that.
When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins.
When the analyst uses queries to search, it pulls the data quickly, in a second, which aids us greatly with the investigation.
It utilizes 400 days of hot data, allowing queries to run very fast and yield results quicker than other tools in terms of security and SIEM capability.
The weakest point is it doesn't cover almost all the devices, so the customer has to be more dependent on the parsers to be written by the Professional Services team.
| Product | Mindshare (%) |
|---|---|
| Devo | 1.2% |
| Trellix ESM | 1.0% |
| Other | 97.8% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 5 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 15 |
| Midsize Enterprise | 6 |
| Large Enterprise | 25 |
Devo offers powerful visual analytics, real-time data querying, and log integration capabilities within a cloud-native, multi-tenant architecture, supporting extended data retention ideal for long-term analysis and compliance.
Devo is recognized for its Activeboards, which facilitate visual analytics. High-speed search capabilities and real-time analytics enable efficient data manipulation and querying. Its multi-tenant architecture supports effective data segregation and customization tailored to distinct business needs, enhancing its value for handling complex log integrations. With extended data retention of 400 days and a cloud-native architecture, Devo is a robust platform for long-term analysis and compliance requirements. Though opportunities exist to improve browser stability on large searches, SOAR integrations, and its parser capabilities, Devo remains essential for incident response and security monitoring, offering centralized data storage and analysis.
What are Devo's most important features?Devo is extensively used in industries focused on incident response and digital forensics, centralizing data for security monitoring across hybrid environments. Organizations benefit from its ability to store and analyze aggregated logs, creating alerts and dashboards to enhance visibility for network and endpoint activities in multi-domain settings.
Trellix ESM is an innovative tool designed to enhance security management through its seamless integration, user-friendly deployment, customizable dashboards, and robust threat detection capabilities.
Trellix ESM is essential for comprehensive security management, ensuring effective threat detection and analysis. It integrates seamlessly with third-party systems and provides advanced correlation and security visualization. Capable of managing logs and monitoring network traffic, it enhances security across diverse environments, making it indispensable for security operations. Despite needing improved SaaS integration, API documentation, and addressing stability issues, it remains crucial for user-friendly deployment and incident analysis. Its benefits are complemented by comprehensive reporting and real-time malware protection.
What Are Trellix ESM's Most Important Features?In diverse industries, Trellix ESM is deployed for central log management and security operations, monitoring servers, virtual machines, and hybrid-cloud environments. Companies use it for managed security services and threat detection, analyzing logs and securing data. It finds great use in monitoring network vulnerabilities and event correlation, enabling service providers and MSSPs to effectively manage endpoints and hybrid-cloud setups as well as gather logs from servers and firewalls, offering abundant transparency into security threats and network activities.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.