• Home
  • Devo vs. Trellix ESM

Devo vs Trellix ESM comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 85 Microsoft Sentinel reviews
31,886 views|17,713 comparisons
92% willing to recommend
Devo Logo
Devo
Read 21 Devo reviews
6,113 views|2,312 comparisons
95% willing to recommend
Trellix Logo
Trellix ESM
Read 34 Trellix ESM reviews
3,603 views|1,525 comparisons
76% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Devo vs. Trellix ESM
March 2024
Executive Summary

We performed a comparison between Devo and Trellix ESM based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Devo vs. Trellix ESM Report (Updated: March 2024).
Download the complete report
769,479 professionals have used our research since 2012.
Featured Review
FahadAhmed
Researched Trellix ESM but chose Microsoft Sentinel: Comes with different playbooks you can execute with one click or program to run automatically in response to an incident
Sentinel enhances our visibility by integrating with on-prem and cloud log sources. It provides visibility into any cloud environment, including... Read more →
JohnBusch
Researched Trellix ESM but chose Devo: Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations
We now spend a lot less time supporting different pieces of the SIEM. Log integration is super easy and super fast, and it handles all the data we... Read more →
Daniel Durian
Provides visibility of all the traffic within the company infrastructure
It provides threat monitoring from the Internet and if there is malicious activity on the end-point, the ESM can provide us what host is affected.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually.""The automation feature is valuable.""Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.""What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part.""I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily.""The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects.""The connectivity and analytics are great.""The pricing of the product is excellent."

More Microsoft Sentinel Pros →

"Devo has a really good website for creating custom configurations.""It's very, very versatile.""The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events.""The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.""The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""Scalability is one of Devo's strengths."

More Devo Pros →

"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.""The product’s most valuable feature is log monitoring.""The most valuable feature is the correlation rules.""It is easy to use.""We are now able to completely monitor our environment so we can review what is there, which is a big win for us.""It has performed well and delivered the results that I have been looking for.""The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it.""The most valuable feature is the capability to correlate different events from different platforms that we feed into it."

More Trellix ESM Pros →

Cons
"We'd like also a better ticketing system, which is older.""The AI capabilities must be improved.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome.""There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it.""If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients.""We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft.""The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results.""I would like to see more AI used in processes."

More Microsoft Sentinel Cons →

"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness.""The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets.""We only use the core functionality and one of the reasons for this is that their security operation center needs improvement.""There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler.""The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts.""Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design.""Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."

More Devo Cons →

"Product-wise, adding accounts on a single data source by batch would be a really great help.""There should be support for multitenancy in the product.""Product currently requires Flash.""Tech support is required each time there is a system update of the solution.""We cannot add new data sources to the most recent version.""Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface.""I would like to see fingerprint recognition included in the next release of this solution.""We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."

More Trellix ESM Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
  • "We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."

    • More Devo Pricing and Cost Advice →

  • "You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."
  • "We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."
  • "The cost is dependent on the customer's environment and requirements."
  • "The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."
  • "The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
  • "We renew our license annually."
  • "McAfee is the right choice for a low-budget solution."
  • "The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

    • More Trellix ESM Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    769,479 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about Devo?
    Top Answer:Devo has a really good website for creating custom configurations.
    Read all 17 answers   →
    What is your experience regarding pricing and costs for Devo?
    Top Answer:Devo is taking on the market leaders, and their pricing is commensurate with that strategy. Core and additional features… more »
    Read all 14 answers   →
    What needs improvement with Devo?
    Top Answer:The price is one problem with Devo. Huawei, Lenovo, and Gigabyte are all cheaper than Devo. I rate Devo's price an eight… more »
    Read all 17 answers   →
    What do you like most about McAfee ESM?
    Top Answer:The solution's technical support is great.
    Read all 22 answers   →
    What is your experience regarding pricing and costs for McAfee ESM?
    Top Answer:The product is slightly expensive. They offer some discount on the purchase of a certain number of nodes. They should… more »
    Read all 16 answers   →
    What needs improvement with McAfee ESM?
    Top Answer:The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed… more »
    Read all 20 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
    Learn More
    Microsoft
    Devo
    Trellix
    Video Not Available
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company42%
    Comms Service Provider8%
    Retailer8%
    Insurance Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government10%
    Comms Service Provider9%
    REVIEWERS
    Financial Services Firm25%
    Government15%
    Healthcare Company10%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Educational Organization70%
    Computer Software Company5%
    Government4%
    Financial Services Firm4%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business29%
    Midsize Enterprise19%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise15%
    Large Enterprise62%
    REVIEWERS
    Small Business29%
    Midsize Enterprise15%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise74%
    Large Enterprise18%
    Buyer's Guide
    Devo vs. Trellix ESM
    March 2024
    Free Report: Devo vs. Trellix ESM
    Find out what your peers are saying about Devo vs. Trellix ESM and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    769,479 professionals have used our research since 2012.

    Devo is ranked 13th in Security Information and Event Management (SIEM) with 21 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Devo is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Devo is most compared with Splunk Enterprise Security, IBM Security QRadar, LogRhythm SIEM, Wazuh and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and SQRRL. See our Devo vs. Trellix ESM report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.