No more typing reviews! Try our Samantha, our new voice AI agent.

Devo vs Trellix ESM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.0
Companies saw high ROI with Devo's scalability, data aggregation, cost savings, faster response, and improved security intelligence.
Sentiment score
3.2
In-house teams claim McAfee offers high ROI, but executives struggle to see it without C-level focused reports.
 

Customer Service

Sentiment score
6.7
Devo's team is praised for professionalism, quick responses, flexibility, and a customer-first approach despite some escalation delays.
Sentiment score
4.3
Trellix ESM customer service is generally satisfactory, but technical support varies with noted delays and skill gaps.
I rate the customer support a nine out of ten because of their timely technical guidance and responsiveness during the deployment and troubleshooting periods.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
I would rate support for Trellix ESM 10 out of 10 because if we connect with the support in the UK, we get excellent support.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.
Cyber Security Engineer at Protec
 

Scalability Issues

Sentiment score
7.3
Devo's cloud architecture enables seamless scalability, supporting large enterprises effortlessly, with strong AWS integration ensuring robust performance.
Sentiment score
8.6
Trellix ESM is highly scalable and adaptable, excelling in enterprise environments but may have limitations for medium enterprises.
Devo is a unified SIEM solution designed to handle growing log volumes and enterprise-scale monitoring requirements.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
Scalability is quite easier with Trellix ESM, because all we need to do is add more receivers to it, so it can go to any point.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
 

Stability Issues

Sentiment score
7.3
Devo is stable and reliable, with minor issues swiftly addressed, maintaining high user satisfaction for security operations.
Sentiment score
8.3
Trellix ESM is generally stable with effective support, though some users experience bugs and interruptions affecting reliability.
It is stable and reliable for our security operations.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
 

Room For Improvement

Devo users seek improvements in customization, integration, security, AI capabilities, usability, responsiveness, and pricing for enhanced functionality and experience.
Trellix ESM requires stability, HTML5 migration, and upgrades in customization, integration, support, usability, and AI for improved functionality.
This is particularly evident when dealing with failed login attempts and determining true versus false positives.
Strategic Account Executive at a computer software company with 51-200 employees
UI improvements, a simplified dashboard, or an easier reporting workflow could further improve analyst productivity.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
The cost is a little higher compared to other tools such as DataDog or Elasticsearch, so they could work on reducing costs.
Senior Cloud Engineer at a tech services company with 201-500 employees
If there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
 

Setup Cost

Devo's pricing is straightforward and competitive, with per-gigabyte charges, 400-day storage, and no hidden fees.
Trellix ESM offers flexible, slightly costly licensing, valued for its SOC features, with straightforward setup and deployment.
 

Valuable Features

Devo offers fast analytics, advanced query capabilities, and customizable dashboards, enhancing security workflows with seamless threat intelligence integration.
Trellix ESM excels in real-time threat detection, user-friendly interface, quick deployment, and strong integration with other technologies.
When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins.
Strategic Account Executive at a computer software company with 51-200 employees
When the analyst uses queries to search, it pulls the data quickly, in a second, which aids us greatly with the investigation.
Cyber Security Engineer II (Vulnerability & Threat Management) at FICO
It utilizes 400 days of hot data, allowing queries to run very fast and yield results quicker than other tools in terms of security and SIEM capability.
Senior Cloud Engineer at a tech services company with 201-500 employees
The weakest point is it doesn't cover almost all the devices, so the customer has to be more dependent on the parsers to be written by the Professional Services team.
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
 

Categories and Ranking

Devo
Ranking in Security Information and Event Management (SIEM)
27th
Average Rating
8.4
Reviews Sentiment
6.6
Number of Reviews
25
Ranking in other categories
Log Management (27th), IT Operations Analytics (7th), AIOps (19th)
Trellix ESM
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
7.4
Reviews Sentiment
7.0
Number of Reviews
38
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Devo is 1.2%, up from 1.1% compared to the previous year. The mindshare of Trellix ESM is 1.0%, down from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Devo1.2%
Trellix ESM1.0%
Other97.8%
Security Information and Event Management (SIEM)
 

Featured Reviews

FR
Strategic Account Executive at a computer software company with 51-200 employees
Has improved investigative workflows with interactive dashboards and simplified data correlation
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
MD
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
Offers comprehensive report generation while maintaining ease of integration
We need to improve Trellix ESM by making sure that most of the logging devices available in the global market should be covered, and if there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that. We can add some new features regarding AI in the future for Trellix ESM, but the maturity will take a longer time. There are many false positives that happen in an environment during the first couple of months, or around six months, so the system analyst is not able to identify whether the event which has occurred is a true positive or a false positive.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
8%
Computer Software Company
7%
Comms Service Provider
14%
Construction Company
13%
Financial Services Firm
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise6
Large Enterprise25
 

Questions from the Community

What is your experience regarding pricing and costs for Devo?
Pricing generally depends on the scale, data ingestion requirements, and integrations for what the enterprise monitoring needs. I have not been part of the procurement process, so I am not aware of...
What needs improvement with Devo?
One improvement area for Devo could be simplifying some configuration and improving the onboarding for new analysts because it is quite complex for fresher or new analysts who are handling Devo.UI ...
What is your primary use case for Devo?
Devo serves as our centralized log monitoring, threat investigation, alert monitoring, and security analytics platform. We use it to collect logs from multiple systems so we can correlate the event...
What is your experience regarding pricing and costs for McAfee ESM?
When discussing Trellix ESM pricing and licensing, if you consider some premium product, the pricing also has to be premium, however, enterprise customers who look for a premium product, alongside ...
What needs improvement with McAfee ESM?
Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentialit...
What is your primary use case for McAfee ESM?
My customer's usual use case for Trellix ESM involves one client, as most of the users have moved to ESM. Nowadays, they don't use IPS only, since McAfee IPS is standalone; they incorporate firewal...
 

Also Known As

No data available
McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
 

Overview

 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
Find out what your peers are saying about Devo vs. Trellix ESM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.