We performed a comparison between Devo and USM Anywhere based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Devo users praised the solution’s ability to ingest and store data in its original format and multi-tenancy feature. They also liked Devo’s community-driven content and code-based approach. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Devo could benefit from improved workflow integration and search features. Users say Devo’s agents could handle Windows event logs better, and the solution should overhaul its basic reporting mechanisms. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Devo customers value their collaborative approach, responsiveness, and strong partnerships. Customers appreciate the ease of working with Devo and trust their support team. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Devo's initial setup was deemed manageable, with users praising the ease of data onboarding as well as the availability of professional services and training. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Devo's pricing is considered fair and competitive with no hidden costs. However, reviewers recommend that Devo's pricing tiers should offer more flexibility. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Devo offers a substantial return on investment thanks to the solution’s superior data ingestion, scalability, and cost savings. USM Anywhere has garnered favorable feedback regarding its ROI.
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The pricing of the product is excellent."
"The UI-based analytics are excellent."
"The machine learning and artificial intelligence on offer are great."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Free ingestion for Azure logs (with E5 licence)"
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is."
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."
"Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
"The solution has all the features that we need, however they do not work correctly."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"Having everything in a central place has been helpful."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"There is room for improvement in entity behavior and the integration site."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"We'd like to see more connectors."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"My opinion on the solution's technical support is not as great as it could be because of the issues I have faced regarding the service management element."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"Technical support could be better."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"This solution could be easier to use."
"The only complex area of the setup was writing the custom scripts."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
Devo is ranked 16th in Log Management with 21 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Devo is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Devo is most compared with Splunk Enterprise Security, IBM Security QRadar, Wazuh, LogRhythm SIEM and Dynatrace, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our Devo vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.