"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
"It's very, very versatile."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Customer support and making sure that we're successful has been one of the best features, one that we weren't even looking for during evaluation, but that's what we have found."
"I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available."
"The solution is stable and scalable."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"The completeness of the solution is what we like the most."
"The initial setup is pretty straightforward."
"The SIEM is the most valuable feature of the product."
"It's basically one of the best SIEM products on the market."
"The most valuable features are how stable and easy to use Splunk is."
"The flexibility of the solution is quite good."
"The level of robustness on offer is very good."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"Technical support could be better."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"We would like to see better integration with other products."
"We thought they were going to be a great product, however, they're actually not great at all as an MSP."
"There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process."
"Some of the user experience when doing threat-hunting, such as being able to see multiple types of analytics from different log sources in one view, would be beneficial. Right now, there are some limitations around that."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"I would like to see more SIEM functionality and a better ticket tool."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"In terms of the interface, it could include some improvements for the look and feel."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements."
"It needs integration with a configuration management solution."
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Securonix Security Analytics is ranked 8th in Security Information and Event Management (SIEM) with 6 reviews while Splunk is ranked 1st in Security Information and Event Management (SIEM) with 54 reviews. Securonix Security Analytics is rated 8.0, while Splunk is rated 8.0. The top reviewer of Securonix Security Analytics writes "The solution has helped by reducing the number of false positives in half". On the other hand, the top reviewer of Splunk writes "Very versatile for many use cases". Securonix Security Analytics is most compared with Exabeam Fusion SIEM, IBM QRadar, Microsoft Sentinel, LogRhythm NextGen SIEM and Gurucul, whereas Splunk is most compared with Dynatrace, Datadog, IBM QRadar, ELK Logstash and Fortinet FortiAnalyzer. See our Securonix Security Analytics vs. Splunk report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
