2020-01-07T06:28:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 3

What advice do you have for others considering Devo?

If you were talking to someone whose organization is considering Devo, what would you say?

How would you rate it and why? Any other tips or advice?

8
PeerSpot user
8 Answers
MU
IT manager at a tech services company with 1,001-5,000 employees
Real User
Top 10
2021-04-28T07:43:27Z
Apr 28, 2021

We're just customers and end-users. We are using the most recent version of the product. We are using Devo in a public cloud with some other web service we have secured with a VPN built in the company so that it's tunnel secured. I would rate the solution at an eight out of ten. If the solution required fewer fixes and was a bit more flexible, I would rate it higher.

Search for a product comparison
Art Faccio - PeerSpot reviewer
Director Cyber Threat Intelligence at IGT
Real User
Top 5
2021-03-03T19:20:00Z
Mar 3, 2021

We did a pretty good job of this, but with hindsight it is always something that we could have done better: the planning of the project. So have a good idea of what logs you want to ingest, right out of the gate, and have the necessary internal teams ready to get you what you need. The pre-planning is the most important thing. We had the relay built and functional for getting the data from site to cloud, literally in 20 minutes. If we had been a little better organized on our end, the implementation would have taken one week instead of a week and a half to two weeks. So the most important piece of advice in a deployment like this is to know your data. Know what you want and make sure your teams, including the IT teams that need to build the virtual machines, are ready to get the hardware in place quickly. From my point of view, and from what my team has told me, everything is intuitive and user-friendly. From a logistics point of view, everything is well laid out and well thought out.

Chris Bates - PeerSpot reviewer
CISO at SentinelOne
Real User
Top 5
2021-02-16T23:39:00Z
Feb 16, 2021

Be very realistic about what you want to send into it and make sure that you have use cases for sending data to it, but that's the same anywhere. One of the problems that a lot of people have is that with the old SIEM you sent all of your data and then figured out a use case for it afterwards. I'm much more of a firm believer in figuring out the use cases and then sending the data. Make sure you have the data you're going to be shipping into it well documented. Don't, by default, take everything you're shipping in your SIEM and ship it to Devo. That's probably not the best use of your time. Also, really start thinking about complex use cases, things like "If A and B and C happened, but A, B, and C are on different data sources, then tell me that there's a problem." That's not something you used to be able to do on a traditional SIEM, or at least not very effectively. So start thinking about the more complex data analytics use cases to improve your learning and your logic. That's really the power of Devo. It's pretty easy to use. My guys have had no problem getting up to speed on it. I wouldn't say it's easier to use than some of the others, but it's as easy to use. Once you learn the language, you can start writing the rule sets, and you can actually have the GUI show you the language it is using. So, we have had no issues in that regard. It's well-documented. The trending we're interested in is not the 400-day rolling window that Devo provides. We use a six-month rolling window for audit and/or investigative purposes. If we find something, we can go back and look at it very quickly to see how long it has been happening in our environment. We haven't really been historically trending over more than six months. Eventually we may expand into using the 400 days, but right now we're focused more on blocking and tackling, which requires shorter windows. Overall, I have no issues with it and my guys love it. Devo is what we thought it would be when we bought it. It's basically a high-speed analytics engine that allows us to query our data at speed and scale, and combine it together. That was the whole purpose, and it is what it is. We had a very mature idea of what we wanted when we went looking.

JerryH - PeerSpot reviewer
Director at a computer software company with 1,001-5,000 employees
Real User
2020-11-03T07:14:00Z
Nov 3, 2020

Take a look at it. They're really going after Splunk hard. Splunk has a very diverse deployment base, but Splunk really missed the mark with its licensing model, especially when it relates to the cloud. There are options out there, effective alternatives to Splunk and some of the other big tools. But from a SaaS standpoint, if not best-in-breed, Devo is certainly in the top-two or top-three. It's definitely a strong up-and-comer. Devo is already taking market share away from Splunk and I think that's going to continue over the next 24 to 36 months. Devo's speed when querying across our data is very good. We haven't fully loaded it yet. We'll see when the rubber really hits the road. But based on the demos and the things that we've seen in Devo, I think it's going to be extremely good. The architecture and the way that they built it are for speed, but it's also built for security. Between our DevOps, our SecOps, and our traditional operations, we'll be able to quickly use the tool, provide valuable insights into what we're doing, and bring our teams up to speed very quickly on how to use it and how to get value out of it quickly. The fact that it manages 400 days of hot data falls a little bit outside of our use case. It's great to have 400 days of hot data, from security, compliance, and regulatory retention standpoints. It makes it really fast to rehydrate logs and go back and get trends from way back in the day and do some long-term trend analysis. Our use case is a little bit different. We just need to keep 90 days hot and we'll be archiving the rest of that information to object-based long-term storage, based on our retention policies. We may or may not need to rehydrate and reanalyze those, depending on what's going on in our ecosystem. Having the ability to be able to reach back and pull logs out of long-term storage is very beneficial, not only from a cost standpoint, but from the standpoint of being able to do some deeper analysis on trends and reach back into different log events if we have an incident where we need to do so.

Jordan Mauriello - PeerSpot reviewer
SVP of Managed Security at CRITICALSTART
MSP
2020-09-22T07:16:00Z
Sep 22, 2020

No SIEM deployment is ever going to be easy. You want to attack it in order of priorities for what use cases matter to your business, not just log sources. We are not using the Activeboards as much as some of the things that are probably newer features in the solution, like their SecOps module, which allows us not to have to use as many Activeboards, as there is a lot of prebuilt content. That's very effective for us, and it already exists in there. The Activeboards are easy to understand and flexible. However, we are not using them quite as much as maybe other people are. We are probably limited in how much we're using Activeboards to build and modify dashboards on the fly because a lot of the things that we need are already built and designed as a part of SecOps, so we don't have to do it as much. There are times where we have to as well as times where that may be asked for by a specific customer, but more often than not, the things that we need are already pre-existing. We do not really use the MITRE Framework that much as we use other frameworks in our environment. Biggest lesson learnt: There is the ability to achieve high quality solutions and cost savings at the same time without compromising on quality. I would rate this solution as an eight out of 10.

JS
CEO at Panda Security
MSP
2020-03-24T08:12:00Z
Mar 24, 2020

Internal development is underrated. It is a good choice not to invent it all yourself. You should focus on your core business. It made sense to choose Devo to focus on the machine data issues while we focused on cybersecurity and the intelligence that we could build with the platform. Open source is a good option in some cases, but not for us and our needs. I would rate the solution as a nine (out of 10).

Learn what your peers think about Devo. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,522 professionals have used our research since 2012.
MV
Security Analyst at Telefonica
Real User
2020-02-13T07:51:00Z
Feb 13, 2020

My advice is to go with scrum Agile method for implementing it. It really works. They're did really good at it. The biggest lesson I've learned from using Devo is that it is good, functioning software. And there's really good support. I'm so happy with the platform. I've seen it go from pre-production to production. I was very happy with it in pre-production and I thought, "Okay, maybe when we start loading all the data, the complete set, maybe it will be different," but it's not. It does what it says on the tin. It really works for us. I rate Devo at nine out of 10. They could be a 10. If they pushed us a little bit harder at the beginning so we actually come up with a more detailed plan for the integration of our sources, that could have made them a 10. It's an upstart company and we really see great potential with them. They're updating the platform and they're adding a lot of features, features that matter to us, without us actually telling them we need them. So I think they really understand the market. They understand how modern software should work and how people work. It's really refreshing. You feel you're not limited by the platform. You're only limited by your imagination.

JayGrant - PeerSpot reviewer
Manager of Security Services at OpenText
MSP
2020-01-07T06:28:00Z
Jan 7, 2020

Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of stuff that you can just do with very little training. However, to get to the really cool features and setups, you'll need the training and a bit of front-end assistance to make sure it's customized for your environment the right way. You need to have a tool of this capability in your environment, whether you're providing service for someone else or if it's your own internal environment that you're working in. It is a core piece of functionality. I would rate the solution between an eight point five and nine (out of 10). The only two things that stop it from getting a 10 are they need to improve their documentation and customer service. That's just customer service from the standpoint of support. It's just your generic, outsourced, call in support, where they read through a script, and go, "Did you try this? Or, did you try that?" Then, open up a ticket, and you're waiting for a period of time. If they can improve their support process and documentation, they would very easily push towards a 10.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Oct 7, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 15 answers
JayGrant - PeerSpot reviewer
Manager of Security Services at OpenText
Jan 7, 2020
I run an incident response, digital forensics team for OpenText. We do investigations into cyber breaches, insider threats, network exploitation, etc. We leverage Devo as a central repository to bring in customer logging in a multi-tenant environment to conduct analysis and investigations. We have a continuous monitoring customer for whom we stream all of their logging in on sort of a traditional Devo setup. We build out the active boards, dashboards, and everything else. The customer has the ability to review it, but we review it as well, acting as a security managed service offering for them. We use Devo in traditional ways and in some home grown ways. For example, if there is a current answer response, I need to see what's going on in their environment. Currently, I'll stream logs from the syslog into Devo and review those. For different tools that we use to do analytics and forensics, we'll parse those out and send that up to Devo as well. We can correlate things across multiple forensic tools against log traffic, network traffic, and cloud traffic. We can do it all with Devo. It's all public cloud, multi-factor authentication, and multi-tenant. We have multiple tenants built in as different customers, labs, etc. Devo has us set up in their cloud, and we leverage their instance. We are using their latest version.
MV
Security Analyst at Telefonica
Feb 13, 2020
Our primary use of Devo is as a SIEM, and then as a big-data platform. We do store a lot of data centrally, using the solution, and then we analyze it. The main purpose of the analysis is for security, to detect attacks, abnormalities, and to get an overall view of the health of the network. We deploy it on-premise. Devo mainly deploys in the cloud, but that's just not possible with our security policy.
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Oct 7, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 13 answers
JayGrant - PeerSpot reviewer
Manager of Security Services at OpenText
Jan 7, 2020
It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less.
MV
Security Analyst at Telefonica
Feb 13, 2020
I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money. Because we are running an in-house solution, there is the extra cost for us, when compared to the cloud, in maintaining our own hardware, and the level-one and -two support we are doing. But we feel we won't need consultants in the future, which we needed with Splunk where we paid extra for a more defined platform and doing the work. Devo is very well-documented and the platform is very open.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Related Solutions
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Devo Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
653,522 professionals have used our research since 2012.