2020-01-07T06:28:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 68

What is your primary use case for Devo?

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

15
PeerSpot user
15 Answers
JB
Security Engineer at Kforce
Real User
Top 20
2022-10-07T16:54:00Z
Oct 7, 2022

We have most of our major log sources going to it, and we have both an internal NOC as well as an external MSSP that does 24/7 monitoring. We use it for writing all of our alerting use cases for different correlations between all of our different logging apps. In terms of our environment, we have several departments. We're a staffing company, and we have a lot of different contractual obligations with other companies. So, it's a fairly complex environment. We have multiple domains. We have several DMZ environments, and we have three active data centers.

Search for a product comparison
PP
Director of Security at Sprout Social
Real User
Top 20
2022-04-27T08:18:00Z
Apr 27, 2022

We're mostly using it for log retention and investigations into events or security issues within our environment. We're pumping a lot of the logs from our SaaS tools into it, from tools like Google Workspace (G Suite) and OneLogin and the like. When we have questions or investigations from a security perspective, we go into Devo to help answer them.

JC
Security Operations Center (SOC) Director at a tech company with 51-200 employees
Real User
2022-03-30T10:28:00Z
Mar 30, 2022

I'm a SOC director for a Fortune 500 company, and we use it as our primary SIEM for our leverage SOC service.

Gabe Martinez - PeerSpot reviewer
CEO at Analytica 42
Reseller
Top 10
2021-11-04T15:03:00Z
Nov 4, 2021

We are a value-added reseller focused on cybersecurity and big data analytics. Devo is a premier partner of ours. We not only resell Devo but we provide deployment services, content development, and analytic services for Devo customers.

SM
Product Director at a insurance company with 10,001+ employees
Real User
Top 20
2021-10-07T20:44:00Z
Oct 7, 2021

We look at this solution for both security monitoring and operational monitoring use cases. It helps us to understand any kinds of security incidents, typical-scene use cases, and IT operations, including DevOps and DevSecOps use cases.

LV
Digital Security VP at a tech services company with 201-500 employees
Real User
Top 20
2021-10-01T10:38:00Z
Oct 1, 2021

We have several use cases for Devo. The first is related to the security center (SOC) operations, and they do the log correlation for Devo security. We now have fraud use cases and application monitoring use cases, and we're starting to work on some use cases related to business analytics.

Learn what your peers think about Devo. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
654,658 professionals have used our research since 2012.
Elizabeth Manemann - PeerSpot reviewer
Cyber Security Engineer at H&R Block, Inc.
Real User
Top 10
2021-06-23T20:14:00Z
Jun 23, 2021

We have a couple of servers on-premises to gather the logs from our devices. We have a lot of devices including vendor-agnostic collectors that will, for example, collect syslogs from our Linux host. The logs are then sent to the Devo Relay, which encrypts the data and sends it to the Devo Cloud. What we send to Devo includes all of our Unix-based logs. These are the host logs, as well as logs from a lot of the network devices such as Cisco switches. Currently, we are working with Devo to set up a new agent infrastructure, and the agents will collect Windows event logs. We were using a beta product that Devo provided for us, which was based on an open-source platform called Osquery. That did not quite work for the volume of logs that we have. It didn't seem to be able to keep up with a large number of servers, or the large amount of Windows event log volume that we have in our environment. We're currently working with them to transition to an Xlog and use their agents, which work really well to forward the logs to Devo. We also send cloud logs to Devo, and they have their own collector that handles a lot of that. It basically pulls the logs out of our cloud environment. We are sending Office365 management logs, as well as a lot of Azure PaaS service logs. We're sending those through an event hub to Devo. We are currently working on onboarding some AWS logs as well. We have several corporate locations, with the main location in the US. That is where the majority of our resources are, but we do also have Devo relays stood up in Canadian, Australia, and India. These locations operate in a way that is similar to what is described above, although on a smaller scale. They're sending all of their Unix devices and syslogs to the relay, and then I believe only Australia at the moment is using agents to pull from Windows logs. Canada is using a different SIEM at the moment, although that contract is about to expire, so then we'll onboard their Windows event logs as well. India does not have any Windows servers that need to have an agent for collecting logs, so just send the Linux and Unix logs over the relay to Devo. Our main use case and customer base are our security operations center analysts. A lot of our process was built up and carried over from our previous SIEM, LogRhythm. We have an alerting structure built out that initiates a standard analyst workflow. It starts when you get an alert. You drill down in the logs and investigate to see if it's a false positive or not. We are in the process of onboarding our internal networking team into Devo, and we are gathering a lot of network logs. This means that they can monitor the health of our networking infrastructure, and at some point, maybe set up health alerts for whatever they are looking for. We have another team that is using Devo, which is our internal fraud team. They're very similar to stock analysts, where they just look for suspicious events. They are especially interested in tax filing and e-filing. We gather logs for that, and they go through a really deep investigative workflow.

MU
IT manager at a tech services company with 1,001-5,000 employees
Real User
Top 10
2021-04-28T07:43:27Z
Apr 28, 2021

We are primarily using the solution as a cloud observability platform. Most use cases are related to service operations, not security operations. This is due to the fact that in security operations our company uses Splunk and other platforms. In this case, in my team, we are using Devo for service operations requirements. We correlate across metrics and trace on that data to understand root causes. For example, we'll look at metrics in jobs, time processes, root cause investigations where we have fails, job performance, deals, payments, et cetera.

Art Faccio - PeerSpot reviewer
Director Cyber Threat Intelligence at IGT
Real User
Top 5
2021-03-03T19:20:00Z
Mar 3, 2021

We use it for monitoring our core set of network devices, our key systems. We're collecting all the log traffic and using it as a platform to correlate and set up alerts to monitor, and looking for any suspicious behavior.

Chris Bates - PeerSpot reviewer
CISO at SentinelOne
Real User
Top 5
2021-02-16T23:39:00Z
Feb 16, 2021

We're using Devo as an operations and security event management logging platform. We're shipping all of our log data and telemetry into Devo, including G Suite, Okta, GitHub, Zscaler, Office 365; pretty much all of our logging data is going into Devo. And we're using Devo to do some analytics and alerting and searching on that log data. The analytics are things like average, min/max, and counts on certain types of log data—performance metrics—for monitoring and uptime/downtime health.

JerryH - PeerSpot reviewer
Director at a computer software company with 1,001-5,000 employees
Real User
2020-11-03T07:14:00Z
Nov 3, 2020

Our initial use case is to use Devo as a SIEM. We're using it for security and event logging, aggregation and correlation for security incidents, triage and response. That's our goal out of the gate. Their solution is cloud-based and we're deploying some relays on-premise to handle anything that can't send it up there directly. But it's pretty straightforward. We're in a hybrid ecosystem, meaning we're running in both public and private cloud.

Jordan Mauriello - PeerSpot reviewer
SVP of Managed Security at CRITICALSTART
MSP
2020-09-22T07:16:00Z
Sep 22, 2020

We use Devo as a SIEM solution for our customers to detect and respond to things happening in their environment. We are a service provider who uses Devo to provide services to our customers. We are integrating from a source solution externally. We don't exclusively work inside of Devo. We kind of work in our source solution, pivoting in and back out.

JS
CEO at Panda Security
MSP
2020-03-24T08:12:00Z
Mar 24, 2020

We use it for visibility and alerting in a cybersecurity security use case. It is a very specific deployment in the sense that it's not general. We integrated it with our own technology. We are a SaaS vendor. The way we integrated Devo was to put it into our platform as an alerting layer. Because you will be doing executables at your computer all the time, such as opening an email, a browser, or Word, all these things are tracked via telemetry. We take all that raw data for events, essentially enriching it with the classification service that we have as a unique part of our own service. So, if you're opening Word or sending an email, we enrich that with our classification, e.g., malware, then we send it to Devo. We build dashboards and alerts based on that. Before, you would have a tool just for cybersecurity. Now you have an impressive tool that takes no effort at all. Suddenly, because of the Devo layer, you have an intelligence tool with no extra deployment effort on the side of the customer to see visibility. Devo is a powerful interface and platform which will ingest our data coming from an endpoint protection solution, putting it in a format and dashboard, then connecting tools where you extract them into an intelligence platform, oversight, or security. That's essentially what we do.

MV
Security Analyst at Telefonica
Real User
2020-02-13T07:51:00Z
Feb 13, 2020

Our primary use of Devo is as a SIEM, and then as a big-data platform. We do store a lot of data centrally, using the solution, and then we analyze it. The main purpose of the analysis is for security, to detect attacks, abnormalities, and to get an overall view of the health of the network. We deploy it on-premise. Devo mainly deploys in the cloud, but that's just not possible with our security policy.

JayGrant - PeerSpot reviewer
Manager of Security Services at OpenText
MSP
2020-01-07T06:28:00Z
Jan 7, 2020

I run an incident response, digital forensics team for OpenText. We do investigations into cyber breaches, insider threats, network exploitation, etc. We leverage Devo as a central repository to bring in customer logging in a multi-tenant environment to conduct analysis and investigations. We have a continuous monitoring customer for whom we stream all of their logging in on sort of a traditional Devo setup. We build out the active boards, dashboards, and everything else. The customer has the ability to review it, but we review it as well, acting as a security managed service offering for them. We use Devo in traditional ways and in some home grown ways. For example, if there is a current answer response, I need to see what's going on in their environment. Currently, I'll stream logs from the syslog into Devo and review those. For different tools that we use to do analytics and forensics, we'll parse those out and send that up to Devo as well. We can correlate things across multiple forensic tools against log traffic, network traffic, and cloud traffic. We can do it all with Devo. It's all public cloud, multi-factor authentication, and multi-tenant. We have multiple tenants built in as different customers, labs, etc. Devo has us set up in their cloud, and we leverage their instance. We are using their latest version.

Related Questions
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
Oct 7, 2022
Please share with the community what you think needs improvement with Devo. What are its weaknesses? What would you like to see changed in a future version?
2 out of 15 answers
JayGrant - PeerSpot reviewer
Manager of Security Services at OpenText
Jan 7, 2020
The only downfall that I have is it is browser based. So, when you start doing some larger searches, it will cause the browser to lock up or shut down. You have to learn the sweet spot of how much data you can actually search across. The way that we found around that is to build out really good Activeboards, then it doesn't render as much data to the browser. That's the work around that we use. As far as ingestion, recording, and keeping it, I've seen no issues. It comes down to some feature requests here and there, which is normal stuff with software. As a user, I may want to scroll through the filters, but the filter didn't allow scrolling at first. That's a feature that came in with version 6.
MV
Security Analyst at Telefonica
Feb 13, 2020
I don't use the Activeboards' visual analytics that much. I just look at the data, most of the time. The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc. You get a graphic that works well in some cases, but in other cases, the numbers are too small and you cannot do anything about it. Overall, the graphic presentation of data is okay, but I miss the basic functionality of being able to change how things look.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Oct 7, 2022
Hi Everyone, What do you like most about Devo? Thanks for sharing your thoughts with the community!
2 out of 15 answers
JayGrant - PeerSpot reviewer
Manager of Security Services at OpenText
Jan 7, 2020
Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo.
MV
Security Analyst at Telefonica
Feb 13, 2020
The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Explore this product
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Devo Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
654,658 professionals have used our research since 2012.