Is Devo Really That Much Better Than Other SIEMs on the Market?

Cybercrime is predicted to cost the world $10.5 trillion annually by 2025. While this presents a daunting prospect, to say the least, the dire reality of the cyber threat landscape has propelled some of the most innovative technology companies into action.

The cybersecurity market presses onward in an effort to get the upper hand. Fortune Business Insights states, “The global cybersecurity market is projected to grow from USD 155.83 billion in 2022 to USD 376.32 billion by 2029.” 

So even though cyber threats have been advancing at breakneck speed, it’s clear that tech companies will be going to market with new tools to help organisations fortify their defences. 

Enter Devo Technologies.

What is Devo?

Founded in 2011, Devo Technology Inc. is a cloud-native logging and security analytics platform. Devo offers solutions for managing critical IT services, security operations, and analytics.

Information security and operations teams use it for centralised logging, security information and event management (SIEM), compliance, fraud detection, and more.

Devo’s technical edge lies in how well and how quickly it integrates data sources. It automatically performs data correlation and enrichment. This allows teams to consolidate multiple tools under one platform, visible on one dashboard—the elusive “single pane of glass.” 

As a security information and event management (SIEM) tool, it promises a much faster, more efficient, way to conduct threat hunting and investigation. And since 2020, the company has been growing quickly and expanding their capabilities to meet acute and overwhelming challenges facing Security Operations Centres (SOCs) today. 

What problems does the Devo platform solve?

A number of organisations, such as the SANS Institute, regularly conduct research to understand the current state of SOC teams.

They’re finding that staff burnout, the struggle to hire and retain talented InfoSec professionals, lack of alignment within the company, and inadequate or ineffective tooling are just some of the common pains reported.

A SANS article published in October 2022 tells us that a “constant revolving door of security professionals leads to a massive problem” is disrupting the SOC workflow and the team’s effectiveness. 

Devo’s own 2022 SOC Performance Report delves into the data points of these same reported challenges. The report states that “55% of respondents say they have considered walking away from their jobs due to the pressure they feel.” 

Many factors are contributing to burnout and high turnover, but some of the common pain points are:

• Exorbitantly high volumes of data to process—and from an increasing variety of data sources
• Legacy SIEMs’ inability to handle data above certain volumes
• The challenge of pulling all relevant data together
• Threats becoming more complex and sophisticated
• Growing tech stacks with too many tools to manage
• The struggle to maintain visibility and observability
• “Alert fatigue” from the high volume of false positive alerts

Many of the big-name security tools on the market are just no longer cutting it, because they were designed for a threat landscape that no longer exists. Many of them are also difficult to scale.

Case in point: A CISO of a leading consumer lending company in the United States (who has remained anonymous) explained how challenging it was to build and implement a global solution. “At one point we had 13 different instances of [legacy solution] that I had to try to consolidate into one. It was a massive project. And we never got there.” (Until he found Devo, of course.) 

“What do organisations need to address these challenges? The autonomous SOC,” says Devo’s whitepaper Journey to the Autonomous SOC. It submits that autonomous SOCs, when powered by advanced AI and ML, will “deliver complete visibility, automation, and analytics; … integrate seamlessly with security and IT tools; enable SOC leaders to automate triage, investigation, and hunting; deliver fast, effective detection and incident response to resolve threats on large-scale, cloud-first infrastructures; and reimagine the scope of analysts’ work so it’s more interested and fulfilling.” 

Advanced tools that lighten the SOC’s load and make it easy to onboard new talent are essential in stopping the downward spiral of overloaded, under-resourced teams. That’s Devo in a nutshell. 

“Devo seamlessly integrates data sources, enables its customers to query with confidence, and enables security architects to see into the past with 400 days of always-hot data—providing full visibility, no matter the time horizon.”

In short, Devo has positioned itself as a pioneer in autonomous security analytics and response and is prepared for a world where every sector and industry is generating massive volumes of data.  

What are the pros and cons of Devo’s technology?

Devo has received positive feedback and recognition for simplifying the work of IT and information security professionals and thus freeing them up to do higher-value work. In 2022, Devo was named a Challenger in the Gartner® Magic Quadrant™ for SIEM. Gunter Ollmann, Devo’s CTO, said, “Devo is disrupting the SIEM status quo by delivering the advanced capabilities organisations demand—leveraging autonomous capabilities that fuse automation, machine learning, and cognitive AI.” 

Devo is highly rated on both Gartner and G2. And Forrester named Devo among 11 vendors leading the industry in Artificial Intelligence for IT Operations. 

The following are the most commonly reported pros and cons:

Devo Pros

IT operations and information security analysts and engineers have been raving about the following features, benefits, and outcomes after implementing Devo:

• Fast ingestion and availability of data: Devo doesn’t index, transform, or modify data upon collection. It’s available within milliseconds. This capability makes the technology very scalable. 

• Data is always hot: Devo stores data in its raw format. Its micro-indexing technology enables your data to be stored hot and remain hot for as long as needed.

• Real-time analytics: Another competitive advantage is that “data is parsed at query time.” As Chris O’Brien, Devo’s VP of Product Marketing explains, “re-indexing is never needed to ask new questions of your data. Devo also includes native machine learning capabilities. And our intelligent query engine delivers insights predictably and quickly.”

• Effortless interaction with data: One of the core principles driving Devo as a company is that everyone—from SOC to C-suite—deserves to gain value from their data. To that effect, their subscriptions come with an unlimited number of domain users. Devo designed their tool in such a way so that users don’t have to learn a custom query language. The company also put a great deal of thought into their UX and UI.

• Devo’s GUI: The graphical user interface is the feature users tend to rave about the most. Users are delighted by how clean, intuitive, and smooth it is. Some have also mentioned they like being able to toggle back and forth between the visualised dashboard and the actual code. Since it was designed with the analyst and practitioner in mind, the common feedback is that overwhelmed, bogged-down teams feel the relief immediately because they can finally spend less time tooling and more time analysing. One of Devo’s goals is for everyone to be able to “gain operational insights into their business.” Customer feedback definitely corroborates this goal! 

• Fast, unlimited integration of new data sources: You can integrate new sources in minutes. Devo can ingest any kind of log. As for a maximum amount of data you can store and ingest? “The cloud’s the limit,” Devo’s FAQ page says. “Devo was designed to be scalable and to grow with your data needs.”

• Rich feature set: While the team may need some extra support from Devo at the beginning to configure these features, on the upside, this means that virtually anything is possible as far as custom dashboards go. The tool is flexible and modular and can be tailored to specific business needs.

• Excellent 24/7/365 customer support and system administration: Positive feedback about Devo’s quality of support abounds. Nearly every review on Gartner highlights Devo’s customer support as being responsive and receptive. Their engineers are ready to assist with custom parsing and any setup challenges.

• New SOAR capabilities: Devo is integrating security orchestration, automation, and response (SOAR) technology into its existing platform, enabled by their recent acquisition of LogicHub (more info below).

Devo Cons

As with any tool on the market, there will be downsides. Most of the downsides to Devo are minor and are far from deal-breakers. Please note that the “downsides” aggregated in places like Gartner were reported prior to Devo’s most recent rollout of acquisitions and advancements in their technology. 

Nevertheless, a few common mild complaints are:

• Custom configurations can hinder deployment: But Devo alleviates that initial learning curve and migration pain by providing stellar customer service. 

• Native integrations with third-party vendors might be lacking. Devo has provided two API connectors to help with integration: (1) a REST API that “enables programmatic access to data stored in Devo, lets you run queries remotely, and either return the results to the requestor or to another repository (like S3, Hadoop, or Kafka). You can also manage jobs.” And (2) a Provisioning API that helps you “carry out actions related to managing security credentials, users, and some other domain-related attributes. Particularly useful for very large implementations or for resellers.” 

Devo does have a growing partner network, however. You can find their partner network on their “Partners Directory” page.

• Product maturity: Some users have reported “minor bugs” but also said these are repaired in a timely manner.

We should emphasise that Devo is enjoying “explosive growth” to advance its technology as part of their vision to reinvent how security professionals work. 

To that end, in fall 2022, Devo acquired LogicHub, a SaaS cloud-native security orchestration, automation, and response (SOAR) innovator. CTO Gunter Ollman stated, “LogicHub improves SOC efficiency up to tenfold by empowering security teams to address the growing barrage of cyberattacks. It also enables SOCs to scale and augment their existing security talent.” Adding LogicHub’s technology to the Devo platform is crucial to developing “the complete stack of capabilities needed to deliver the autonomous SOC.”

LogicHub’s capabilities became available to existing Devo customers as a standalone tool in September 2022, with plans to integrate it fully into the Devo platform in a reasonable time frame.

Another notable development took place earlier, in the summer of 2022, when Devo established SciSec, a new team of security researchers and data scientists. Since SciSec’s launch, Devo has already brought additional value to Devo customers, such as the MITRE ATT&CK Adviser—which “enables customers to operationalise the MITRE ATT&CK matrix to identify detection and data sources coverage gaps,” a press release stated. 

What is Devo’s pricing?

Devo uses a tiered pricing model. Their FAQ page says, “Pricing is contingent on the volume of ingest per day averaged over a 30-day period.” Also, “discounts are applied based on average volume of ingest per day.” Devo has made it easy for the customer to monitor ingestion rates and see which data sources are sending the most data to the repository.

The billing cycle is a simple 12-month subscription plan. There’s more pricing information on AWS Marketplace.

What kind of companies are using Devo?

Organisations of all sizes have woken up to Devo’s unique ability to simplify data management. Enterprises that want to prioritise cybersecurity and improve their security posture have migrated from legacy SIEMs have discovered Devo’s security operations tool to be a great fit for effective, scalable analytics and alerting. This is especially true for large organisations that have felt the challenges that come with reaching a multi-terabyte mark with their legacy system. 

The same CISO (of the large consumer lending company) we alluded to earlier in the article, said, “When we looked at Devo and data ingest, data management, distribution, availability, integration, well, we knew it was a match made in heaven.”

Smaller companies can also benefit from Devo, by starting with a solution that’s been designed to scale. And more importantly, they can get that operational advantage right away—thanks to Devo’s belief in, essentially, democratising the ability to analyse and gain value from the data we interact with. Their customer support might be just what a smaller organisation needs to get started on the right foot. 

Notably, in 2020, Devo won the CISO Choice Awards in the SIEM Solution category and was recognized as Partner of the Year by the AWS Partner Network (APN). 

How can I learn more?

This article is a part of a greater series centred around the technologies and themes found within the first edition of the TechRadar by Devoteam. To read further into these topics, please download TechRadar by Devoteam.