ArcSight Logger vs Devo comparison

"We check a lot of logs in ArcSight Logger because we're running a massive database platform."

"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."

"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."

"In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."

"ArcSight provides the basic information that we want."

"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."

"It's a robust, mature product and you can do some really complex operations and analytics."

"The technical support team is good...It is a scalable solution."

"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."

"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."

"Devo has a really good website for creating custom configurations."

"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."

"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."

"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."

"The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is."

"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."

"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."

"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."

"The platform is quite expensive. They should reduce its cost."

"The solution should make it possible to integrate network analysis features."

"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."

"ArcSight has been sold two or three times, and the quality has decreased."

"In the next release, I want to see more intelligence."

"Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."

"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."

"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."

"I would like to have the ability to create more complex dashboards."

"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."

"Technical support could be better."

"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."

"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."

"My opinion on the solution's technical support is not as great as it could be because of the issues I have faced regarding the service management element."

"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."

"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."

"ArcSight is an expensive solution."

"It's not cheap at all as it's a big product and has been in the market for quite some time now."

"I would rate the product a seven out of ten since it's an enterprise product."

"We have a lifetime license, so we don't pay a monthly fee."

"The pricing is quite harsh."

"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."

"Devo is a hosted or subscription-based solution, whereas before, we purchased QRadar, so we owned it and just had to pay a maintenance fee. We've encountered this with some other products, too, where we went over to subscription-based. Our thought process is that with subscription based, the provider hosts and maintains the tool, and it's offsite. That comes with some additional fees, but we were able to convince our upper management it was worth the price. We used to pay under 10k a year for maintenance, and now we're paying ten times that. It was a relatively tough sell to our management, but I wonder if we have a choice anymore; this is where the market is."

"Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."

"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."

"We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."

"Our licensing fees are billed annually and per terabyte."

"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."

"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."

"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."