We performed a comparison between Devo and Fortinet FortiSIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Devo users praised the solution’s ability to ingest and store data in its original format and multi-tenancy feature. They also liked Devo’s community-driven content and code-based approach. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Devo could benefit from improved workflow integration and search features. Devo’s agents could handle Windows event logs better, and the solution should overhaul its basic reporting mechanisms. Fortinet FortiSIEM would benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.
Service and Support: Devo customers value their collaborative approach, responsiveness, and strong partnerships. Customers appreciate the ease of working with Devo and trust their support team. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.
Ease of Deployment: Devo's initial setup was deemed manageable, with users praising the ease of data onboarding as well as the availability of professional services and training. Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.
Pricing: Devo's pricing is considered fair and competitive with no hidden costs. However, reviewers recommend that Devo's pricing tiers should offer more flexibility. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.
ROI: Devo offers a substantial return on investment thanks to the solution’s superior data ingestion, scalability, and cost savings. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The Log analytics are useful."
"Log aggregation and data connectors are the most valuable features."
"The features that stand out are the detection engine and its integration with multiple data sources."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"Devo has a really good website for creating custom configurations."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"It's very, very versatile."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"FortiSIEM is a great tool for making security processes transparent."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"The Threat Hunting feature provides complete traffic analysis."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"Fortinet FortiSIEM is less costly than other products and is available 24/7."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The on-prem log sources still require a lot of development."
"We are invoiced according to the amount of data generated within each log."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"FortiSIEM could be better integrated with other vendors."
"The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."
"Patching is not great - we're not getting the support we'd expect."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
Devo is ranked 13th in Security Information and Event Management (SIEM) with 21 reviews while Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews. Devo is rated 8.4, while Fortinet FortiSIEM is rated 7.6. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". Devo is most compared with Splunk Enterprise Security, IBM Security QRadar, LogRhythm SIEM and Wazuh, whereas Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes. See our Devo vs. Fortinet FortiSIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.