We performed a comparison between Devo and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Devo users praised the solution’s ability to ingest and store data in its original format and multi-tenancy feature. They also liked Devo’s community-driven content and code-based approach. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Devo could benefit from improved workflow integration and search features. Users say Devo’s agents could handle Windows event logs better, and the solution should overhaul its basic reporting mechanisms. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Devo customers value their collaborative approach, responsiveness, and strong partnerships. Customers appreciate the ease of working with Devo and trust their support team. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: Devo's initial setup was deemed manageable, with users praising the ease of data onboarding as well as the availability of professional services and training. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Devo's pricing is considered fair and competitive with no hidden costs. However, reviewers recommend that Devo's pricing tiers should offer more flexibility. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Devo offers a substantial return on investment thanks to the solution’s superior data ingestion, scalability, and cost savings. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The analytic rule is the most valuable feature."
"It's pretty powerful and its performance is pretty good."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The Log analytics are useful."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"It's very, very versatile."
"The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"The content in the community is very helpful and useful for new users."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"We now have a central point of monitoring for all potential threats."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The playbook is a bit difficult and could be improved."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"I would like to have the ability to create more complex dashboards."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"Right now there is the concern about being able to gather all of the data into the system."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"When we had version 7.2.6, there were a lot of issues deploying that version and with the indexing. The indexer was unstable. So, we were not able to use the platform when we were on that version until we were able to upgrade to 7.3.4."
"The installation was a bit complex because we are running a virtual infrastructure."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
Devo is ranked 17th in Log Management with 21 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. Devo is rated 8.4, while LogRhythm SIEM is rated 8.4. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Devo is most compared with Splunk Enterprise Security, IBM Security QRadar, Wazuh, Elastic Security and New Relic, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM. See our Devo vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
