We performed a comparison between Devo and IBM Security QRadar based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Devo users praised the solution’s ability to ingest and store data in its original format and multi-tenancy feature. They also liked Devo’s community-driven content and code-based approach. Devo could benefit from improved workflow integration and search features. QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. Users say Devo’s agents could handle Windows event logs better, and the solution should overhaul its basic reporting mechanisms. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.
Service and Support: Devo customers value their collaborative approach, responsiveness, and strong partnerships. Customers appreciate the ease of working with Devo and trust their support team. Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses.
Ease of Deployment: Devo's initial setup was deemed manageable, with users praising the ease of data onboarding as well as the availability of professional services and training. QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set.
Pricing: Devo's pricing is considered fair and competitive with no hidden costs. However, reviewers recommend that Devo's pricing tiers should offer more flexibility. QRadar can be costly because users need to buy new hardware to upgrade.
ROI: Devo offers a substantial return on investment thanks to the solution’s superior data ingestion, scalability, and cost savings. QRadar delivers a high return on investment, improving security through its advanced user behavior analytics.
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Sentinel pricing is good"
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that."
"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"The most valuable feature is user behavior analytics (UBA)."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"The product can be improved by reducing the cost to use AI machine learning."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"Technical support could be better."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The solution lacks some maturity."
"The Indian tech support is not helpful."
"The dashboards are all legacy and old."
"I would like to see a more user-friendly product."
"The tech support is not that good."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
Devo is ranked 13th in Security Information and Event Management (SIEM) with 21 reviews while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. Devo is rated 8.4, while IBM Security QRadar is rated 8.0. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Devo is most compared with Splunk Enterprise Security, LogRhythm SIEM, Wazuh, Elastic Security and New Relic, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel. See our Devo vs. IBM Security QRadar report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.