Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events." "Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data." "The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to answer questions quickly. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You'd have a backlog of processing the logs as it was ingesting them." "The ability to have high performance, high-speed search capability is incredibly important for us. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics." "The most valuable feature is definitely the ability that Devo has to ingest data. That's one reason that having 400 days of live data is pretty huge. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. In the past, our operational norm was to keep live data for only 30 days. And they can not only do so from a security point of view, but even for operational use cases. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way." "Those 400 days of hot data mean that people can look for trends and at what happened in the past. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. And I can do that by creating entity-based queries. This allows for global views and/or isolated views restricted by access controls by company or business unit." "The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate.
This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. "Devo provides a multi-tenant, cloud-native architecture.