We performed a comparison between Devo and Microsoft Sentinel based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Devo users praised the solution’s ability to ingest and store data in its original format and multi-tenancy feature. They also liked Devo’s community-driven content and code-based approach. Microsoft Sentinel effectively identifies threats and integrates seamlessly with other Microsoft solutions. Devo could benefit from improved workflow integration and search features. Users say Devo’s agents could handle Windows event logs better, and the solution should overhaul its basic reporting mechanisms. Microsoft Sentinel could benefit from simplifying documentation, enhancing collaboration with security vendors, and improving data ingestion. Users also want more robust threat intelligence and UEBA features.
Service and Support: Devo customers value their collaborative approach, responsiveness, and strong partnerships. Customers appreciate the ease of working with Devo and trust their support team. Some users praised Microsoft’s quick response times and expertise, while others experienced challenges and support delays.
Ease of Deployment: Devo's initial setup was deemed manageable, with users praising the ease of data onboarding as well as the availability of professional services and training. Some users said that deploying Microsoft Sentinel is straightforward, while others consider it to be moderately complex.
Pricing: Devo's pricing is considered fair and competitive with no hidden costs. However, reviewers recommend that Devo's pricing tiers should offer more flexibility. Microsoft Sentinel charges customers based on data usage, and it can be expensive for users who need to ingest data from non-cloud sources.
ROI: Devo offers a substantial return on investment thanks to the solution’s superior data ingestion, scalability, and cost savings. Some Sentinel users have seen cost savings, while others have not experienced any financial benefits.
Comparison Results: Our users prefer Devo over Microsoft Sentinel Devo for its robust capabilities. Users praise Devo for its effortless data ingestion, comprehensive alert library, and high-speed search capabilities.
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"Scalability is one of Devo's strengths."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It's pretty powerful and its performance is pretty good."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel pricing is good"
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"Technical support could be better."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"I would like to have the ability to create more complex dashboards."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"We are invoiced according to the amount of data generated within each log."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
Devo is ranked 13th in Security Information and Event Management (SIEM) with 21 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews. Devo is rated 8.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Devo is most compared with Splunk Enterprise Security, IBM Security QRadar, LogRhythm SIEM, Wazuh and Elastic Security, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security. See our Devo vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.