Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. "I would like to have the ability to create more complex dashboards." "There is room for improvement in the ability to parse different log types. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events." "The user interface is really modern. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to answer questions quickly.
When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. That's really useful." "The ability to have high performance, high-speed search capability is incredibly important for us. And you can really quickly switch between using the GUI and using the code. Whatever you're doing, you see the code, what's happening.
As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics." "One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. That's one reason that having 400 days of live data is pretty huge. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. In the past, our operational norm was to keep live data for only 30 days. And they can not only do so from a security point of view, but even for operational use cases. You'd have a backlog of processing the logs as it was ingesting them." "It's very, very versatile." "Those 400 days of hot data mean that people can look for trends and at what happened in the past. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest.
I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way." "The most valuable feature is definitely the ability that Devo has to ingest data. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. And I can do that by creating entity-based queries. This allows for global views and/or isolated views restricted by access controls by company or business unit." "The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. "Devo provides a multi-tenant, cloud-native architecture.