Additional Info

CompanyDevo Technology
Company size (employees)500 to 999
Headquarters RegionNorth America
Type of solutionCloud/SaaS


As organizations rapidly employ cloud transformation, the market for traditional SIEM solutions is dying. Organizations need faster, simpler deployment, superior systems management, more frequent software upgrades, regular implementation of new features, and the ability to scale dynamically.

This is where Devo comes in. Devo is a true next-generation SIEM offering, born and bred in the cloud and equipped to handle the multi-terabyte needs of today’s data age. Its visual analytics dashboard provides clarity on alerts, entities and investigations. Alerts are confidently triaged by analysts thanks to entity context and other enrichments, including MITRE ATT&CK details that are automatically added to each alert.

Investigations combine all evidence, including alerts, other related investigations, entity analytics and associations. Viewing all this evidence through a single pane of glass enables analysts to more quickly remediate threats by spending more time applying their expert knowledge to investigations and less time on manual evidence-gathering activities. Exploratory investigative activities are further enabled with an integrated threat-hunting module, and new hunting findings can be seamlessly incorporated into investigations. Devo security operations reinvents the SIEM and empowers analysts to focus on the threats that matter most to the business.

How we are different

Flexibility and scalability: Not only is data ingestion in Devo easy, but it is also the most flexible solution when it comes to changes in data sources and format. Rather than parsing and indexing data on ingest, Devo stores data raw and never changes it. This method gives Devo a few key advantages, the first being that a change in format does not impact ingestion in any way. Additionally, data is immediately searchable on ingest because there’s no need to wait for indexing. On the architecture side, Devo’s nested file storage enables a 10x data compression ratio, which uses less disk space and makes searching much faster. This makes Devo one of the most cost-effective vendors in the SIEM space when it comes to the cost per day of hot searchable storage.

Playing well with others: Devo has a fully extensible API and can work with the SOAR platform of a customer’s choice, regardless of provider. Devo can ingest data from virtually any source, in structured or unstructured formats. Unlike our competitors, Devo parses data at query time and NOT on ingestion, which preserves the original event in case you want to parse it differently in the future. This also makes Devo the most change-tolerant solution since changing data format does not break ingestion.

Maximize productivity and effectiveness: In an always-on environment, Devo helps uplevel analysts’ performance with capabilities that free up valuable time spent maintaining the SIEM, allowing them to spend it investigating threats instead. Devo delivers high-signal alerts – without the noise. Its analyst-tailored workflow combines automated enrichments, threat context, and entity analytics to accelerate response.