Try our new research platform with insights from 80,000+ expert users

AlienVault OSSIM vs Devo comparison

AT&T and Devo are both solutions in the Security Information and Event Management (SIEM) category. AT&T is ranked #10 with an average rating of 7.4, while Devo is ranked #28 with an average rating of 8.5. AT&T holds a 3.9% mindshare in SIEM, compared to Devo’s 1.0% mindshare. Additionally, 80% of AT&T users are willing to recommend the solution, compared to 95% of Devo users who would recommend it.
AlienVault OSSIM
Read 31 AlienVault OSSIM reviews
  • 5,499 Views
  • 3,751 Comparison Views
80% willing to recommend
Devo
Read 22 Devo reviews
  • 2,148 Views
  • 1,023 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

Devo and AlienVault OSSIM are two leading products in the network security space. Devo seems to have the upper hand due to its advanced data analytics capabilities and user-friendly approach, while AlienVault OSSIM is favored for its comprehensive threat detection features.

Features: Devo provides powerful data analytics, real-time monitoring, and seamless integration capabilities. AlienVault OSSIM stands out with built-in security tools, threat intelligence, and incident response features. Devo offers strong analytics, while AlienVault OSSIM delivers a comprehensive security package.

Room for Improvement: Users suggest Devo could benefit from enhanced reporting, more intuitive configuration options, and refining existing features. AlienVault OSSIM users wish for improved scalability, better documentation, and enhanced overall usability and support materials.

Ease of Deployment and Customer Service: Devo is frequently praised for its straightforward deployment process and responsive customer service. AlienVault OSSIM has a more complex deployment model which can be challenging for new users. AlienVault OSSIM's customer service, while helpful, sometimes lacks the quick response times reported by Devo users.

Pricing and ROI: Devo has a more appealing pricing model and is often seen as providing better ROI due to its efficiency and cost-effectiveness. AlienVault OSSIM tends to have higher setup costs but compensates with its comprehensive feature set, which users find justifies the investment. While Devo is more budget-friendly, AlienVault OSSIM delivers a balanced ROI with its wide range of capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed AlienVault OSSIM vs. Devo Report (Updated: April 2025).
Buyer's Guide
AlienVault OSSIM vs. Devo
April 2025
Download the complete report
Helped 847,862 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AlienVault OSSIM
Ranking in Security Information and Event Management (SIEM)
10th
Average Rating
7.4
Reviews Sentiment
7.1
Number of Reviews
31
Ranking in other categories
No ranking in other categories
Devo
Ranking in Security Information and Event Management (SIEM)
28th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
22
Ranking in other categories
Log Management (27th), IT Operations Analytics (6th), AIOps (15th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 3.9%, up from 3.6% compared to the previous year. The mindshare of Devo is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Aman Aijaz - PeerSpot reviewer
An easy-to-scale open-source solution used for monitoring events on devices
The area for improvement is a lot. When I started using it on our enterprise side, the issue we faced was, for example, if we were running at that time on AlienVault OSSIM v5.7.4. So, for some orders, we had to install some packages, and when we tried installing that package, some dependencies got upgraded to a new version. Now once that dependency got upgraded, the SQL, since you might be aware that OSSIM uses SQL database, now SQL and all the dependency in everything was not on the same version, and that caused the database to crash. The aforementioned area should be eased out by upgrading the patches and upgrading dependencies. This kind of thing is a disadvantage of OSSIM, and I would like them to work on this. But I have also raised service requests many times and gave it a push on the community section too. However, since it is a local source, they don't reply much over there. That is why I don't like to work on OSSIM because it is unpredictable. Once the storage goes above 50 percent, it starts behaving unpredictably. If you get stuck with a situation, then you need to drill a lockdown into that. Sometimes you get no luck. Then you have to just reimage the server with the new fresh OS of AlienVault. As for additional features, not much because if you move to the newer version, it is kind of getting more stable. But, to make my life easier, then I would say try to give more features. I know it's open source, so they also cannot provide me with more features. But still, if they can provide me with more features because right now it's becoming old. Right now, we are even moving from SIEM to Security Data Lake. So when we move to it, this will be literally outdated. No one can even expect anything out of it. The way security is moving, it will be outdated very soon. They have to also provide something new to keep this going for the future also.
Read full review
Michael Wenn - PeerSpot reviewer
Has cloud-first architecture with SIEM technology to run security operations
When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I recommend it due to the experience of the people running it."
"Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The paid version of the solution has reporting and better scalability options."
"The product is majorly used for threat detection of the agents on servers and endpoints."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"Better than other SIEM solutions because almost everything can be integrated."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
More AlienVault OSSIM pros
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
More Devo pros
 

Cons

"The main area where the AlienVault product was lacking around the 2018 timeframe was in its ability to scale."
"I suggest more in-built rules based on modern threats and environments to make it a more competitive solution."
"AlienVault OSSIM is costly."
"The price of this solution is very high and it could be cheaper."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"GUI could be improved."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The incidence reporting could be better."
More AlienVault OSSIM cons
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
"The price is one problem with Devo."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"My opinion on the solution's technical support is not as great as it could be because of the issues I have faced regarding the service management element."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
More Devo cons
 

Pricing and Cost Advice

"I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log."
"The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."
"We are using the community version, which can be used for free."
"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
"OSSIM is free."
"The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
"The solution is open source, so it's free to use."
More AlienVault OSSIM pricing and cost advice
"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
"Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
"The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this point they do, but when we first negotiated with them, there were only three or four tiers."
"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."
"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
"Devo is a hosted or subscription-based solution, whereas before, we purchased QRadar, so we owned it and just had to pay a maintenance fee. We've encountered this with some other products, too, where we went over to subscription-based. Our thought process is that with subscription based, the provider hosts and maintains the tool, and it's offsite. That comes with some additional fees, but we were able to convince our upper management it was worth the price. We used to pay under 10k a year for maintenance, and now we're paying ten times that. It was a relatively tough sell to our management, but I wonder if we have a choice anymore; this is where the market is."
More Devo pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
847,862 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Financial Services Firm
9%
University
7%
Financial Services Firm
17%
Computer Software Company
15%
Government
8%
University
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about AlienVault OSSIM?
Asset discovery is good.
See all answers
What is your experience regarding pricing and costs for AlienVault OSSIM?
It depends. I would need to review their cost models, but generally, they are on a scaled basis based on throughput usage. Because it's a software as a service solution for their core product for U...
See all answers
What needs improvement with AlienVault OSSIM?
Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implement...
See all answers
What do you like most about Devo?
Devo has a really good website for creating custom configurations.
See all answers
What is your experience regarding pricing and costs for Devo?
Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
See all answers
What needs improvement with Devo?
They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...
See all answers
 

Comparisons

Wazuh vs AlienVault OSSIM Logo
Wazuh vs AlienVault OSSIM
Compared 81% of the time
USM Anywhere vs AlienVault OSSIM Logo
USM Anywhere vs AlienVault OSSIM
Compared 5% of the time
Elastic Security vs AlienVault OSSIM Logo
Elastic Security vs AlienVault OSSIM
Compared 4% of the time
Splunk Enterprise Security vs AlienVault OSSIM Logo
Splunk Enterprise Security vs AlienVault OSSIM
Compared 2% of the time
Rapid7 InsightIDR vs AlienVault OSSIM Logo
Rapid7 InsightIDR vs AlienVault OSSIM
Compared 2% of the time
More AlienVault OSSIM Competitors
IBM Security QRadar vs Devo Logo
IBM Security QRadar vs Devo
Compared 18% of the time
Splunk Enterprise Security vs Devo Logo
Splunk Enterprise Security vs Devo
Compared 17% of the time
Microsoft Sentinel vs Devo Logo
Microsoft Sentinel vs Devo
Compared 16% of the time
LogRhythm SIEM vs Devo Logo
LogRhythm SIEM vs Devo
Compared 6% of the time
Wazuh vs Devo Logo
Wazuh vs Devo
Compared 6% of the time
More Devo Competitors
 

Product Reports

Buyer's Guide
AlienVault OSSIM
April 2025
AlienVault OSSIM reportDownload AlienVault OSSIM product report
Buyer's Guide
Devo
April 2025
Devo reportDownload Devo product report
 

Also Known As

OSSIM
No data available
 

Overview

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

AT&T

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Devo
 

Sample Customers

Council Rock School District
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Buyer's Guide
AlienVault OSSIM vs. Devo
April 2025
Free Report: AlienVault OSSIM vs. Devo
Find out what your peers are saying about AlienVault OSSIM vs. Devo and other solutions. Updated: April 2025.
DOWNLOAD NOW
847,862 professionals have used our research since 2012.
See our AlienVault OSSIM vs. Devo report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.