Try our new research platform with insights from 80,000+ expert users

Devo vs USM Anywhere comparison

Devo and LevelBlue are both solutions in the Security Information and Event Management (SIEM) category. Devo is ranked #30 with an average rating of 8.5, while LevelBlue is ranked #33 with an average rating of 7.3. Devo holds a 1.0% mindshare in SIEM, compared to LevelBlue’s 1.0% mindshare. Additionally, 95% of Devo users are willing to recommend the solution, compared to 92% of LevelBlue users who would recommend it.
Devo
Read 22 Devo reviews
  • 2,304 Views
  • 1,066 Comparison Views
95% willing to recommend
USM Anywhere
Read 115 USM Anywhere reviews
  • 2,391 Views
  • 1,649 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

USM Anywhere and Devo are significant players in the cybersecurity space. User reviews indicate USM Anywhere is preferred for its simpler deployment and stronger customer service, while Devo stands out with its robust feature set.

Features: USM Anywhere is appreciated for its extensive threat detection capabilities, intuitive centralized management, and straightforward deployment. Devo has advanced analytics, scalability, and comprehensive event management.

Room for Improvement: USM Anywhere users suggest improving its data integration capabilities and the performance of certain modules. Devo users wish for a more streamlined user experience and better documentation.

Ease of Deployment and Customer Service: USM Anywhere is praised for its straightforward deployment process and responsive support team. Devo, although requiring more configuration, offers comprehensive deployment flexibility. Users find USM Anywhere's customer service more reliable and accessible compared to Devo.

Pricing and ROI: USM Anywhere offers competitive pricing, making it appealing for small to medium-sized enterprises. Devo's higher pricing is justified by its expansive feature set and better scalability. Users report a favorable ROI for both, but Devo's extensive capabilities provide more significant long-term value.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Devo vs. USM Anywhere Report (Updated: January 2025).
Buyer's Guide
Devo vs. USM Anywhere
January 2025
Download the complete report
Helped 839,319 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Devo
Ranking in Log Management
28th
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
22
Ranking in other categories
IT Operations Analytics (6th), AIOps (15th)
USM Anywhere
Ranking in Log Management
41st
Ranking in Security Information and Event Management (SIEM)
33rd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
115
Ranking in other categories
Endpoint Detection and Response (EDR) (53rd), Compliance Management (12th)
 

Mindshare comparison

As of March 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Devo is 1.0%, down from 1.1% compared to the previous year. The mindshare of USM Anywhere is 1.0%, down from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Michael Wenn - PeerSpot reviewer
Has cloud-first architecture with SIEM technology to run security operations
When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.
Read full review
Kris Nawani - PeerSpot reviewer
Offers complete coverage without the need to install additional software
USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"Devo has a really good website for creating custom configurations."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
More Devo pros
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"Reports are customized, so you can present them to executives or engineers.​"
"The asset discovery and inventory capabilities in USM Anywhere is quite good."
"It has allowed us to see what is happening on our servers."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"The solution is stable."
More USM Anywhere pros
 

Cons

"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
More Devo cons
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"The dashboard could be improved as well as the level of customization."
"In the future, I would like to see all these features of the solution working properly."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"The only complex area of the setup was writing the custom scripts."
"Plugins could be better utilized, as some of them do not recognize all logs."
More USM Anywhere cons
 

Pricing and Cost Advice

"Our licensing fees are billed annually and per terabyte."
"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
"We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."
"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."
"Devo is a hosted or subscription-based solution, whereas before, we purchased QRadar, so we owned it and just had to pay a maintenance fee. We've encountered this with some other products, too, where we went over to subscription-based. Our thought process is that with subscription based, the provider hosts and maintains the tool, and it's offsite. That comes with some additional fees, but we were able to convince our upper management it was worth the price. We used to pay under 10k a year for maintenance, and now we're paying ten times that. It was a relatively tough sell to our management, but I wonder if we have a choice anymore; this is where the market is."
"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
More Devo pricing and cost advice
"So far, it has been a good solution for a tight budget."
"Do the one month trial and try to work out the kinks during it, as it has free support and service hours."
"AlienVault is certainly not nearly as expensive as Splunk or QRadar. It's decently priced, but I don't have the exact figure."
"Its price is in the medium to upper range."
"So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair."
"We pay around $12,000 a year including storage."
"Pricing is very competitive with other products and you get much more functionality from AlienVault."
"AlienVault is flexible on their pricing for unlimited licenses."
More USM Anywhere pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
839,319 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
16%
University
7%
Government
7%
Computer Software Company
19%
Financial Services Firm
8%
Educational Organization
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Devo?
Devo has a really good website for creating custom configurations.
See all answers
What is your experience regarding pricing and costs for Devo?
Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
See all answers
What needs improvement with Devo?
They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...
See all answers
What do you like most about AT&T AlienVault USM?
The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.
See all answers
What is your experience regarding pricing and costs for AT&T AlienVault USM?
The pricing is amazing and really cheap.
See all answers
What needs improvement with AT&T AlienVault USM?
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.
See all answers
 

Comparisons

Splunk Enterprise Security vs Devo Logo
Splunk Enterprise Security vs Devo
Compared 19% of the time
IBM Security QRadar vs Devo Logo
IBM Security QRadar vs Devo
Compared 18% of the time
Microsoft Sentinel vs Devo Logo
Microsoft Sentinel vs Devo
Compared 16% of the time
Wazuh vs Devo Logo
Wazuh vs Devo
Compared 6% of the time
LogRhythm SIEM vs Devo Logo
LogRhythm SIEM vs Devo
Compared 6% of the time
More Devo Competitors
AlienVault OSSIM vs USM Anywhere Logo
AlienVault OSSIM vs USM Anywhere
Compared 24% of the time
Wazuh vs USM Anywhere Logo
Wazuh vs USM Anywhere
Compared 14% of the time
Splunk Enterprise Security vs USM Anywhere Logo
Splunk Enterprise Security vs USM Anywhere
Compared 11% of the time
Rapid7 InsightIDR vs USM Anywhere Logo
Rapid7 InsightIDR vs USM Anywhere
Compared 10% of the time
IBM Security QRadar vs USM Anywhere Logo
IBM Security QRadar vs USM Anywhere
Compared 8% of the time
More USM Anywhere Competitors
 

Product Reports

Buyer's Guide
Devo
March 2025
Devo reportDownload Devo product report
Buyer's Guide
USM Anywhere
February 2025
USM Anywhere reportDownload USM Anywhere product report
 

Also Known As

No data available
AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
 

Overview

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Devo

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

  • Network asset discovery
  • Software & services discovery
  • AWS asset discovery
  • Azure asset discovery
  • Google Cloud Platform asset discovery

Analyze

  • SIEM event correlation, auto-prioritized alarms
  • User activity monitoring
  • Up to 90-days of online, searchable events

Detect

  • Cloud intrusion detection (AWS, Azure, GCP)
  • Network intrusion detection (NIDS)
  • Host intrusion detection (HIDS)
  • Endpoint Detection and Response (EDR)

Respond

  • Forensics querying
  • Automate & orchestrate response
  • Notifications and ticketing

Assess

  • Vulnerability scanning
  • Cloud infrastructure assessment
  • User & asset configuration
  • Dark web monitoring

Report

  • Pre-built compliance reporting templates
  • Pre-built event reporting templates
  • Customizable views and dashboards
  • Log storage
LevelBlue
 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
Buyer's Guide
Devo vs. USM Anywhere
January 2025
Free Report: Devo vs. USM Anywhere
Find out what your peers are saying about Devo vs. USM Anywhere and other solutions. Updated: January 2025.
DOWNLOAD NOW
839,319 professionals have used our research since 2012.
See our Devo vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.