A lot of SIEMs on the market have their own agent infrastructure. In our experience, there would definitely be some room for improvement. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. They built it on top of OS Query's open-source framework. "From our experience, the Devo agent needs some work. With this kind of platform, you have that information in real-time." Devo is pulling back information in a fast fashion, based on real-time events." "In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before." "The real-time analytics of security-related data are super. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities. The UI is very clean." "Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data." "The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. The dashboards are intuitive and highly customizable." "The user interface is really modern. You'd have a backlog of processing the logs as it was ingesting them." "The user experience well thought out and the workflows are logical.
This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest.
"It's very, very versatile." "The most valuable feature is definitely the ability that Devo has to ingest data.
0 kommentar(er)
