![]() ![]() Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. This capability is quite nice, but it is not a reporting engine. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets." "Some basic reporting mechanisms have room for improvement. But I can say that about pretty much any solution in this space." "The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. There is also some room for improvement within the native parsers they support. "There's room for improvement within the GUI. It does all of that in a very easy-to-manage cloud-based solution." The data is always stored in its original format and you can normalize the data after it has been stored." "The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is." "The most powerful feature is the way the data is stored and extracted. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events." "The alerting is much better than I anticipated. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to answer questions quickly. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. ![]() This allows for global views and/or isolated views restricted by access controls by company or business unit." "The ability to have high performance, high-speed search capability is incredibly important for us. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way." "Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data." "It's very, very versatile." "Devo provides a multi-tenant, cloud-native architecture. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. And I can do that by creating entity-based queries. "The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |