Devo vs NetWitness Platform comparison

Devo and NetWitness are both solutions in the Log Management category. Devo is ranked #27 with an average rating of 8.0, while NetWitness is ranked #38 with an average rating of 8.0. Devo holds a 1.2% mindshare in Log Management, compared to NetWitness’s 1.0% mindshare. Additionally, 95% of Devo users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.

Devo

Read 23 Devo reviews

5,226 Views
2,665 Comparison Views

95% willing to recommend

NetWitness Platform

Read 36 NetWitness Platform reviews

3,695 Views
1,921 Comparison Views

75% willing to recommend

Devo

NetWitness Platform

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Devo are two prominent solutions in cybersecurity. Devo seems to have the upper hand due to its scalability and flexible data ingestion, making it suitable for complex environments.

Features: NetWitness Platform offers comprehensive threat detection, forensic analysis, and deep network insights. Devo provides scalability, flexible data ingestion, and extensive analytics features with a granular level of detail.

Room for Improvement: NetWitness Platform needs to enhance integration capabilities, simplify operational complexities, and improve usability. Devo requires more refined real-time alerting mechanisms, an improved search function, and additional user-friendly enhancements.

Ease of Deployment and Customer Service: NetWitness Platform's deployment is intricate and time-consuming, requiring significant expertise, but it has responsive and helpful customer support. Devo offers a smoother, quicker deployment process and provides substantial guidance, although some users mention longer wait times for support.

Pricing and ROI: NetWitness Platform involves higher initial setup costs but delivers solid ROI through robust performance. Devo offers flexible pricing models that appeal to a range of budgets, and despite higher costs, its extensive features justify the price with users reporting satisfactory ROI.

To learn more, read our detailed Devo vs. NetWitness Platform Report (Updated: April 2026).

Buyer's Guide

Devo vs. NetWitness Platform

April 2026

Download the complete report

Helped 893,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Devo

Ranking in Log Management

27th

Ranking in Security Information and Event Management (SIEM)

26th

Average Rating

8.4

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

IT Operations Analytics (7th), AIOps (19th)

NetWitness Platform

Ranking in Log Management

38th

Ranking in Security Information and Event Management (SIEM)

39th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2026, in the Log Management category, the mindshare of Devo is 1.2%, up from 0.6% compared to the previous year. The mindshare of NetWitness Platform is 1.0%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management Mindshare Distribution
Product	Mindshare (%)
Devo	1.2%
NetWitness Platform	1.0%
Other	97.8%

Log Management

Featured Reviews

Francisco JavierRomo

Strategic Account Executive at a computer software company with 51-200 employees

Has improved investigative workflows with interactive dashboards and simplified data correlation

The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.

Read full review

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

A solid SIEM solution that should improve technical support and online resources to be easier to use

A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"One of the immediate improvements that come to mind is the amount of hot, searchable data, as in the SIEM we had before we were only able to search back 90 days of hot, searchable data, whereas here we have 400 days worth, which has definitely improved our threat hunting capabilities."

"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."

"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."

"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."

"Overall, Devo is awesome, but it's got some room to grow."

"With Devo, we can eliminate swivel chair analysis among tools for a streamlined workflow that gives us the most direct path to the root cause."

"Having one integrated tool helped us by removing the multiple teams, multiple pieces of equipment, and multiple software solutions from the equation."

"It's very, very versatile."

More Devo pros

"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."

"The most valuable feature is the hunting ability to work in a CERT."

"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."

"The newer 11.5 version that my team is using has found it to have good mapping."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The detection of ransomware in the internal network has benefited my organization."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The solution is reliable."

More NetWitness Platform pros

Cons

"Technical support could be better."

"I would like to have the ability to create more complex dashboards."

"However, the incident and threat detection is not what we had hoped for."

"Some basic reporting mechanisms have room for improvement."

"The price is one problem with Devo."

"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."

"It's stable but it's not extremely stable."

"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors."

More Devo cons

"Health monitoring of the event sources and devices."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."

"We encountered stability issues in the earlier versions, and much fewer in the newer versions."

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"The user interface is a little bit difficult for new users and it needs to be improved."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

More NetWitness Platform cons

Pricing and Cost Advice

"I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."

"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."

"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."

"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."

"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."

"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."

"The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this point they do, but when we first negotiated with them, there were only three or four tiers."

"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."

More Devo pricing and cost advice

"We are on an annual license for the use of the solution."

"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"The licenses are good but the cost is very expensive."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

More NetWitness Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

893,311 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Construction Company

Computer Software Company

Outsourcing Company

Financial Services Firm

11%

Comms Service Provider

Construction Company

Performing Arts

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	4
Large Enterprise	11

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	7
Large Enterprise	20

Questions from the Community

What is your experience regarding pricing and costs for Devo?

Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.

See all answers

What needs improvement with Devo?

The single pane of glass that Devo offers could be improved. The tools in Devo's active ports need enhancement in their investigative capabilities. The drill-down reports capabilities, while useful...

See all answers

What is your primary use case for Devo?

During my time at MetaBase Q and as a partner integrator of ServiceNow, I had the chance to understand and be part of projects integrating SOCs, NOCs, and Security Operation Centers with Devo. Most...

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

What is your primary use case for NetWitness Platform?

I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.

See all answers

Comparisons

LogRhythm SIEM vs Devo

Compared 9% of the time

Splunk Enterprise Security vs Devo

Compared 7% of the time

New Relic vs Devo

Compared 4% of the time

IBM Security QRadar vs Devo

Compared 3% of the time

Microsoft Sentinel vs Devo

Compared 3% of the time

More Devo Competitors

Splunk Enterprise Security vs NetWitness Platform

Compared 7% of the time

IBM Security QRadar vs NetWitness Platform

Compared 7% of the time

RSA enVision vs NetWitness Platform

Compared 4% of the time

Palo Alto Networks WildFire vs NetWitness Platform

Compared 4% of the time

Elastic Security vs NetWitness Platform

Compared 3% of the time

More NetWitness Platform Competitors

Product Reports

Buyer's Guide

Devo

May 2026

Download Devo product report

Buyer's Guide

NetWitness Platform

April 2026

Download NetWitness Platform product report

Also Known As

No data available

RSA Security Analytics

Overview

Devo offers powerful visual analytics, real-time data querying, and log integration capabilities within a cloud-native, multi-tenant architecture, supporting extended data retention ideal for long-term analysis and compliance.

Devo is recognized for its Activeboards, which facilitate visual analytics. High-speed search capabilities and real-time analytics enable efficient data manipulation and querying. Its multi-tenant architecture supports effective data segregation and customization tailored to distinct business needs, enhancing its value for handling complex log integrations. With extended data retention of 400 days and a cloud-native architecture, Devo is a robust platform for long-term analysis and compliance requirements. Though opportunities exist to improve browser stability on large searches, SOAR integrations, and its parser capabilities, Devo remains essential for incident response and security monitoring, offering centralized data storage and analysis.

What are Devo's most important features?

Activeboards: Facilitate visual analytics and data exploration.
High-Speed Search: Enables fast data querying and manipulation.
Real-Time Analytics: Supports instant insights and decision-making.
Multi-Tenant Architecture: Allows effective data segregation and customization.
Extended Data Retention: Offers 400-day log retention for compliance and analysis.
Complex Log Integration: Handles intricate data sources effortlessly.

What benefits and ROI should organizations look for in reviews?

Visual Insights: Enhance understanding through interactive dashboards.
Performance Efficiency: Saves time with high-speed data search and real-time results.
Customization Flexibility: Fits specific business requirements with multi-tenant architecture.
Long-Term Compliance: Ensures alignment with extended data retention needs.
Centralized Monitoring: Enables comprehensive incident response and security monitoring.

Devo is extensively used in industries focused on incident response and digital forensics, centralizing data for security monitoring across hybrid environments. Organizations benefit from its ability to store and analyze aggregated logs, creating alerts and dashboards to enhance visibility for network and endpoint activities in multi-domain settings.

Devo

NetWitness Platform provides seamless threat intelligence integration and robust log/packet ingestion. It enhances network visibility and incident management through automated threat detection, ideal for enterprises seeking scalability and security intelligence.

NetWitness Platform offers a comprehensive suite of tools designed to tackle security challenges within Security Operations Centers. It integrates data from endpoints, networks, and other sources, ensuring in-depth security analysis. By supporting features like XDR and UEBA, it grants a unified view of security events. Its capabilities extend to threat hunting, malware analysis, and network forensics, assisting organizations in managing incidents, ensuring compliance with regulations like GDPR, and detecting cyber threats. Users appreciate its ease of deployment, flexibility, and threat prediction capabilities, although improvements in integration, documentation, and AI are desired.

What are the key features of NetWitness Platform?

User-friendly Interface: Simplifies security monitoring and management.
Threat Intelligence Integration: Provides seamless access to threat data.
Log/Packet Ingestion and Alerting: Enhances detection and response.
Network Visibility: Improves threat detection across networks.
Incident Management: Streamlines response to security incidents.
Automated Threat Detection: Facilitates quick identification of threats.
Custom Connectors: Allows for tailored integrations.
Advanced Dashboarding and Reporting: Offers detailed insights.
Packet/Incident Correlation: Enhances understanding of threats.

What benefits can users expect when evaluating NetWitness Platform?

Threat Prediction: Anticipates potential vulnerabilities.
Ease of Use: Streamlines user experience.
Deployment Flexibility: Adapts to organizational structure.
Scalability: Supports growing security infrastructure needs.
Security Intelligence: Enhances awareness and response capabilities.

In finance and health sectors, NetWitness Platform aids significantly by providing comprehensive threat analysis, ensuring compliance, and facilitating rapid incident management. Enterprises in these industries benefit by maintaining robust security postures and meeting regulatory demands.

NetWitness

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel

Los Angeles World Airports, Reply

Buyer's Guide

Devo vs. NetWitness Platform

April 2026

Free Report: Devo vs. NetWitness Platform

Find out what your peers are saying about Devo vs. NetWitness Platform and other solutions. Updated: April 2026.

DOWNLOAD NOW

893,311 professionals have used our research since 2012.

See our Devo vs. NetWitness Platform report.

See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.