Devo’s new Devo Security Operations solution runs on top of their core platform, and is aimed both at enterprise SOCs and providers of managed security services.
At RSA this week, Devo Technology is showing off their new Devo Security Operations solution, which went into General Availability last week. It expands their core data management and analytics platform into a solution for the SOC.
“Devo has been in business for over eight years with our core platform, and now we have officially launched the Devo Security Operations component,” said Jason Mical, Cybersecurity Evangelist at Devo. “The GA of this platform is our big buzz at RSA, and is our big unveiling. We have been at RSA with our enterprise log management solution before, but this will be the first time that we have presented this security operations platform.”
Devo – the name is an acronym of Data Evolved – provides next-generation SIEM management, and started in the large telecom space.
“The core functionality of Devo is enterprise log management,” Mical said. “Everyone else has that too, but our unique approach is to improve the capabilities without having to index everything, and that lets us be the data lake for many organizations.”
Devo’s core value proposition becomes with a premise that isn’t terribly controversial, that legacy SIEMs and their traditional approach have become limited today.
“What we do is combine the functions of the legacy SIEMs around event management and triaging, while adding a lot of automation in the background,” Mical said. “It produces alerts that are important to the end user, eliminating alert fatigue and providing context-rich analysis. We also combine SIEM functions with a lot of other functionality. We automatically enrich and provide high fidelity information. We incorporate our own internal threat data service, incorporating our threat intelligence platform as a component so it’s not something else to manage. We also add an investigative landscape, because SIEMs don’t have the ability to conduct investigations.”
Devo Security Operations, which is delivered on the Devo Data Analytics Platform, is specifically targeted at enterprise SOCs as well as providers of SOC services, and is aimed at reducing analysts’ workflow from hours to minutes.
“We incorporate all of the capabilities we provide seamlessly together, so SOC analysts aren’t put in the position of having to do swivel chair responses,” Mical stressed.
Mical acknowledged that the SIEM industry as a whole has recognized that modernization is necessary, and that customers today are much more unwilling to accept traditional SIEM limitations. But he said that recognizing this is one thing, and executing on it is another.
“The industry has identified that change has to be made, but a lot of the vendors are still struggling to accomplish it,” he said. “The way we built the foundation of the platform provides much faster detection and much faster workflows. SOARs also use APIs, but they still produce swivel chair response.”
OpenText, which obtained enterprise grade security services in their 2017 acquisition of Guidance Software, relies on Devo under the hood.
“We use Devo as our single source of truth,” said Kevin Golas, Director of World Wide Security Services at OpenText. “We provide clients with managed security services and use Devo for our central point of analysis. We use it for all our network logs. When I came on board, the issue was what were we doing with the network as well as endpoints. We chose Devo for this because they gave us the best way to pivot between logs and data sources.”
Devo Security Operations will be sold both to enterprise SOCs and to providers of managed security services, including MSSPs.
“Our Devo Security Operations was designed to help SOCs, but it was built for multi tenancy from the ground up,” Mical said. “This makes MSSPs a customer, with us being technology that supports that initiative.”
While Devo has a direct sales team, they also have a channel division, and a team that manages strategic alliances.
“A lot of our channel business comes from our technology alliance partners like Open Text, although we also have a channel of our own resellers,” Mical indicated. The latter channel is relatively small in number, with fewer than 20 overall.
Devo is demonstrating the new offering this week at RSA, at Booth South 2339.