Devo
Devo provides cloud-native security analytics for real-time threat detection.
Devo is a cloud-native security analytics platform that provides SIEM, SOAR, and UEBA capabilities for information security and operations teams. Unlike traditional solutions that index and transform data, Devo stores raw data in hot format with micro-indexing, delivering query results in milliseconds and maintaining 400 days of always-hot data retention. The platform excels at real-time alerting, threat detection, compliance, and fraud prevention, with particular strength in correlating security data for deeper context and faster incident response.
Problem solved
Security teams struggle with slow query response times, limited data retention, and inability to correlate historical security events for threat investigation and compliance audits.
Target customer
Enterprise security operations centers (SOCs), Fortune 500 companies, financial services firms, government agencies, and mid-market organizations with complex security logging and compliance requirements.
Founders
P
Pedro Castillo
Co-Founder
Spanish entrepreneur who co-founded Devo in 2011 in Madrid.
P
Pedro Palao
Co-Founder
Co-founder of Devo, based in Spain at inception.
J
Juana Nunez Garcia
Co-Founder
Co-founder of Devo, contributed to platform development.
D
Daniel Garcia
Co-Founder
Co-founder of Devo, part of original founding team.
Funding history
Series A
Unknown
January 2017
Led by Kibo Ventures
· Unknown
Series B
Unknown
September 2017
Led by Insight Partners
· Unknown
Series C
Unknown
June 2018
Led by Unknown
· Unknown
Series D
Unknown
September 2020
Led by Bessemer Venture Partners
· Unknown
Series E
$250M
October 2021
Led by TCV
· Unknown
Series F
$100M
June 2022
Led by Eurazeo
· Unknown
Total raised:
$500M+
Industries
Pricing
Subscription-based with annual contracts. Mid-range pricing compared to competitors like Splunk (more expensive) and Elastic Security (less expensive). Engagements typically include consulting days and platform subscription. Not publicly disclosed in detail.
Notable customers
H&R Block, Manulife, FanDuel, Ulta Beauty, American Express Global Business Travel, Bitkub, OneMain Financial, Ivy Tech Community College, Oklahoma University, US Air Force
Integrations
CrowdStrike Falcon, Detecteam
Website
Competitors
Splunk
Market leader with broader feature depth and adaptability, but higher cost and slower performance; Devo prioritizes speed and real-time analytics.
Sumo Logic
Comparable SIEM/cloud-native platform; Devo differentiates with faster query performance and longer hot data retention (400 days).
Exabeam
Stronger in UEBA and behavioral analytics; Devo offers more balanced SIEM, SOAR, and analytics capabilities.
Microsoft Sentinel
Azure-native SIEM with tighter Microsoft ecosystem integration; Devo is platform-agnostic with superior speed and raw data processing.
Elastic Security
More cost-effective but less feature-rich; Devo offers deeper analytics, better scalability, and dedicated security operations focus.
Why this matters: Devo achieved unicorn status in 10 years and has raised $500M+ from top-tier investors including TCV and Eurazeo, signaling strong market validation. The company's architectural innovation—raw data processing with micro-indexing—fundamentally changes how security teams approach threat investigation and compliance, positioning it as a serious challenger to Splunk in the enterprise SIEM market despite significant mindshare gaps.
Best for: Enterprise security teams and SOCs that need sub-millisecond query response times, extended data retention for forensics, and real-time threat detection without compromising on data availability.
Use cases
Rapid Threat Investigation
Security analysts need to investigate security incidents across months of historical data. Devo's micro-indexing delivers results in milliseconds, enabling analysts to correlate events and identify attack patterns in real-time rather than waiting for traditional indexed searches to complete.
Compliance & Audit
Organizations must maintain audit trails and prove compliance with regulations like HIPAA, PCI-DSS, and SOX. Devo's 400-day hot data retention and raw data storage eliminates the need for expensive cold storage, while enabling instant access to historical logs for audits.
Fraud Detection
Financial services firms detect fraudulent transactions by correlating user behavior patterns over extended periods. Devo's UEBA capabilities combined with fast analytics enable real-time anomaly detection and investigation without performance degradation.
CrowdStrike Data Enhancement
Organizations using CrowdStrike Falcon get deeper insights by forwarding endpoint data to Devo for 400 days of retention and advanced correlation, providing context that helps security teams understand attack scope and impact beyond what native Falcon analytics provides.
Alternatives
Splunk Enterprise Security
Choose Splunk for broader ecosystem integration and feature depth; choose Devo for significantly faster performance and lower cost.
Microsoft Sentinel
Choose Microsoft Sentinel if you're heavily invested in Azure ecosystem; choose Devo for platform-agnostic deployment and faster analytics.
Sumo Logic
Both are cloud-native, but Devo offers longer hot retention and superior query speed; Sumo Logic offers broader log management beyond security.
FAQ
What does Devo do? +
Devo is a cloud-native security analytics platform that combines SIEM, SOAR, and UEBA capabilities to help security teams detect, investigate, and respond to threats in real-time. Unlike traditional solutions that index and transform data, Devo stores raw data in hot format with millisecond query response times and maintains 400 days of always-hot data retention.
How much does Devo cost? +
Devo does not publicly disclose detailed pricing. Annual subscription contracts are offered with consulting services included. Pricing is mid-range compared to Splunk (more expensive) and Elastic Security (less expensive). Contact Devo's sales team for custom quotes.
What are alternatives to Devo? +
Top alternatives include Splunk Enterprise Security (broader features but higher cost), Microsoft Sentinel (Azure-native, tight ecosystem integration), Sumo Logic (comparable cloud-native SIEM), and Exabeam (stronger in behavioral analytics). The best alternative depends on your infrastructure, budget, and specific security needs.
Who uses Devo? +
Devo serves enterprise security operations centers, Fortune 500 companies, financial services firms (H&R Block, Manulife, American Express), and government agencies (US Air Force). Notable customers include FanDuel, Ulta Beauty, and organizations with strict compliance requirements.
How does Devo compare to Splunk? +
Splunk is the market leader with deeper features and broader adaptability, but costs significantly more and has slower query performance. Devo differentiates with millisecond query response times, raw data processing without indexing, longer hot retention (400 days vs. typical Splunk deployments), and more competitive pricing. Splunk is better for organizations needing extensive ecosystem integrations; Devo is better for speed-critical security operations.
Does Devo work with CrowdStrike? +
Yes. Devo integrates with CrowdStrike Falcon to provide deeper analytics and longer data retention (400 days hot) than native Falcon analytics offer, enabling better correlation and context for threat investigation.
What makes Devo's technology different? +
Devo's micro-indexing technology allows data to remain in raw, hot format indefinitely without transformation, delivering sub-millisecond query results and eliminating the indexing overhead that slows down traditional SIEM platforms. This approach enables superior scalability, faster forensics, and cost-effective long-term data retention.
Tags
SIEM
security analytics
cloud-native
threat detection
SOAR
UEBA
compliance
real-time analytics