Customer Story

National Financial Services Firm Chooses Devo Over LogRhythm to Make SOC More Effective

At a Glance
  • Enable greater visibility into the firm’s on-premises and cloud data
  • Make the firm’s SOC analysts more productive and efficient
  • Ability to scale with the company’s future data volume projections

Industry: Financial Services

Location: North America

About The National Financial Services Firm

Seeking to make its SOC more effective, a top national financial services
organization identified increased visibility into all of its environments as an urgent need. The firm is in the midst of a digital transformation and currently has a mix of on-premises and cloud computing data feeds.
The incumbent, LogRhthym, was failing to ingest cloud data from AWS CloudTrail and other services. This, combined with prior product issues, compelled the financial services firm to seek a replacement.

Customer Quick Facts


In the midst of a digital transformation, this top financial
services firm discovered several shortcomings of LogRhythm
related to ingesting cloud data. This major issue, coupled with past
dissatisfaction with LogRhythm, and on-premises data that prevented the firm’s SOC from performing to expectations led to the decision to replace LogRhythm with Devo.


The Devo Platform ingests all data types, regardless of location. Activeboards make it easy for analysts to visualize and analyze data, and Devo easily scales to terabytes of data ingestion per day.


  • Enable greater visibility into the firm’s on-premises and cloud data
  • Ability to ingest cloud data such as AWS CloudTrail and other services
  • Ability to scale with the company’s future data volume projections
  • Make the firm’s SOC analysts
    more productive and efficient

Wanted: A Solution To Handle Cloud And On-premises Data, Including AS/400

A large national financial services firm with branches in most U.S. states is well into a digital transformation. Prior to this project, the security team was aware their ineffective SOC required modernization.
The company had been a longtime LogRhythm customer, but during its transition to the cloud the firm discovered that LogRhythm could not ingest cloud data from services such as AWS CloudTrail, Office 365, and Azure.

This major shortcoming, compounded by other historic LogRhythm product issues including the inability to deliver desired functionality—data field limitations, difficulty creating custom rules and alerts, challenges integrating custom threat intelligence, and complex threat-hunting workflows—all served to highlight the firm’s past issues
with LogRhythm.

The firm also had ongoing and future on-premises data needs, such as firewalls, proxy logs, Windows servers, applications, and even AS/400 data. All of these issues compromised SOC performance, making the decision to shed LogRhythm easy.

Why Devo

Several critical capabilities made Devo attractive to the customer, including:

  • The ability to ingest machine data in raw format—especially unstructured data—from on-premises and cloud sources such as cloud provider log files, firewalls, and security, as well as older legacy systems
  • The ability to smoothly ingest multiple terabytes of data and query as needed
  • The ability to easily analyze data using Devo Activeboards, which bring machine data to life with rich visuals, intuitive dashboards, and interactive capabilities
  • Many large enterprises successfully use Devo, demonstrating a proven track record that exceeds this company’s requirements

How much can you save?

The Devo architecture yields increased performance and significant cost savings. Ready to see how much you can save?

Next Steps

The firm expects to be up and running quickly and plans to evaluate Devo Security Operations.