Skip to content

Sprout Social relies on Devo to protect customer data

Sprout Social offers deep social media listening and analytics, social management, customer care and advocacy solutions to more than 28,000 brands and agencies worldwide. Sprout’s platform integrates the power of social throughout every aspect of a business, operating across major social networks including Twitter, Facebook, Instagram, Pinterest, YouTube and LinkedIn.


Headquarters: Chicago


Due to rapid customer growth, Sprout Social needed to scale its SOC to ensure the security of customer and corporate data and to protect the company’s reputation.


Sprout Social selected Devo to scale alongside the company’s SOC. The fit was natural since both are SaaS companies built in the cloud, for the cloud. With Devo securing its data, Sprout Social has evolved quickly in a rapidly changing security environment, able to scale with cloud infrastructure and protect its customer and corporate data from sophisticated cybercriminals.


  • The increased speed delivered by Devo has improved Sprout Social’s forensics and investigations, saving the SOC team time and making them more effective.
  • The SOC team can now capture past learnings from security events to adapt their alerting and reporting to be more proactive.
  • The simplicity of the Devo SaaS licensing model eliminates the need for Sprout Social to constantly calculate storage/CPU or other factors.


Sprout Social, which at the time was a six-year-old business growing exponentially, came to realize that its massive new customer growth levels would strain the capabilities of their security staff. The team decided that transforming its SOC with a security information and event management (SIEM) solution would enable them to automate repetitive, time-consuming tasks so analysts could focus on the most critical threats and vulnerabilities in real time.


Securing data and reputation, fast and at scale

Sprout Social is laser-focused on three security objectives: securing customer data, securing corporate data, and protecting the company’s reputation. As Sprout Social and its team grew, its security leader, Paril Patel, understood that the core mission for his security operations team was to support the growing company in a fashion that could scale to fit customer needs and an increased attack surface, all while ensuring the security of the company’s customers and their data.

The company evaluated several options while looking to scale its SOC, and the Devo Platform stood out most to Patel. As a fellow SaaS business, Devo met Sprout Social’s hope of finding a true partner, and not just acquiring another service.


“We wanted to avoid operational overhead to just focus on the value that comes out of a SIEM vs. the management overhead of running a SIEM. Devo does that natively.”
– Paril Patel, Sprout Social Security Leader


Working together, Devo and Sprout Social are consistently meeting Patel’s mission of protecting customer and company data (and thus Sprout Social’s reputation). An added bonus is the time savings Sprout Social’s SOC team is realizing since deploying Devo. When it comes to investigations such as validating that an employee actually logged into the same IP while using various Spout Social tools, he says, we can now “do that across all our SaaS tools rather than having to individually go into each tool. So, it’s a 2- to 5-minute query in Devo, as opposed to spending 15 to 20 minutes moving across three or four different SaaS tools!”


Automation allows for a more preventative approach to threat detection and response

As Sprout Social has grown, the need for its SOC to scale at the same pace was apparent. Partnering with Devo allowed the Sprout Social SOC to be more preventative and act in real time. As Patel explains, “There are two avenues we look to Devo to add value for us. One is as a forensics and investigations tool. Before Devo, a lot of our forensics were basically taking logs to group and pipe through various tools to get meaning out of them.

“With tremendous business growth, we were getting more and different types of logs, so when there was a potential security event, looking into it became really painful,” added Patel. “This is where one aspect of Devo comes in: at the investigation level, past learnings from events make prioritization of issues easier and more accurate. Now, with Devo, when we have an issue we can quickly find patterns or data that we need as part of the investigation. The second avenue is we have a single platform to not only search but to create alerting, trending and reporting on. Before Devo, we could only observe an issue after it happened. Now, we are getting notified during an issue or even before an issue occurs, in some cases.”


Devo drives organizations alignment

One of the greatest challenges for SOC leaders is being able to communicate the level of threats and risk potentials easily and effectively to various company stakeholders. Things are no different at Sprout Social. Since first standing up Devo, Patel says “Devo gives us information quickly. And it’s reproducible. We can reproduce an investigation or show someone what was found. This single pane of glass for most of our logs gives us the ability to move quickly and do it in a reproducible manner”. This benefit helps in keeping workers in the SOC aligned.

The Devo professional services team created and supports Devo Activeboards for Sprout Social. The Activeboards have proven to be tremendously useful in showcasing and understanding basics, such as how many events are coming in and the levels of ingest. Sprout’s Security team has used the visual nature of Activeboards to quickly show stakeholders the scope and impact of events. Such ease of understanding enables the Sprout Social SOC to retain the support needed to constantly protect the organization.

More Data. More Clarity. More Confidence.