Beats are the agents that have to be installed on the terminals to send the data. It is very fast." "Elastic has a lot of beats, such as Winlogbeat and Filebeat. I can set it to check anomalies or suspicious behavior every 30 seconds. It has the latest standards." "Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted." "The performance is good and it is faster than IBM QRadar." "The most valuable feature is the speed, as it responds in a very short time." "The most valuable feature is the machine learning capability." "It is very quick to react. "Elastic is straightforward, easy to integrate, and highly customizable." "The most valuable features are the speed, detail, and visualization. The dashboards are intuitive and highly customizable." As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics." "The user experience well thought out and the workflows are logical. That's one reason that having 400 days of live data is pretty huge. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. In the past, our operational norm was to keep live data for only 30 days. And they can not only do so from a security point of view, but even for operational use cases. This allows for global views and/or isolated views restricted by access controls by company or business unit." "Those 400 days of hot data mean that people can look for trends and at what happened in the past. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. The UI is very clean." "Devo provides a multi-tenant, cloud-native architecture. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. You'd have a backlog of processing the logs as it was ingesting them." "The user interface is really modern. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. Devo is pulling back information in a fast fashion, based on real-time events." "It's very, very versatile." "The most valuable feature is definitely the ability that Devo has to ingest data. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way." "The real-time analytics of security-related data are super. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. And I can do that by creating entity-based queries. "The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast.