Security Onion Reviews

My main use case for Security Onion is its integration with multiple platforms and its function as a centralized system to visualize logs and events.

Security Onion has positively impacted my organization by greatly improving our security posture. It makes alert triage easier to handle, the analysis of threats is very simple, and the cost of threat analysis and detection has decreased.

I have noticed measurable improvements since using Security Onion, with security incidents improving from 45 to 60% over the past three years.

The best features Security Onion offers include acting as the intrusion detection system in my organization and helping me to address traffic, logs, and events happening within the organization. Since Security Onion is an open-source system that integrates with tools like Suricata and Zeek with the ELK stack, it enables threat detection and response capabilities, delivering high-level security measures at a cost, making it suitable for businesses of varying skill levels.

These integrations with Suricata and Zeek have greatly impacted our workflow and our team's effectiveness by helping us address issues such as identifying intrusions, evaluating threats, and overseeing log files.

This tool is very cost-effective, making it suitable for any size of organization wanting to use it.

For Security Onion, setting up and configuring the system can be quite challenging for newcomers due to the need for a grasp of networking and security concepts.

The specific challenges that make the setup and configuration difficult include the system demanding resources to function, which might be a challenge for smaller companies. Although there is support from the very proactive open-source community, tackling intricate problems usually requires technical knowledge.

I have been using Security Onion for the same amount of time.

I have not experienced any downtime with Security Onion, so it appears to be quite stable.

Security Onion's scalability has handled my organization's growth perfectly, so it is very scalable as it scales with our organization's growth increases.

For the time I have been in contact with customer support, they have been very responsive and proactive.

I previously used SolarWinds Loggly.

My experience with the configuration process is that setting up and configuring the system can be quite challenging, especially for new users or newcomers due to the need for a grasp of networking and security concepts.

I have seen a return on investment through time saved from faster incident resolution and also very fast threat detection, freeing time for our security team to focus on more strategic tasks and projects. Additionally, security has greatly improved in my organization, and the cost-effective nature of Security Onion offers a budget-friendly option for monitoring networks in real time and responding to incidents promptly.

A specific example of how Security Onion made threat analysis easier and reduced costs is that it has been one of the best platforms we found for alerting, hunting, and tracking various security vulnerabilities, making it very easy for hunting and tracking of various security vulnerabilities while saving a lot of time and costs.

I decided to switch from SolarWinds to Security Onion because, while other vendors may have a more robust solution, Security Onion was the one to move forward with for our needs. We have tested some of the others, but the cost of those platforms made the return on investment not as desirable as Security Onion. There is also a learning curve with Security Onion, but it is worth it.

Before choosing Security Onion, I evaluated other options including SolarWinds IP Monitor and also SolarWinds Log Analyzer.

The advice I would give to others looking into using Security Onion is that it works well for setting up within a Linux environment, bringing a new platform to run and maintain. The application itself has helped to keep track of logs and vulnerabilities in the environment, and alert triage and case creation is simple to start and follow through to the end, making it a highly recommendable tool.

I love Security Onion; it is an open-source tool supported by a community of like-minded users. The GUI is straightforward and easy to work with, and I also appreciate that there is the ability to use an appliance from Security Onion, though we have not had a need to use it yet.

Security Onion integrates very well with other AWS services I use in my case.

The configuration and the easy-to-use interface of Security Onion offer an affordable and budget-friendly option for monitoring networks in real-time and responding to incidents promptly. I would rate this review three out of five.

The solution is used to learn how the tools work. It enables us to do consulting and demonstrate solutions. We develop attacks, detect them, and demonstrate how it works. The customers are interested in seeing how and what these tools can do.

We are only working with open-source products. The tool is very easy to install and easy to update. A lot of interfaces are specified. So, it's quite easy to make extensions. It is very important when we do experiments and try to connect and integrate other tools. Security Onion is the most mature solution in the open source world. This is its biggest advantage.

The product takes time to learn, it's not that easy. In the beginning we had a lot of questions. If you want to use such a tool in an real (industrial) environment, you have to ask how to get the network data. Can we do a full packet capture? Can we provide agents to our end systems? There are no simple solutions to these questions. It's a general problem when running such systems in an industrial environment.

I have been using the solution for about ten years. I am using the latest version.

There is a community. If we are active and ask people questions, we get answers. We also have the option to buy support for difficult problems.

We also use Malcolm. It is a similar platform. But it is not as mature as Security Onion. The system management features are not perfect and need to be improved.

The solution is partially in a real environment and partially in a virtual environment. The focus is on the OT environment. Our main focus is to deliver security in automation systems. It is very easy to set up.

It is an open-source solution. The vendor also sells a hardware solution (appliance) as a paid solution.

My advice depends on the requirements, network, and resources available in an organization. It also depends on whether someone is looking for a turnkey solution, whether they are interested in working alone, and what their skills are. There is no one solution for all installations. Overall, I rate the product a ten out of ten.

We use Security Onion for internal vulnerability assessment.

Security Onion's user interface could be improved. The solution's general reporting should be made simple and better-looking in terms of graphics so that we can update our senior management.

I have been using Security Onion for four years.

Security Onion is a stable solution, but we experience some crashes.

I rate Security Onion a six out of ten for stability.

Security Onion is a scalable solution, but some connected APIs are a bit difficult to integrate. Two people are using Security Onion in our organization.

I rate Security Onion a five out of ten for scalability.

We are part of the solution's blogging site, where we discuss with other people working on it so that we understand most things. Security Onion's blogging site or community forum helps us to resolve all our issues.

Security Onion's deployment needs to be a bit simple. Some explanations or jargon are a bit complicated and should be made simple enough to understand.

Security Onion is a free solution.

Security Onion is deployed on our established private cloud, which operates from our recovery site.

Security Onion does not need any maintenance.

You need to be skilled in order to use Security Onion.

Overall, I rate Security Onion a six out of ten.

The most valuable feature of Security Onion for security monitoring is its ability to find infected ports. I have used the Squert tool within Security Onion the most for threat hunting.

The initial setup of the solution is a little bit difficult.

I have been using Security Onion for one year.

The solution’s technical support is good and responsive.

Neutral

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a six out of ten.

Security Onion is an open-source solution.

On a scale from one to ten, where ten is expensive and one is cheap, I rate the solution's pricing a six out of ten.

Before choosing Security Onion, we evaluated Splunk. We chose Security Onion because it's a free and open-source solution.

Security Onion is deployed on the cloud in our organization. I would recommend the solution to other users.

Overall, I rate the solution a seven out of ten.