The most valuable feature of Security Onion for security monitoring is its ability to find infected ports. I have used the Squert tool within Security Onion the most for threat hunting.
Security Onion 2
Security Onion Solutions, LLC | 2.4.160Linux/Unix, Other 9 - 64-bit Amazon Machine Image (AMI)
External reviews
3 reviews
from
External reviews are not included in the AWS star rating for the product.
Provides good threat hunting by finding infected ports, but its initial setup is difficult
What is most valuable?
What needs improvement?
The initial setup of the solution is a little bit difficult.
For how long have I used the solution?
I have been using Security Onion for one year.
How are customer service and support?
The solution’s technical support is good and responsive.
How would you rate customer service and support?
Neutral
How was the initial setup?
On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a six out of ten.
What's my experience with pricing, setup cost, and licensing?
Security Onion is an open-source solution.
On a scale from one to ten, where ten is expensive and one is cheap, I rate the solution's pricing a six out of ten.
Which other solutions did I evaluate?
Before choosing Security Onion, we evaluated Splunk. We chose Security Onion because it's a free and open-source solution.
What other advice do I have?
Security Onion is deployed on the cloud in our organization. I would recommend the solution to other users.
Overall, I rate the solution a seven out of ten.
A mature and affordable solution that is easy to install and easy to update
What is our primary use case?
The solution is used to learn how the tools work. It enables us to do consulting and demonstrate solutions. We develop attacks, detect them, and demonstrate how it works. The customers are interested in seeing how and what these tools can do.
What is most valuable?
We are only working with open-source products. The tool is very easy to install and easy to update. A lot of interfaces are specified. So, it's quite easy to make extensions. It is very important when we do experiments and try to connect and integrate other tools. Security Onion is the most mature solution in the open source world. This is its biggest advantage.
What needs improvement?
The product takes time to learn, it's not that easy. In the beginning we had a lot of questions. If you want to use such a tool in an real (industrial) environment, you have to ask how to get the network data. Can we do a full packet capture? Can we provide agents to our end systems? There are no simple solutions to these questions. It's a general problem when running such systems in an industrial environment.
For how long have I used the solution?
I have been using the solution for about ten years. I am using the latest version.
How are customer service and support?
There is a community. If we are active and ask people questions, we get answers. We also have the option to buy support for difficult problems.
Which solution did I use previously and why did I switch?
We also use Malcolm. It is a similar platform. But it is not as mature as Security Onion. The system management features are not perfect and need to be improved.
How was the initial setup?
The solution is partially in a real environment and partially in a virtual environment. The focus is on the OT environment. Our main focus is to deliver security in automation systems. It is very easy to set up.
What's my experience with pricing, setup cost, and licensing?
It is an open-source solution. The vendor also sells a hardware solution (appliance) as a paid solution.
What other advice do I have?
My advice depends on the requirements, network, and resources available in an organization. It also depends on whether someone is looking for a turnkey solution, whether they are interested in working alone, and what their skills are. There is no one solution for all installations. Overall, I rate the product a ten out of ten.
poorly developed , no support for software, no architecture or deployment details,
poorly developed, no support for software, no architecture or deployment details,
what is the purpose of having this software at this platform , absolutely nothing
The solution can be used for internal vulnerability assessment, but its user interface could be improved
What is most valuable?
We use Security Onion for internal vulnerability assessment.
What needs improvement?
Security Onion's user interface could be improved. The solution's general reporting should be made simple and better-looking in terms of graphics so that we can update our senior management.
For how long have I used the solution?
I have been using Security Onion for four years.
What do I think about the stability of the solution?
Security Onion is a stable solution, but we experience some crashes.
I rate Security Onion a six out of ten for stability.
What do I think about the scalability of the solution?
Security Onion is a scalable solution, but some connected APIs are a bit difficult to integrate. Two people are using Security Onion in our organization.
I rate Security Onion a five out of ten for scalability.
How are customer service and support?
We are part of the solution's blogging site, where we discuss with other people working on it so that we understand most things. Security Onion's blogging site or community forum helps us to resolve all our issues.
How was the initial setup?
Security Onion's deployment needs to be a bit simple. Some explanations or jargon are a bit complicated and should be made simple enough to understand.
What's my experience with pricing, setup cost, and licensing?
Security Onion is a free solution.
What other advice do I have?
Security Onion is deployed on our established private cloud, which operates from our recovery site.
Security Onion does not need any maintenance.
You need to be skilled in order to use Security Onion.
Overall, I rate Security Onion a six out of ten.
Which deployment model are you using for this solution?
Private Cloud
showing 1 - 4