Network Security Monitoring for the rest of us

Alex Stamos said in 2015 that the Fortune 500 is divided into two categories: The “Secure 100” and the “Toasted 400.” It was his opinion (and probably a pretty informed opinion) that even among our country’s biggest and wealthiest enterprises, 4/5 of them were not doing security very well at all.

And, although his talk was focused on AppSec, I bet nearly every one of those Toasted 400 companies was struggling with network visibility / cyber situational awareness. I see this on almost every penetration test or security assessment I lead. My team comes in and lights up the network like a forest fire and the system administrators rarely notice anything is different from the day before. Why? Because SEIM is expensive…running an IDS is resource intensive…and they just don’t have the budget for a six-figure gadget to monitor their network for attacks. Besides, who’s going to look at all that data anyway?

Enter Security Onion. Over the past few years, Doug Burks’ open source Security Onion has been quietly gaining followers and being adopted by organizations of all sizes around the world. Providing easy access to powerful tools like Snort, Suricata, Bro, and ELSA, Security Onion can jumpstart an organization’s security program by detecting cyber attacks in real time, correlating and grouping the alerts, and storing full packet captures for analysis and investigation. Security Onion is the solution of choice for SMBs.

Why? Let me give you a few reasons:

  1. It’s free (well, open source). The up-front cost to download and try Security Onion is zero dollars. No license fees, no participation fees, no maintenance fees. No fees, period.
  2. It’s easy to setup and use. Having set-up Snort other security monitoring tools, I can tell you, Security Onion is a dream come true. The installation guide is approximately less than one page and once you fire it up, it just works (Thanks, Doug!).
  3. When you deploy Security Onion, you’re investing in your own security program–not investing in blinking lights or shiny hardware. You’re contributing to your organization’s improved security posture, not some vendor’s revenue target.

What all this really means is that SMBs can actually afford security monitoring for their networks. Training is easy to get through Doug’s web site ( and he also can provide professional services to help you set-up, install, and tune your Security Onion deployment.

Don’t have time or money to do any of this in house with your existing staff? Because Security Onion is so affordable (free other than some hardware), companies like PLEX Solutions ( can offer network security monitoring as a service using Security Onion to fit almost any budget.

By Terry Bradley, Vice President at PLEX