Snort vs. Security Onion

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Snort
Score 8.4 out of 10
N/A
Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.N/A
Security Onion
Score 9.5 out of 10
N/A
Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management, developed by the company of the same name in Evans. Their products include both the Security Onion software and specialized hardware appliances that are built and tested to run Security Onion. The company also offers paid support and training services.N/A
Pricing
SnortSecurity Onion
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
SnortSecurity Onion
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
SnortSecurity Onion
Best Alternatives
SnortSecurity Onion
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 3.9 out of 10
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 3.9 out of 10
Medium-sized Companies
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Enterprises
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
SnortSecurity Onion
Likelihood to Recommend
8.1
(0 ratings)
8.0
(0 ratings)
User Testimonials
SnortSecurity Onion
Likelihood to Recommend
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Read full review
Security Onion works well for setting up within a Linux environment. This brings a new platform to run and maintain though. The application its self has helped to keep track of logs and vulnerabilities in the environment. Alert triage and case creation is simple to start and follow through to the end.
Read full review
Pros
  • The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
  • Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
  • In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
Read full review
  • GUI
  • Support
  • Easy of use
Read full review
Cons
  • There are plenty of false positives in the logs, but no problems noticed related to them.
Read full review
  • Requires Linux
  • Training
Read full review
Alternatives Considered
Snort was chosen mainly for the ease and cost. With Snort we was able to set up in a matter of minutes without any professional services needed. If you are used to packet tracing the old fashion way, this is the product for you.
Read full review
Other vendors may have a more robust solution but for our needs, Security Onion was the one to move forward with. We have tested some of the others but the cost of those platforms makes the ROI not as desirable. There is a learning curve with Security Onion but it is worth it for the value provided.
Read full review
Return on Investment
  • The Sourcefire deployment has been very good at actively blocking threats that would have potentially caused loss or compromise.
  • It has given us great visibility to our network.
Read full review
  • Makes Alert Triage easier to handle
  • Analysis of threats simple
Read full review
ScreenShots