Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up to large distributed deployments for your enterprise! Here are some of our enterprise use cases:

For the complete list of use cases, please see the Use Cases section of our documentation:

https://docs.securityonion.net/en/2.4/use-cases.html#use-cases

Did you know Security Onion provides a customized Elastic Agent that makes deployment easier?

Did you know Security Onion provides a customized Elastic Agent that makes deployment easier?

Check out our Elastic Agent documentation:

https://docs.securityonion.net/en/2.4/elastic-agent.html

Also see our Elastic Agent video:

https://youtu.be/cGmQMsFuAvw 

Did you know Security Onion works for several different use cases?

Did you know Security Onion works for several different use cases from minimal deployments all the way up to large enterprise deployments? Here are just a few of the smaller deployment use cases:

For a longer list, please see the Use Cases section of our documentation:

https://docs.securityonion.net/en/2.4/use-cases.html#use-cases

Did you know Security Onion Pro provides enterprise features that folks have been asking for?

As we continue our DidYouKnowSO series, did you know Security Onion Pro provides enterprise features that folks have been asking for? Here are some of those enterprise features:

• Open ID Connect (OIDC) SSO
• Data at Rest Encryption
• DoD Security Technical Implementation Guide (STIG) Compliance for the OS
• Federal Information Processing Standards (FIPS) Compliance for the OS
• External Notifications in SOC

These enterprise features (and more!) are now available in Security Onion Pro!

You can read more about Security Onion Pro at:
https://securityonion.com/pro

For a limited time, we are offering a 10% discount for new purchases of Security Onion Pro!

https://blog.securityonion.net/2024/09/10-discount-for-security-onion-pro-for.html

Did you know Security Onion appliances are the best way to run Security Onion?

As we continue our DidYouKnowSO series, did you know Security Onion appliances are the best way to run Security Onion?

In 2018, we announced Security Onion Solutions (SOS) appliances. Since that time, we've shipped appliances to customers around the globe to help them peel back the layers of their enterprise and make their adversaries cry.

Why should you purchase hardware appliances from Security Onion Solutions? Here are the top 5 reasons!

1. Eliminate the guesswork of buying the right hardware
   You can run Security Onion on your own hardware, but you'll have to determine the answers to the following questions:
   How many CPU cores?
   How much RAM?
   What kind of storage?
   How much storage?
   What kind of NIC?
   
   Security Onion Solutions hardware is configured and built for specific roles and workloads. We know Security Onion's hardware needs, and our appliances are the perfect match for the platform. Leave the hardware research, testing, and support to us, so you can focus on what's important for your organization.
   
   
   
   
   
   
2. Save time for you and your server team
   If you run Security Onion on your own hardware, then you may need to configure your storage correctly and then you'll have to manually install Security Onion.
   
   Security Onion Solutions appliances come with storage pre-configured and the Security Onion platform pre-loaded so that you can focus on your real job of monitoring and defending your enterprise.
   
   
3. Enhanced integration
   Security Onion's SOC interface provides appliance-specific information directly in the user-interface. Use this information to monitor the appliance's health in real time. Also view the appliance front and rear panels, useful for walking through connectivity discussions with personnel in the data center. Only official Security Onion Solutions appliances are supported with this integration.
   
   
   
   
4. Get FULL support from ONE vendor
   If you experience problems, it may be challenging in some cases to determine if the problem is due to hardware or software especially if hardware support is from one vendor and software support is from a different vendor.
   
   Security Onion Solutions supports both the hardware and software components of our branded appliances. Security Onion software support includes configuration, deployment, tuning, and break fix support delivered remotely via email, phone, or video conference.  Hardware support includes defective media retention (you keep and destroy bad hard drives) with next business day shipping on parts within the continental United States. On-site technicians can be coordinated for complex part repairs. We can quote 1-5 years of support, with higher discounts for longer support terms.
   
   
5. BY defenders FOR defenders
   The Security Onion software platform is developed by defenders for defenders and our hardware appliances are no exception. We've designed the appliances that we would want to use in the trenches and we support you as fellow defenders.

Bonus reason - Support development of the free and open platform!
Security Onion has been a free and open platform since 2008. We've invested many years of development into making Security Onion even better at helping you peel back the layers of your enterprise and making your adversaries cry. If you purchase appliances from us, you are helping to cover the cost of developing and maintaining the Security Onion platform, now and in the future.

Don't delay, reserve your SOS appliances today!

https://securityonionsolutions.com/hardware

Did you know Security Onion includes our own custom web interfaces for Alerts, Dashboards, Hunt, Cases, Detections, PCAP, Grid Health, and Administration?

Yesterday, we talked about how Security Onion is built BY defenders FOR defenders:

https://blog.securityonion.net/2024/09/did-you-know-security-onion-is-built-by.html

As defenders, we built the platform that we've always wanted! This includes our own custom web interfaces for Alerts, Dashboards, Hunt, Cases, Detections, PCAP, Grid Health, and Administration. These interfaces are streamlined and integrated to make you more effective and efficient as a defender!

Alerts:

Dashboards:

Hunt:

Cases:

Detections:

PCAP:

Grid Health:

Configuration:

Did you know Security Onion scales from small virtual machines all the way up to large enterprise deployments of hundreds of nodes and thousands of endpoint agents?

A minimal Security Onion installation is an IMPORT installation and can be used to import PCAP or EVTX files in a minimal VM with as little as 4GB RAM:

On the opposite end of the architecture spectrum, a distributed deployment consists of:

•  a manager node
• one or more forward nodes running Suricata and Zeek to analyze network traffic and generate NIDS alerts and protocol metadata logs
• one or more search nodes running Elasticsearch to store and search logs
• optional receiver nodes for load balancing and pipeline redundancy
• optional Intrusion Detection Honeypot (IDH) nodes for deception

This is a scalable model and can support hundreds of nodes and thousands of endpoints running the Elastic Agent.

For more information, please see the Architecture section of our documentation:

https://docs.securityonion.net/en/2.4/architecture.html

Did you know Security Onion works on both Internet-connected and airgap networks?

Did you know Security Onion works on both Internet-connected and airgap networks? Our ISO image includes everything you need to run without Internet access. Make sure that you choose the Airgap option during Setup:

If your network has Internet access but has overly restrictive proxies, firewalls, or other network devices that might prevent Security Onion from connecting to certain Internet sites, then you may want to consider the Airgap option as everything will install from the ISO image itself.

For more information, please see the Airgap section of our documentation:

https://docs.securityonion.net/en/2.4/airgap.html

Did you know that Security Onion performs comprehensive analysis on both IT and OT (ICS/SCADA) networks?

Security Onion started back in 2008 primarily focused on traditional IT networks. However, in 2022, we added support for LOTS of different ICS protocols:

https://blog.securityonion.net/2022/12/security-onion-23190-now-available.html

Here's a screenshot showing the list of ICS dashboards included in our current version:

Did you know that Security Onion provides both network AND host visibility?

Security Onion started in 2008 as a Network Security Monitoring (NSM) platform. Over the years, more and more of our network traffic has become encrypted. That's a good thing for privacy but it makes our jobs as defenders a little more difficult. To fill in those blind spots, we've spent the last several years making sure that Security Onion is equally as powerful on the host side as it is on the network side. Here's a diagram showing an overview of Security Onion consuming not just network traffic from your taps or span ports but also logs from your endpoints:

The following screenshot shows a comprehensive Security Onion deployment that does both network monitoring and host monitoring as well:

Security Onion includes a complete set of dashboards for each of those different kinds of endpoint data:

The Elastic Agent Overview dashboard gives you an overview of the comprehensive telemetry that is provided by the Elastic Agent when installed on your servers, desktops, and laptops:

You can read more about our endpoint capabilities in the Host Visibility section of our documentation:

https://docs.securityonion.net/en/2.4/host.html