From Doug Burks, Founder and CEO of Security Onion Solutions:
There’s an old saying that it takes ten years to be an overnight success. Thanks to our customers and community for ten successful years of Security Onion Solutions as a company! We’re celebrating our “overnight success” by announcing Security Onion Pro!
History
Security Onion Solutions is celebrating ten years as a company and our free and open Security Onion platform recently celebrated fifteen years!
https://blog.securityonion.net/2024/06/on-this-day-in-2009-very-first-version.html
After releasing that first version of Security Onion in 2009, the community steadily grew and more and more folks started using Security Onion in production. Over time, enterprise organizations started asking for training and professional services. So on July 7, 2014, I announced Security Onion Solutions as the company to provide those services:
Customers started asking for hardware appliances so we announced Security Onion Solutions appliances in 2018:
Customers then asked for cloud images so we started offering them in 2021:
We’ve continued to listen to feedback and today we’re excited to announce the next step in our journey!
Security Onion Pro
Our customers have been asking for enterprise features so we’ve spent the last few years building them! We first mentioned this back in 2022:
https://blog.securityonion.net/2022/08/security-onion-enterprise-features-and.html
If you're looking to get the most out of Security Onion in your enterprise, you should consider Security Onion Pro. The Pro license not only adds additional enterprise features, but also adds many additional benefits as well!
Here are some enterprise features and benefits available with a Security Onion Pro license as of today:
- Open ID Connect (OIDC)
SOC supports single sign-on (SSO) authentication via OpenID Connect (OIDC) to one of several OIDC-compatible identity providers. For example, users can login to Security Onion using an Active Directory user, a GitHub user, a Google account, an Auth0 account, etc. - Data at Rest Encryption
Storage-level encryption for data residing in your Security Onion grid. - DoD Security Technical Implementation Guide (STIG) Compliance for the OS
Automatically apply STIGs to your Grid using OpenSCAP. For more information about STIGs, please see https://public.cyber.mil/stigs/. - Federal Information Processing Standards (FIPS) Compliance for the OS
Support for enabling FIPS during OS installation. For more information about FIPS, please see https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards. - External Notifications in SOC
The Detections module, specifically Sigma rules, can be enabled to send outbound notifications when alerts are generated. By default, no outbound notifications are enabled in a Security Onion installation. However, with the Pro license applied to a grid, notifications can be quickly configured via the Configuration screen. - Time Tracking inside of Cases
When adding a comment to a Case, you can also specify how many hours you spent working on that activity. You can then see the total time spent by all analysts in the Summary in the upper-right corner of the Case. - Guaranteed Message Delivery
If you need guaranteed message delivery, then you can enable Kafka which replaces Redis and Logstash on the Security Onion Manager node and Receiver nodes. - Higher Priority Service Level Agreements (SLAs)
Receive faster service with the one business day initial response SLA included with Security Onion Pro. A four-business-hour initial response SLA is also available. - Health Checks
Security Onion Pro includes two free 1-hour Health Checks per year. - Offline Update Service Shipments
If you have an airgap deployment, we can ship two free offline updates per year when requested. - Professional Services and Support
For customers running Security Onion on their hardware or smaller SOS appliances, Security Onion Pro includes twenty hours of professional services and support time. Services include architecture planning, deployment, tuning, break/fix support, parsing, and other services around Security Onion. Additional hours packages are available. - Included with larger hardware appliances
Security Onion Pro is included with many of our larger hardware appliance models, such as the SOS SN7200, SOS SNNV, and SOS GoFast, at no additional charge. See our full appliance list at https://securityonion.com/hardware. - Coverage for all the nodes in your Grid
The base license includes licensing for up to ten nodes, with additional node packs available for purchase.
In addition to the list above, we will be adding more to Security Onion Pro in the future!
To learn more about Security Onion Pro, please see:
Community
Just because we’re adding enterprise features does not mean that we’re forgetting about our community!
Our team worked for nine months on developing our new Detections interface and released the first version of that in 2.4.70:
https://blog.securityonion.net/2024/05/security-onion-2470-now-available.html
After release, we listened to feedback from the community about Detections and incorporated that feedback into 2.4.80:
https://blog.securityonion.net/2024/06/security-onion-2480-now-available.html
We have lots more improvements coming to the community version! It’s also important to note that existing community features will remain available to the community with no data limits and no evaluation period. Our continuing mission is to shift the advantage to defenders!
Thanks
Thanks again to our customers and community for your support throughout the years!
FAQ
What is Security Onion Pro?
Security Onion Pro includes all the features in our standard Security Onion platform and adds enterprise features and premium support.
What enterprise features are included in Security Onion Pro?
Security Onion Pro includes the following enterprise features:
- Open ID Connect (OIDC) authentication for Security Onion Console
- Data-at-Rest Encryption (LUKS)
- DoD Security Technical Implementation Guide (STIG) Compliance for the OS
- Federal Information Processing Standards (FIPS) Compliance for the OS
- External Notifications in Security Onion Console
- Time tracking inside of Cases
- Guaranteed Message Delivery (Kafka)
What kind of support is included in Security Onion Pro?
Security Onion Pro includes premium support:
- two free 1-hour health checks per year
- offline update service shipments
- architecture planning
- deployment
- tuning
- break/fix support
- parsing
- and other services around Security Onion
How do I purchase Security Onion Pro?
You can purchase Security Onion Pro by going to https://securityonion.com/pro and clicking the Purchase button to reach out to our Sales team.
If I purchase Security Onion Pro, do I have to rebuild my existing deployment?
In most cases, you can simply add the Security Onion Pro license key to your existing deployment to enable the enterprise features. An exception would be things like disk encryption that must be enabled during installation.
If I buy a Security Onion Solutions appliance, do I automatically get Security Onion Pro?
Security Onion Pro is included with many of our larger hardware appliance models, such as the SOS SN7200, SOS SNNV, and SOS GoFast, at no additional charge. See our full appliance list at https://securityonion.com/hardware.
If I am a free user and won’t be purchasing Security Onion Pro, will there be any changes?
No, you can continue using the existing Security Onion features that you use today.
How do I get more information about Security Onion Pro?
You can read more about Security Onion Pro at https://securityonion.com/pro.
