Security Onion vs. SonicWall Capture Advanced Threat Protection (ATP)

Security Onion works well for setting up within a Linux environment. This brings a new platform to run and maintain though. The application its self has helped to keep track of logs and vulnerabilities in the environment. Alert triage and case creation is simple to start and follow through to the end.

Our customer base is SMB so I can not speak about a larger customer base or organization. I have customers with 3 end points behind the SW and customers with 200 end points behind the SW. The biggest confusion on selection is the WAN / LAN throughput. Once you understand the limitations and select the correct product I have been happy with the product on a wide range of customers. It is a bit pricey for a small operation but if they are handling sensitive data it is very cost effective.

• GUI
• Support
• Easy of use

• Filters and prevents phishing attacks
• Filters and prevents malicious attachments
• Provides quantitative reporting

• Requires Linux
• Training

• Sorry, I am very satisfied with the product, nothing I need to change

Other vendors may have a more robust solution but for our needs, Security Onion was the one to move forward with. We have tested some of the others but the cost of those platforms makes the ROI not as desirable. There is a learning curve with Security Onion but it is worth it for the value provided.

Support from SW is superior. End of discussion. Fortinet support was lacking in product knowledge and was noting but reading from a script. SW, if the T1 can not answer I get to T2 immediately. Never an issue to get a resolution in minutes, not hours or days. The staff knows their limits and escalates without question.

• Makes Alert Triage easier to handle
• Analysis of threats simple

• I trust the product to protect my customer base.
• They do not differentiate themselves very well. It is a difficult sell cycle.