Security Onion vs. Trellix Intrusion Prevention System

Security Onion works well for setting up within a Linux environment. This brings a new platform to run and maintain though. The application its self has helped to keep track of logs and vulnerabilities in the environment. Alert triage and case creation is simple to start and follow through to the end.

McAfee Network Security does do what it promises, and it integrates nicely with other McAfee services my work computer has. Sometimes I do feel though that McAfee does hinder your computer/internet performance, but maybe it's a trade-off that's worth it. I do wish they would refine their threat detection so some websites that I don't think are harmful and want to visit for work purposes aren't blocked. There's been times where I google a question and a website has the answer but McAfee will block it. If you're in a position at a financial company like me, where you're dealing with sensitive/private information, it's important to have this type of software to protect data.

Incentivized

• GUI
• Support
• Easy of use

• Download protection
• Keeps you from harmful sites
• Encrypts computer data
• Prevents DDoS attacks

Incentivized

• Requires Linux
• Training

• Sometimes can slow internet/computer speed
• At times can stop software downloads that I don't deem harmful and need to download
• May also block a website that isn't harmful that I wanted to visit because it has helpful information

Incentivized

Other vendors may have a more robust solution but for our needs, Security Onion was the one to move forward with. We have tested some of the others but the cost of those platforms makes the ROI not as desirable. There is a learning curve with Security Onion but it is worth it for the value provided.

• Makes Alert Triage easier to handle
• Analysis of threats simple

• Protects information
• Keeps viruses off of programs
• Integrates seamlessly with other McAfee products on my computer

Incentivized