> IT security budget is tight, and enterprises follow the tenet of "spend less money and do more". So should I choose free and open source security tools, or buy commercial security products?

What is the best way to improve security technology within a limited budget? We want to update some older technologies and move to SIEM (Security Information Event Management) or other threat data-related products, but it is difficult to achieve in the face of a tight IT security budget. We also consider some open source products. So, how to make the best choice between using free and open source security tools and purchasing commercial security products?

No information security team ever told me that they got the budget they wanted. Now, everyone seems to follow the tenet of "spend less money and do more". Fortunately, when your budget is tight, there are a lot of viable open source tools available to replace commercial tools. There is no reliable method to choose a commercial product or an open source tool. There are some things to remember. :

Open source security tools are usually only technically "comparing" with commercial products. The main difference is the ease of configuration and upgrade. Open source tools have a steep learning curve and are changing rapidly, while commercial tools have user-friendly configuration interfaces and provide service support.

If your security team lacks the skills needed to configure and maintain open source tools, consider using commercial tools. Also, in high-risk environments, I also recommend using commercial tools, because support and uptime are critical in this environment, unless your security team can provide the same level of support, you should use commercial tools. I usually use a mix of commercial tools and open source tools to strengthen my defenses, which not only provides defense in depth (attackers have to penetrate multiple defense layers), but also allows my team to learn open source tools in low-risk environments.

In your list of open source security tools, you should consider adding these great open source tools: OSSIM is one of the most popular open source SIEMs, and it is also a very mature tool. Dating back to 2003, it supports log formats for almost any network device and is able to integrate well with open source IDS and vulnerability assessment tools. It also provides an upgrade path that you can upgrade to a commercial version if you need more support. If you don't have the time to configure a tool as complex as OOSIM, Security Onion is another great tool, a Linux distribution based on Ubuntu, which contains everything you need to build a distributed IDS/IPS sensor network (flow into a central database). While it cannot import logs from existing network devices, it is the fastest tool to build a central warning system using open source or proprietary tools.

Source: TechTarget China