Back in the early oughts, a common complaint about Linux was that while it was free/libre, it came with no support and you had to pay expensive senior sysadmins to run Linux systems. Fast forward to today, and Linux has conquered basically every field except for the desktop market.
The same dynamic may be developing in the enterprise intrusion detection, network security monitoring and log management space, where VC-backed security offerings with eye-watering price tags go head to head with the free/libre Security Onion Linux distribution. Does Security Onion do exactly what you want it to do? Probably not. Will you have to tweak it to fit your enterprise? Probably yes. Will you need skilled security people to run it? Definitely yes.
Security Onion is looking more and more polished with every year that passes, and it may be worth considering if you’ve got a deep enough security bench to customize, deploy and maintain Security Onion for your enterprise.