Software vendors are going to kill me for saying this, but you don't have to break the bank with software costs. There are FREE alternatives. Vendors may debate over which are better. But that decision has to be made on a per software basis and per use-case.
As long as you have good support, Open Source software can be as good, even better.
The code in most cases is well developed and audited by the open source community. I can see many medium tier organizations run these enterprise open source software and save a lot of money in product fees. They will still have to pay for implementation and support costs, but that will be there with all software anyways.
Here's a list I compiled of enterprise level security/network tools an organization can benefit from. By no means is this list exhaustive, a comparison or in any order of priority.
Function | Free / Open Source | Paid |
---|---|---|
LAN Monitoring Tool Network Monitoring (NMS) |
NMIS NtopNG (nTop Probe for netflow has a cost) OpenNMS PRTG (100 Sensors free) LogRhythm NetMon Freemium |
SolarWinds Cisco Prime Infrastructure ManageEngine LogRhythm Netmon |
NAC (Network Access Control) | PacketFence | Cisco ISE HP/Aruba ClearPass |
Firewall | pfSense | Cisco ASA, Palo Alto, SonicWall |
IPS / IDS | pfSense
SecurityOnion |
Cisco FirePower / Meraki Palo Alto SonicWall |
Identity | OpenLDAP SAMBA ApacheDS JumpCloud (10 free users) |
Microsoft Active Directory (AD) |
Client VPN | Vyatta | Cisco AnyConnect |
URL Filtering | OpenDNS/Umbrella
SquidGuard (on pfSense) |
Cisco OpenDNS/Umbrella Websense Barracuda SonicWall Watch Guard Blue Coat Sophos |
SIEM (Security Information & Event Management) | AlienVault OSSIM | AlienVault USM, Splunk, LogRhythm Enterprise/XM, Alert Logic, Trustwave, HPE, FireEye, ArcSight, many others... |
Vulnerability Assessment/Scanners | OpenVAS (GreenBone) AlienVault OSSIM Retina Maltego |
Qualys Nessus Rapid7: nexpose, insightVM |
Multi-Factor Authentication | LinOTP, OpenOTP Duo (Free 10 users) Authy Google Authenticator* LastPass Authenticator |
RSA Microsoft Gemalto OKTA |
Certificate Authority | Let's Encrypt | GoDaddy, VeriSign, Thawte |
Load Balancers | Seesaw (by google) KEMP HAProxy GoBetween |
F5, Barracuda AWS, Cloudflare, Google Cloud, Azure |
Log Servers | ELK Stack (Elastic Search, Logstash, Kibana) [pre-built VM] SysLog-NG GrayLog LogRhythm Netmon Freemium |
Splunk PaperTrail ( by SolarWinds) LogRhythm Netmon |
Phising Simulation | goPhish | KnowBe4 insightPhish |
Disk Encryption | BitLocker (Windows) FileVault (Mac) VeraCrypt (Win/Mac/Linux) |
Symantec, Checkpoint, Dell, Sophos, McAfee, IBM, Trend Micro, many others |
*Not Open Source but free.