This paper makes the case for proper Network Security Monitoring (NSM) in an organization as a way to detect threat agents and maintain a record of their actions. This information is used for containment and remediation purposes, but can also be used as evidence. SecurityOnion is a free and open source Linux distribution, which is easy to set up and use, and is specifically built for NSM. Organizations of any size can now monitor and secure their networks, and the information sent across them.