Anecdotes

What is our primary use case?
My main use case for Kali Linux is primarily for testing and cybersecurity, specifically for doing penetration testing on applications and network applications that we utilize for network monitoring. A specific penetration test I performed using Kali Linux was for the application related to DDI, which encompasses DNS, DHCP infrastructure, and network monitoring as well as authentication for Cisco ISE, during which I used tools such as Hydra, Nmap, Ncat, and Wireshark to capture and analyze network packets. Kali Linux fits into my team because I mainly work with network tools and focus primarily on DNS; it plays a crucial role in penetration testing and ensuring that my applications are secure against attacks through various cybersecurity criteria.

What is most valuable?
The best features Kali Linux offers include its Debian-based architecture and being open source, which is important for many reasons, such as allowing for live USB boot and custom ISOs, making penetration testing simpler with comprehensive pre-installed toolsets such as Nmap, useful for vulnerability scanning. The live USB and custom ISO options help me specifically as they allow for quick access to a wide selection of pre-installed security tools, saving me time on installations and configurations through live USB boot functionality, which lets me get up and running quickly. The integration of cloud and containers within Kali Linux is something I wish more people knew about, as it allows for utilizing containerized versions that provide scalability and eliminate the need for a virtual machine setup. Kali Linux has positively impacted my organization by improving efficiency in penetration testing; its open-source nature permits extensive customization and inclusion of numerous comprehensive pre-installed tools, contributing to a secure network environment with effective monitoring of network applications. The outcomes from using Kali Linux in our organization are significant; we experienced reduced cybersecurity attacks and improved application security, leading to decreased attack surfaces and quicker testing cycles that enabled faster launches and installations.

What needs improvement?
There are areas for improvement in Kali Linux, particularly regarding its use of the Linux kernel, which requires external additional patching, and the fact that network services are disabled by default, which complicates usage; enhancing user-friendliness through more GUI-based tools and better integration could be beneficial. While Kali Linux is open source, it lacks vendor support, and I believe that improving documentation and community engagement is essential, making it more user-friendly and encouraging the use of GUI tools can significantly enhance the overall experience.

For how long have I used the solution?
I have been using Kali Linux for around five years, starting in 2018 or 2019, and I continue to use it until 2024, with plans to keep using Kali Linux starting in January 2025.

Which solution did I use previously and why did I switch?
Before switching to Kali Linux, we used Fedora for penetration testing. The decision to move to Kali Linux was influenced by its open-source nature, which reduced costs while facilitating easier automation with DevOps tools.

What was our ROI?
Integrating Kali Linux with DevOps tools has resulted in reduced operational costs due to automated test cases, making it a worthwhile investment with significant returns by decreasing the attack surface area and the frequency of attack incidents.

What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup costs, and licensing for Kali Linux has been positive, as it operates under an open-source model with setup costs primarily related to hardware and virtual machines, eliminating the need for vendor-specific licenses.

Which other solutions did I evaluate?
We evaluated alternatives to Kali Linux, including Parrot OS, BlackArch, BackBox, and the Network Security Toolkit (NST), but Kali Linux was chosen for its stability, open-source nature, and strong community support.

What other advice do I have?
Kali Linux's scalability is commendable; it allows for easy expansion through containerized versions and custom ISOs, although support is primarily dependent on the community rather than vendor assistance. My advice for others looking into using Kali Linux is to ensure they have a strong foundation in Linux knowledge and are familiar with the various toolsets available within Kali Linux so that they can select the right tools for their specific needs. I believe Kali Linux is a valuable open-source tool with great potential for growth through community involvement, and continuous development can enhance its position as a leading solution for penetration testing. On a scale of one to ten, I rate Kali Linux an eight out of ten.

Which deployment model are you using for this solution?
On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other