Arbor DDoS Reviews

Our customers usually come from the financial sector, manufacturing, and energy sectors, such as gasoline companies and solar energy firms. We also work with e-commerce platforms and companies that publish web services. These clients need high availability for their services, so we provide them with the best protection through Arbor DDoS.

We use almost all the features of Arbor DDoS, but it really depends on the customer’s requirements, so I can’t specify exactly which features we use. However, many customers appreciate the basic DDoS protection, especially those without specific protection needs. For example, financial companies benefit from the cloud DDoS protection. It’s a straightforward solution that effectively meets their needs.

I think Arbor DDoS needs improvement in areas where competitors like S5, Redver, or NETSCOUT offer web application firewall functionality or dedicated web application firewall devices. Arbor lacks these features, which is a significant disadvantage. I would like to see these features introduced in Arbor as well.

Regarding real-time detection capabilities, Arbor DDoS works very well. Our customers are very satisfied with its performance. However, it would benefit from adding Web Application Firewall (WAF) capabilities to reach a larger customer base.

I work with NVIDIA ICT Services, LTD, where we provide DDoS protection based on our Internet lines. We’ve been working with hardware technology for about six years, and we also offer cloud technology, including HDFS hardware. Additionally, we provide third-party Internet server provider services.

For stability, I would rate Arbor DDoS as a 9 out of 10. It’s almost perfect, and our customers generally feel the same way. However, it does depend on individual customer requirements and their specific architectures.

For scalability, I think Arbor DDoS is very scalable. It handles both cloud and hardware-based mitigation well. During a recent DDoS attack of about 140 gigabits per second, Arbor DDoS managed it effectively. For lower-end protection, it can handle symmetrical 100 megabits per second.

Our company doesn’t often use Arbor DDoS technical support because we have several Arbor architects with deep knowledge of the vendor. We only reach out to Arbor DDoS for major international tenders.

Regarding pricing, I would rate it as average. Arbor DDoS offers good value for money with our DDoS filter device. For higher protection needs, Arbor’s CloudMeter’s DDoS mitigation or hardware devices might be more expensive, but customers who need them are usually prepared for the cost and the additional resources required.

I don’t have information about whether Arbor DDoS impacts response time to security incidents. However, I know Arbor DDoS uses artificial intelligence to enhance security measures. While I don’t manage this device personally, customer feedback suggests that it works well in filtering harmful and attacking traffic.

Overall, I would rate Arbor DDoS as a nine out of ten. For new users, I would recommend being aware that Arbor DDoS does not include a web application firewall device, which might be required for specific tenders.

In my company, we use Arbor DDoS for the DDoS protection it provides.

The most valuable feature of the solution is that it serves as a tool for DDoS mitigation. The product is also useful when it comes to integrating the on-prem solutions with the cloud scrubbing center of Arbor DDoS.

My company is okay with Arbor DDoS. I don't know how improvements can be made in the technology used by Arbor DDoS. I can see that Arbor DDoS is the best in the market when it comes to DDoS protection, as they have very rich features while offering seamless integration between on-prem solutions and its cloud scrubbing centers. My company likes the support offered by Arbor DDoS. My company also likes the scalability capacity offered by Arbor DDoS.

When you use Arbor DDoS, sometimes you may face some integration issues with other technologies or other vendors' technologies, which is normal to an extent when it comes to the competition between vendors as they lock the integration capabilities of their products. With Arbor DDoS, its integration issues with other technologies or other vendors' technologies is an area of concern that could be improved.

I operate more on the commercial side of the business as I am a product manager in my organization. When speaking about technology from a technical perspective, I am not the right person to comment on what additional features are required in Arbor DDoS.

It would be great if Arbor DDoS could enhance its technology and protect users from DDoS attacks without installing any on-prem or customer-premise equipment, but from a technical perspective, I don't know if something like this can be done or not.

I have been using Arbor DDoS for almost four years. My company has a partnership with NETSCOUT.

Stability-wise, I rate the solution an eight out of ten. Some bug issues are related to any of the technologies in the market.

It is a scalable solution. Scalability-wise, I rate the solution an eight out of ten.

I recommend the solution to businesses that operate medium to large-sized companies.

The quality of the technical support provided by Arbor DDoS is premium.

I rate the technical support a nine out of ten.

Positive

The product's initial setup phase is complex. When it comes to a service provider in the local market, you need to realize that you are dealing with a complex solution with a high capacity for threat mitigation to serve multiple customers with different requirements. In our company, we have layer 2 attacks and mitigation techniques, where the tool is installed on an on-prem solution in our gateways and integrated with Arbor DDoS global scrubbing center to handle very high or volumetric DDoS attacks. When you want to go for application security with Layer 7 DDoS, you must install the AED or a customer device on an on-prem model. The new model or the business model of customers try to avoid installing any on-prem devices or hardware so they can take over the headache of operation or management or vendor support of their devices.

The solution is deployed on the on-premises and cloud models. Depending on the cybersecurity compliance requirements, you can choose to deploy the tool on either model as it offers deployment of the product on a hybrid model.

Arbor DDoS is an expensive solution and not a low-priced product, as its technology offers very high performance. I believe that the price of Arbor DDoS falls under the bracket of medium to high price.

There was a plan in my company to work with F5 to protect the cloud environment inside VMware solutions, but we moved to another technology. F5 needs to work on multi-tenant architecture to improve it.

Suppose I discuss my experience and my customers' feedback about Arbor DDoS. In that case, I can say that we all are very satisfied with the solution in terms of the performance and the technology itself, like DDoS mitigation techniques for applications starting from Layer 1 to Layer 7. The cloud scrubbing center offered by Arbor DDoS is amazing, as it has reached up to 11 TB. Arbor DDoS offers very nice support. The only issue with the product is when it comes to its integration capabilities with other technologies, an area where I think Arbor DDoS is working on currently. My company has recently dealt with some incidents when it comes to integrating Arbor DDoS with our SIEM solution, and we saw that there were some issues that Arbor DDoS fixed.

I rate the overall tool an eight out of ten.

As an operator, we use Arbor antiDDoS system to protect our backbone, protecting the network and our assets like DNS.I'm involved in the validation and testing of the solution. 

The solution is installed in our lab, with a simulated full network. We can send some regular traffic as well as DDOS traffic, using some testing tools like IXIA system and opensource tools. 

For testing, we simulate some regular traffic, as background traffic, and we added some attacks on the network with attack tools. We can monitor what's sent to the network, and we can monitor what's received by the victim. In this case, we can assess which part of the attack was stopped by the system.

Arbor DDoS helps consolidate visibility on traffic and on DDOS attacks attempts. It can perform direct mitigation action on the network, which is important. It has also helped us achieve our network and application uptime goals.

I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.

What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.

I think Arbor DDoS should be more open to other systems, in the sense of coordination between mitigation centers, like for example the capacity to ask the upstream transit provider for mitigation.

Netscout's Arbor allows it, but between Arbor systems only. It should be more open to Third party systems, that's what I mean by "openness" : evolution from Netscout signaling protocol to standardized DOTS protocol (DDOS Open Threat Signaling)

Implementation could also be improved regarding distribution of mitigation directly on network elements.

I've been using Arbor DDoS for testing for about a year.

Arbor DDoS is stable and robust, as seen during testing phase and with feedback from the field.

According to the operational team, there are few tickets open on the Netscout/Arbor site, but I don't have a precise figure, as I'm only involved in testing phase.

Arbor DDoS is scalable, both horizontally and vertically. It has good visibility making things quite obvious. There are some price issues with scalability, but technically speaking, the solution is fully scalable.

Technical support was knowledgeable and responsive.

The initial setup is quite complex. It isn't easy to do the configuration, but it's okay once it's done. Arbor's implementation strategy was to monitor first and provide all the configuration or the correct profiling for this system after it's considered safe.

NETSCOUT's team deployed our solution.

Arbor DDoS is quite expensive, especially for the TMS mitigation part

We compared it with others actors in antiDDOS domain, such as Nokia Deepfield and others. There are some differences, but generally, the logic is the same.

Arbor Networks, vendor of the solution, has been in DDoS visibility protection for more than ten years, which affected our decision to go with it. We assessed the company's stability (acquired by Netscout), which was part of the decision.

I would advise potential users to try the NETSCOUT Arbor DDoS system but also to check on other solutions.

On a scale from one to ten, I would give Arbor DDoS a seven.

We use it to protect websites, usually. But it's hosted in our network, our infrastructure, and the company websites as well. We are an ISP company and we provide internet services and other services to companies, like banks, etc. Part of our services is DDoS protection.

We are the ISP for government websites here in Saudi Arabia. We had a lot of attacks on those sites. The way we mitigated those attacks was by asking the people who are hosting the website about the features they were using for the websites. They specified two of the ports, and they said we're not going to allow any other port, any other service apart from these two services. We allowed the websites to be accessible through those two ports only. We blocked everything else. This was four years ago and everything has been smooth ever since.

We have a monitoring team here, which is on watch 24/7. The monitoring part is very easy with this solution.

Our customers are very happy when we provide them with the interface. We give them read-only privileges and they can review the results by themselves. They can check how many attacks they have faced and how many attacks have been blocked. That is a very valuable feature offered by Arbor DDoS.

We can also give them more privileges. They can do some tweaking according to their own systems. If they have a database running or if they have a website, they can tweak the features themselves.

Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful.

The deployment is okay, stable. But when you are manipulating the countermeasures, that is the difficult part. You have to be very careful, and you have to be sure that these countermeasures will kick in when needed, that they're going to work.

We have to customize the countermeasures for each customer. That is a real challenge. We should be reviewing them every month. They might be changing their services, they might be using different ports. We have to keep asking our customers, "Okay what are you running now? What are you using now? Which port are you running now?" so that we know what to expect. We need to know which traffic would be legit and which traffic is illegitimate so that we can block the illegitimate traffic without mistakes. We don't want to block the real traffic. There is a feature in Arbor called auto-learning. We can run that and it will help us. But at the end of the day, it's for us to decide what to allow.

You cannot rely on auto because, for example, if you're running auto-learning, and the services have been running on 80, and all of a sudden it switches to 443, it will keep on blocking. You have to expect what's coming. You cannot rely on auto. Human involvement is always necessary.

If the network is expanding, of course, we would expect to need to add more equipment. We would need to expand our solution.

We had two customers from the government which came in, and they are super-important. Their services cannot go down. We had another solution from Arbor called Pravail. We had that installed for those two customers specifically. Their expected traffic is almost 8 MB, and their throughput is 12 MB. Any noise or malformed packets or out-of-sequence packets get filtered by the Pravail Solution. The bigger attacks will be handled by the TMS, the Threat Mitigation System.

Scalability is not a problem for Arbor.

Technical support is really good. ATAC has been good with us. We haven't had any problem contacting them or getting them engaged in our activities. For example, sometimes we need to customize the portal banner. For that, they have been helpful.

This is our first DDoS solution.

The initial setup is kind of complex because it requires peering. We have to design it from scratch, which makes it a little bit complex. It depends on whether we want to get it inline or if we want to apply offloading, and whether the company can afford a TMS of its own or we need to send traffic to a remote TMS, hosted by Arbor itself.

The last deployment I was involved in took almost a month-and-a-half, with another 15 days for documentation.

It took about eight to 12 people to get the deployment operational. We had people from the core who were engaged with us for the integration and bringing up the systems. After that, we had to hire some fresh resources, because, honestly, it's a new product and it's not very common. We can't really find experienced people for DDoS.

It was not much of a challenge when we were developing it and when we were deploying it because we had a resident engineer who was planning everything, who was leading everything. But after that, when we were mitigating the attacks, there were challenges because we didn't have experienced people over here and the attacks were coming day and night, 24 /7. I had to come to the office after midnight and at midday. 

But now, the system stable and the people that I'm managing are more experienced. They know stuff and it's pretty smooth now.

We engaged Arbor itself. We had a resident engineer from Arbor who came here and deployed the system. He was here for a month more for support and for any types of issues that we faced.

Go for it. It's one of the best solutions you can get for DDoS. It doesn't matter what services you're going to use. As long as you have the whole solution, the TMS and everything in-house, it's the best solution.

We have a team of 12 to deploy and monitor the solution; we have three shifts running around the clock. They monitor the system alerts. They monitor the websites using the controls that we have to protect the clients. If one of them catches an attack, there is a high-alert flag and we focus on the attack to see if it has been mitigated or not. If it needs anything, if it needs some tweaking, we have two resources on each watch, a senior resource and a junior. The junior one keeps on monitoring. The senior one comes in whenever there is something to correct or if something needs to be changed in the system.

For ISPs, Arbor DDoS would be the best solution. For smaller organizations, we can buy the services from Amazon for DDoS protection, and there's Cloudflare. But for ISPs, it's better to have Arbor DDoS because we have everything in-house. ISPs like ours have almost 120 gig bandwidth. For throughput, it's the best one.

We don't have plans to increase usage currently because when we brought the solution four years ago, we measured it a lot. We bought more than what we needed. The plan is to improve the human operability on the system itself. Things look smooth, but you cannot rely on two or three people. We have to have redundancy in the human workforce. We're planning to expand the team so that we don't need to hire any fresh resources and train them from the start. These services are very expensive and our customers are expecting a perfect solution.

Our company uses a platform to render the solution to our customers and ensure quality service. We build the solution based on our data centers and infrastructure and then deliver an ID appliance to the customer that communicates with our routers and network. The solution provides flow spec protection and prevents volumetric DDoS attacks. 

The solution provides good protection against volumetric DDoS attacks. 

The solution could be more granular to include logs per second and enhanced pipeline monitoring for router licenses. 

We would like the solution to offer secure, bug-free portals that could be installed in our data center and be accessible to our customers. Portals built on their own are expensive and time consuming because they have to be aligned with the solution's operational systems. 

New versions are sometimes released before the bugs are worked out. 

I have been using the solution for six years. 

The solution provides good quality stability and I rate it a nine out of ten. 

The scalability could be improved with a more granular approach. I rate it a six out of ten. 

The initial setup requires knowledge and is not easy. Setup involves many things including security, technology, alerts, and incidents. From a security operation standpoint, it is detailed and hard. 

We have 10-12 technicians who implement the solution and service thousands of users.

There is a push from the solution's vendor to achieve profitability. It is currently profitable and I see it growing in the Polish market. I strongly believe in the solution and its impact on the profitability of our services. 

The solution could be a bit less expensive given its market share. Other solutions that only offer DDoS protection are less expensive. Pressure from new companies will be visible in the future and affect pricing. 

I'd also like botnet protection to be included in the package with volumetric DDoS attack prevention. Since licenses are required for routers, a method for tracking them in the pipeline would make the pricing model more attractive. 

Given the limited scope of functionality, I rate the solution's pricing model a six out of ten. 

Our company also uses Radware as a solution. We build our portfolio based on the appliance software and professional services that could be added to create value for customers.

The battle between NETSCOUT and Radware will continue until the end of time. There are periods of time when NETSCOUT is better and then it switches to Radware. We look beyond the technology when choosing a solution for customers. 

Radware offers more functionality because they include volumetric DDoS attack and botnet protection in their package. The network behavior analysis in Radware's DefensePro includes intrusion, malware protection, and anti-botnet solutions that are more comprehensive than NETSCOUT. Radware puts an emphasis on cloud service using the OPEX model, which allows a startup purchase for a lower investment that we can enhance for our customers over time. This gives us the flexibility to add licenses at any point.

Fortinet also has a good model where you can choose to buy segments of virtual machines instead of whole machines. You buy and accrue points that give you access to segments of these virtual machines. 

I rate the solution an eight out of ten. 

Our primary use case for Arbor is dose protection. 

Arbor's performance is its most valuable feature. The boxes are able to process huge amounts of traffic. One rec unit box can forward 20 gigabytes of traffic without any issue or without any latency towards the network. It's impressive really.

Arbor's SSL decryption is confusing and needs external cards to be installed in the devices. This is not the best solution from an architectural point of view for protecting HTTPS and every other protocol that is SSL encrypted.

Their mitigation rate could be higher. No matter how good Arbor is in DDoS protection, they do not get a 100% mitigation rate.

Arbor has the longest tradition in DDoS protection. They have way more expertise in DDoS than anyone else. However, the price of support and licensing is a bit high. They are not affordable but they do their job perfectly.

I have been using Arbor DDoS for the last five years. 

On a scale of one to five, with one being not stable at all and five being very stable, I would give Arbor a five for stability. 

If you do a good job planning and selecting a good Arbor box for your organization, you can scale at a fairly high level. For scalability, I give Arbor a four out of five, with one being unscalable and five being highly scalable.

Arbor's tech support staff knows what it is doing. 

Positive

On a scale of one to five, one being difficult and five being easy, I would rate Arbor's initial setup as a three. It is easy, but you need to plan it well. You need to think about what you are protecting. There are a lot of different small fine tuning elements that you need to consider during the deployment.

A common implementation strategy for Arbor DDoS takes about two to three weeks. That is the optimal time frame for delivering the whole solution and getting it as a fully functional protection. 

We usually start the implementation process by placing the device in the customer's data center. We put it into a transparent mode and then observe some peaks, packet rates, and traffic flows. When that learning period is over, we will start to enforce the protection. That is about it; nothing more to it than that. There may be some fine tuning as a last step, but that rarely happens.

The deployment usually includes myself and one more engineer. Bigger teams of up to seven or eight engineers do get formed for enterprise customers and internal service providers.

Companies that live from their presence on the internet will get a very high return on investment from Arbor. 

Arbor services are paid annually. A good option is that cloud mitigations can be licensed annually, but you can also buy a single mitigation. That's the lowest quote that you can get. You can activate a cloud mitigation and 24 hours after the mitigation ends, you can buy one more and so on without a contract. They are flexible with the licensing for these additional services, which is nice.

Arbor and other Netscout products are almost like Cisco. You configure them once and you can leave them in the data center forever and never do anything on them again. Issues with stability and other unexpected things barely happen ever.

Regardless of how big your organization is, if you provide some sort of services towards the internet or towards clients, you will benefit from DDoS protection and Arbor especially. They have boxes that are really affordable. 

Arbor can be deployed as hybrid solution, but the company's main business model is deploying their appliances on premises.

The good thing about Arbor and Netscout is that they are able to incorporate taxi and streaks external feeds into their devices. That makes them really flexible not towards their own IP intelligence, but you can streamline the additional information from multiple different open source or paid sources. They are well rounded in terms of features. Their portfolio covers network visibility, pocket brokers, and similar stuff. 

I use Arbor DDoS for the same purposes for which I use A10.

It has an easy-to-understand GUI.

The solution's shortcomings are related to its documentation, so it's an area that needs to improve.

I have been using Arbor DDoS for a year.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a nine out of ten. Around 50 people use the solution in my company. Also, I don't have plans to increase its usage.

I have never used Arbor's support.

The setup process was easy. The solution has been set up on all the devices. So, I did the setup from start to end.

I didn't evaluate other products before choosing Arbor DDoS.

I would definitely recommend the solution to those planning to use it. I rate the overall solution a ten out of ten.

We are using it for application availability, for its perimeter protection against DDoS and such service-exhausting attacks. Our goal is service availability and protecting our infrastructure against reputational damage and other penalties that could be incurred as a result of outages and malicious activities.

In terms of availability, we have never suffered any service exhaustion or services unavailability. Credit goes to the solution in that we have probably suffered a number of attacks, but they were mitigated by the tech solution without any notable impact - automation. We have benefited a lot from it.

It gives us visibility into what's going on with our externally exposed services. The better the visibility it means we are able to take better informed actions to improve our infrastructure, both inside and outside the LAN.

And it has definitely helped us to achieve our network and application uptime requirements for our business and its external stakeholders. We have always maintained a very high service availability. Previously, the work involved was so intense to ensure we could support that availability. The uptime was the same then as it is now, almost 99.99 percent availability. But back then, threats were not as evolved and sophisticated as they are now. In the seven years we have been using the tool, we have continued with availability of services as before. But today, without the Arbor solution, I believe we would have suffered quite a number of service availability issues.

The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me.

They are putting quite a good amount of effort into their research to make their products stand out from the rest.

Day by day, the solution is actually getting smarter and more useful.

I haven't found anything to complain about or anything that they need to improve on.

I have been using Arbor DDoS for close to seven years now.

It's a very well-developed tool. I'm quite impressed. I'm happy with its performance. Stability-wise, it's a good tool. Support is also very impressive.

For my environment, there is no need for growing the platform. We currently have about 5,000 endpoints. But from what I've seen, and the way we deployed it, it looks quite scalable.

I've used NETSCOUT's technical support a number of times. I would rate it at 8 out of 10.  They are doing well, there is always room for improvement. Their technical knowledge is on point, and their turnaround time is on point.

We did not have a previous solution.

The decision to use Arbor was based on their track record and capabilities - they stood out very well.

It's not complex. If you know what you want to use the tool for, the placement, and you know what you want to protect, the setup is very straightforward. It requires minimal downtime to deploy the solution. I found it quite easy.

Deployment took about two hours, but that time includes internal delays. From the moment you start setting it up, it takes no more than 30 minutes. The longest part, before you deploy the technology, is learning your network by monitoring it. That could take a long time, depending on the timeframe that you want to benchmark on. It could take, say, a month, just to get an idea of how your network behaves. But in terms of setting up the device, it should take an hour, tops.

We had three people involved in the initial setup. All are network engineers.

Post-deployment maintenance on our side consists of just the regular updates of the software. 

Implementation was both inhouse and vendor supported - vendor support was great, very knowledgeable resources.

ROI comes from the fact that we've never suffered any outages. In the absence of Arbor, if we were to be compromised, the cost would be way more than the cost of the solution.

The solution is a bit costly if you're on a tight budget, but it's worth the price that they are charging - the ROI is notable in a long run.

I've only used the Arbor solution, so I haven't had any hands-on exposure to other technologies. But from the bit that I've read, and based on the ratings of the other solutions, nothing compares closed to what Arbor anti-DDoS offers. I've tried to compare it with the F5 Silverline solution, but the way that solution does threat mitigation is not as advanced or as comprehensive as what Arbor does.

My advice is "Go for it." It's a great tool. If you're concerned about the availability of your services, I highly recommend it, without any hesitation. If you regard your brand or organization as valuable, then Arbor is the tool for you.