Arbor DDoS Reviews

We are a telecom service provider. We provide services to our enterprise customers in India and compliment these services with security layer as a part of our security services.

Being a part of the solution design team, I have been interacting with customers and creating solutions for them to fulfill their requirements. One of the products that we have in our offerings portfolio is around security, which is complimenting our connectivity portfolio. We provide this from Arbor platform, which we have deployed in our network. We have taken the hybrid model from Arbor, and there was a physical installation done in two of the gateways of the country. If the mitigation capacity goes beyond the subscribed boxes, then the Arbor Cloud subscription usage hits and mitigation would be done accordingly.

We have deployed Arbor platform and for our customers, we offer it as a managed service from our network. There are also customers looking for on-premise deployment. 

We are using Arbor's hybrid approach for our overall product build. We have on-premise deployment, however, beyond that we have taken the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available.

We use Arbor platform to provide DDoS services for our customers. We provide a clean pipeline solution to our customers. We have seen a tremendous response from many customer segments, particularly during the certain period, which is the time period when our customers expect a lot of traffic volumes coming through to their servers. This is where these DDoS services are being requested by the customer. Predominantly, it is DDoS that we offer to our customers, and mostly customers also want protection from the volumetric attacks, but there are certainly cases where application layer attacks are also looked at being mitigated by customers. In more than 75 percent of the cases, it is a volumetric attack protection that customers are looking for.

We have a vast connectivity portfolio and the Arbor solution complements that. In addition to that, it is also helping us to understand where challenges are coming from, so we can do the mitigation in our own network. We can plan our investments accordingly and help to make the network more secure and robust for ourselves as well as our customers.

Recently we have faced unprecedented times when people overnight started to operate from their homes. At that time, many applications for most enterprise customers were exposed to the open Internet by allowing remote working, from homes or anywhere, and the users were given access to the applications over the open Internet. That posed a serious threat to attacks. At the same time, that provided a lot of opportunities for security companies. When we look at the way in which applications are being consumed by end users, security becomes very paramount, because it's not only making the application available to end users, but it is also making it available in a more secure manner.

The moment that we open up these applications to open Internet, we increase the attack surface for the infrastructure/application, and that is where security becomes very critical. We have seen high adoption of security as a service for our customers, because no one wants to invest on day one in the security infrastructure equipment. This is for obvious reasons: 

1. No budgets being accounted for this
2. Even if budgets are accounted, it becomes practically impossible to deploy such solutions in such short time frame 

What we have seen is there has been a huge demand from our customers in providing these security services as managed services where the service can be enabled within a short time span. Going forward, I will still see these demands from the market, from across all customers be it large or small, and we plan to provide these services as a managed service on pay-as-you-go model.

We are living in a world that is changing at a very fast pace. We have to match the pace of  the world, not only from network security per se, but also from the point of view of the security at a larger level. We are not just protecting the safety of the customer, but protecting the application as such. That is where the real threat comes from, and the challenge is being thrown to all the providers and OEMs to keep our feature set updated and adding to features for minimal costs.

There is always room for improvement for any product or service. If we can bring in more agility when deploying services, that is definitely a scope which we can work towards. Nowadays, everything is being offered as a service model. It is not that we have to deploy the physical hardware, many things move up to the cloud, or even can be delivered as a VNF in the customer's environment as well. So, in that space, if we can add more features to make it more seamless for customers to use and make it available through some marketplace, not only at the hyperscalers, but also for any on-prem deployment, that definitely would be a big plus. 

If we could decouple the hardware and software, making it more easily available for the customers with the exact robustness of the functionality, then that would be beneficial. At the same time, it would bring in cost efficiencies, which eventually is the end goal of most CXOs within an organization.

The relationship with Arbor is quite old, however, from current organization per se it is around 5 years.

The entire deployment of the hardware that we have done so far is quite stable and robust. As of now, the dependency is more on the hardware itself, which comes along with the Arbor solution. 

I am convinced with the kind of scalability Arbor brings in. The Cloud subscription, which is available as one of its features, makes the scalability limitless. This is something which makes Arbor stand out from the others, not only from the perspective of scalability, but also from the overall user experience perspective as well. It is critical to still manage within the limits of the customer and do all the mitigation that is required for them.

In the world that we are living, there are challenges everywhere at every step. We are able to run our businesses without a glitch and offer DDOS services to our customer within the SLA

We have evaluated Arbor against other OEMs. It is not only about the feature comparison, it is also based on what kind of skill sets are available in any enterprise and what are they more comfortable with. We are living in a world that is very heterogeneous, and we like to keep it heterogeneous in order to maintain some level of redundancy of the OEM level. This is where from a security perspective Arbor DDoS has the advantage. Customers tend to pick vendors who have a multi-level approach that can protect them from any potential attacks.

As a product/platform, Arbor is quite focused and offers quite smooth features vis-à-vis its competition. The acceptance that we see for Arbor, from the customer's perspective, is very high. Many customers prefer to go with Arbor solutions rather than any other solution when it comes to DDoS. Abor solution offers service feature, reliability, and a brand that can be trusted. From our perspective, we value it quite highly as far as its standards of security when providing DDoS services.

It is not just about the features alone, it is about how smoothly you will be able to deploy the solution, e.g., the availability of the product and how the OEM is maintaining the relationship with its customer. There are multiple factors that need to be considered. "This is not just a one-time sale. It's about how easily the systems are available, and how well your partner is able to support you and provide lifecycle management."

As an operator, we use Arbor antiDDoS system to protect our backbone, protecting the network and our assets like DNS.I'm involved in the validation and testing of the solution. 

The solution is installed in our lab, with a simulated full network. We can send some regular traffic as well as DDOS traffic, using some testing tools like IXIA system and opensource tools. 

For testing, we simulate some regular traffic, as background traffic, and we added some attacks on the network with attack tools. We can monitor what's sent to the network, and we can monitor what's received by the victim. In this case, we can assess which part of the attack was stopped by the system.

Arbor DDoS helps consolidate visibility on traffic and on DDOS attacks attempts. It can perform direct mitigation action on the network, which is important. It has also helped us achieve our network and application uptime goals.

I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.

What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.

I think Arbor DDoS should be more open to other systems, in the sense of coordination between mitigation centers, like for example the capacity to ask the upstream transit provider for mitigation.

Netscout's Arbor allows it, but between Arbor systems only. It should be more open to Third party systems, that's what I mean by "openness" : evolution from Netscout signaling protocol to standardized DOTS protocol (DDOS Open Threat Signaling)

Implementation could also be improved regarding distribution of mitigation directly on network elements.

I've been using Arbor DDoS for testing for about a year.

Arbor DDoS is stable and robust, as seen during testing phase and with feedback from the field.

According to the operational team, there are few tickets open on the Netscout/Arbor site, but I don't have a precise figure, as I'm only involved in testing phase.

Arbor DDoS is scalable, both horizontally and vertically. It has good visibility making things quite obvious. There are some price issues with scalability, but technically speaking, the solution is fully scalable.

Technical support was knowledgeable and responsive.

The initial setup is quite complex. It isn't easy to do the configuration, but it's okay once it's done. Arbor's implementation strategy was to monitor first and provide all the configuration or the correct profiling for this system after it's considered safe.

NETSCOUT's team deployed our solution.

Arbor DDoS is quite expensive, especially for the TMS mitigation part

We compared it with others actors in antiDDOS domain, such as Nokia Deepfield and others. There are some differences, but generally, the logic is the same.

Arbor Networks, vendor of the solution, has been in DDoS visibility protection for more than ten years, which affected our decision to go with it. We assessed the company's stability (acquired by Netscout), which was part of the decision.

I would advise potential users to try the NETSCOUT Arbor DDoS system but also to check on other solutions.

On a scale from one to ten, I would give Arbor DDoS a seven.

We use it to protect websites, usually. But it's hosted in our network, our infrastructure, and the company websites as well. We are an ISP company and we provide internet services and other services to companies, like banks, etc. Part of our services is DDoS protection.

We are the ISP for government websites here in Saudi Arabia. We had a lot of attacks on those sites. The way we mitigated those attacks was by asking the people who are hosting the website about the features they were using for the websites. They specified two of the ports, and they said we're not going to allow any other port, any other service apart from these two services. We allowed the websites to be accessible through those two ports only. We blocked everything else. This was four years ago and everything has been smooth ever since.

We have a monitoring team here, which is on watch 24/7. The monitoring part is very easy with this solution.

Our customers are very happy when we provide them with the interface. We give them read-only privileges and they can review the results by themselves. They can check how many attacks they have faced and how many attacks have been blocked. That is a very valuable feature offered by Arbor DDoS.

We can also give them more privileges. They can do some tweaking according to their own systems. If they have a database running or if they have a website, they can tweak the features themselves.

Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful.

The deployment is okay, stable. But when you are manipulating the countermeasures, that is the difficult part. You have to be very careful, and you have to be sure that these countermeasures will kick in when needed, that they're going to work.

We have to customize the countermeasures for each customer. That is a real challenge. We should be reviewing them every month. They might be changing their services, they might be using different ports. We have to keep asking our customers, "Okay what are you running now? What are you using now? Which port are you running now?" so that we know what to expect. We need to know which traffic would be legit and which traffic is illegitimate so that we can block the illegitimate traffic without mistakes. We don't want to block the real traffic. There is a feature in Arbor called auto-learning. We can run that and it will help us. But at the end of the day, it's for us to decide what to allow.

You cannot rely on auto because, for example, if you're running auto-learning, and the services have been running on 80, and all of a sudden it switches to 443, it will keep on blocking. You have to expect what's coming. You cannot rely on auto. Human involvement is always necessary.

If the network is expanding, of course, we would expect to need to add more equipment. We would need to expand our solution.

We had two customers from the government which came in, and they are super-important. Their services cannot go down. We had another solution from Arbor called Pravail. We had that installed for those two customers specifically. Their expected traffic is almost 8 MB, and their throughput is 12 MB. Any noise or malformed packets or out-of-sequence packets get filtered by the Pravail Solution. The bigger attacks will be handled by the TMS, the Threat Mitigation System.

Scalability is not a problem for Arbor.

Technical support is really good. ATAC has been good with us. We haven't had any problem contacting them or getting them engaged in our activities. For example, sometimes we need to customize the portal banner. For that, they have been helpful.

This is our first DDoS solution.

The initial setup is kind of complex because it requires peering. We have to design it from scratch, which makes it a little bit complex. It depends on whether we want to get it inline or if we want to apply offloading, and whether the company can afford a TMS of its own or we need to send traffic to a remote TMS, hosted by Arbor itself.

The last deployment I was involved in took almost a month-and-a-half, with another 15 days for documentation.

It took about eight to 12 people to get the deployment operational. We had people from the core who were engaged with us for the integration and bringing up the systems. After that, we had to hire some fresh resources, because, honestly, it's a new product and it's not very common. We can't really find experienced people for DDoS.

It was not much of a challenge when we were developing it and when we were deploying it because we had a resident engineer who was planning everything, who was leading everything. But after that, when we were mitigating the attacks, there were challenges because we didn't have experienced people over here and the attacks were coming day and night, 24 /7. I had to come to the office after midnight and at midday. 

But now, the system stable and the people that I'm managing are more experienced. They know stuff and it's pretty smooth now.

We engaged Arbor itself. We had a resident engineer from Arbor who came here and deployed the system. He was here for a month more for support and for any types of issues that we faced.

Go for it. It's one of the best solutions you can get for DDoS. It doesn't matter what services you're going to use. As long as you have the whole solution, the TMS and everything in-house, it's the best solution.

We have a team of 12 to deploy and monitor the solution; we have three shifts running around the clock. They monitor the system alerts. They monitor the websites using the controls that we have to protect the clients. If one of them catches an attack, there is a high-alert flag and we focus on the attack to see if it has been mitigated or not. If it needs anything, if it needs some tweaking, we have two resources on each watch, a senior resource and a junior. The junior one keeps on monitoring. The senior one comes in whenever there is something to correct or if something needs to be changed in the system.

For ISPs, Arbor DDoS would be the best solution. For smaller organizations, we can buy the services from Amazon for DDoS protection, and there's Cloudflare. But for ISPs, it's better to have Arbor DDoS because we have everything in-house. ISPs like ours have almost 120 gig bandwidth. For throughput, it's the best one.

We don't have plans to increase usage currently because when we brought the solution four years ago, we measured it a lot. We bought more than what we needed. The plan is to improve the human operability on the system itself. Things look smooth, but you cannot rely on two or three people. We have to have redundancy in the human workforce. We're planning to expand the team so that we don't need to hire any fresh resources and train them from the start. These services are very expensive and our customers are expecting a perfect solution.

Our company uses a platform to render the solution to our customers and ensure quality service. We build the solution based on our data centers and infrastructure and then deliver an ID appliance to the customer that communicates with our routers and network. The solution provides flow spec protection and prevents volumetric DDoS attacks. 

The solution provides good protection against volumetric DDoS attacks. 

The solution could be more granular to include logs per second and enhanced pipeline monitoring for router licenses. 

We would like the solution to offer secure, bug-free portals that could be installed in our data center and be accessible to our customers. Portals built on their own are expensive and time consuming because they have to be aligned with the solution's operational systems. 

New versions are sometimes released before the bugs are worked out. 

I have been using the solution for six years. 

The solution provides good quality stability and I rate it a nine out of ten. 

The scalability could be improved with a more granular approach. I rate it a six out of ten. 

The initial setup requires knowledge and is not easy. Setup involves many things including security, technology, alerts, and incidents. From a security operation standpoint, it is detailed and hard. 

We have 10-12 technicians who implement the solution and service thousands of users.

There is a push from the solution's vendor to achieve profitability. It is currently profitable and I see it growing in the Polish market. I strongly believe in the solution and its impact on the profitability of our services. 

The solution could be a bit less expensive given its market share. Other solutions that only offer DDoS protection are less expensive. Pressure from new companies will be visible in the future and affect pricing. 

I'd also like botnet protection to be included in the package with volumetric DDoS attack prevention. Since licenses are required for routers, a method for tracking them in the pipeline would make the pricing model more attractive. 

Given the limited scope of functionality, I rate the solution's pricing model a six out of ten. 

Our company also uses Radware as a solution. We build our portfolio based on the appliance software and professional services that could be added to create value for customers.

The battle between NETSCOUT and Radware will continue until the end of time. There are periods of time when NETSCOUT is better and then it switches to Radware. We look beyond the technology when choosing a solution for customers. 

Radware offers more functionality because they include volumetric DDoS attack and botnet protection in their package. The network behavior analysis in Radware's DefensePro includes intrusion, malware protection, and anti-botnet solutions that are more comprehensive than NETSCOUT. Radware puts an emphasis on cloud service using the OPEX model, which allows a startup purchase for a lower investment that we can enhance for our customers over time. This gives us the flexibility to add licenses at any point.

Fortinet also has a good model where you can choose to buy segments of virtual machines instead of whole machines. You buy and accrue points that give you access to segments of these virtual machines. 

I rate the solution an eight out of ten. 

Our primary use case for Arbor is dose protection. 

Arbor's performance is its most valuable feature. The boxes are able to process huge amounts of traffic. One rec unit box can forward 20 gigabytes of traffic without any issue or without any latency towards the network. It's impressive really.

Arbor's SSL decryption is confusing and needs external cards to be installed in the devices. This is not the best solution from an architectural point of view for protecting HTTPS and every other protocol that is SSL encrypted.

Their mitigation rate could be higher. No matter how good Arbor is in DDoS protection, they do not get a 100% mitigation rate.

Arbor has the longest tradition in DDoS protection. They have way more expertise in DDoS than anyone else. However, the price of support and licensing is a bit high. They are not affordable but they do their job perfectly.

I have been using Arbor DDoS for the last five years. 

On a scale of one to five, with one being not stable at all and five being very stable, I would give Arbor a five for stability. 

If you do a good job planning and selecting a good Arbor box for your organization, you can scale at a fairly high level. For scalability, I give Arbor a four out of five, with one being unscalable and five being highly scalable.

Arbor's tech support staff knows what it is doing. 

Positive

On a scale of one to five, one being difficult and five being easy, I would rate Arbor's initial setup as a three. It is easy, but you need to plan it well. You need to think about what you are protecting. There are a lot of different small fine tuning elements that you need to consider during the deployment.

A common implementation strategy for Arbor DDoS takes about two to three weeks. That is the optimal time frame for delivering the whole solution and getting it as a fully functional protection. 

We usually start the implementation process by placing the device in the customer's data center. We put it into a transparent mode and then observe some peaks, packet rates, and traffic flows. When that learning period is over, we will start to enforce the protection. That is about it; nothing more to it than that. There may be some fine tuning as a last step, but that rarely happens.

The deployment usually includes myself and one more engineer. Bigger teams of up to seven or eight engineers do get formed for enterprise customers and internal service providers.

Companies that live from their presence on the internet will get a very high return on investment from Arbor. 

Arbor services are paid annually. A good option is that cloud mitigations can be licensed annually, but you can also buy a single mitigation. That's the lowest quote that you can get. You can activate a cloud mitigation and 24 hours after the mitigation ends, you can buy one more and so on without a contract. They are flexible with the licensing for these additional services, which is nice.

Arbor and other Netscout products are almost like Cisco. You configure them once and you can leave them in the data center forever and never do anything on them again. Issues with stability and other unexpected things barely happen ever.

Regardless of how big your organization is, if you provide some sort of services towards the internet or towards clients, you will benefit from DDoS protection and Arbor especially. They have boxes that are really affordable. 

Arbor can be deployed as hybrid solution, but the company's main business model is deploying their appliances on premises.

The good thing about Arbor and Netscout is that they are able to incorporate taxi and streaks external feeds into their devices. That makes them really flexible not towards their own IP intelligence, but you can streamline the additional information from multiple different open source or paid sources. They are well rounded in terms of features. Their portfolio covers network visibility, pocket brokers, and similar stuff. 

I use Arbor DDoS for the same purposes for which I use A10.

It has an easy-to-understand GUI.

The solution's shortcomings are related to its documentation, so it's an area that needs to improve.

I have been using Arbor DDoS for a year.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a nine out of ten. Around 50 people use the solution in my company. Also, I don't have plans to increase its usage.

I have never used Arbor's support.

The setup process was easy. The solution has been set up on all the devices. So, I did the setup from start to end.

I didn't evaluate other products before choosing Arbor DDoS.

I would definitely recommend the solution to those planning to use it. I rate the overall solution a ten out of ten.

We are using it for application availability, for its perimeter protection against DDoS and such service-exhausting attacks. Our goal is service availability and protecting our infrastructure against reputational damage and other penalties that could be incurred as a result of outages and malicious activities.

In terms of availability, we have never suffered any service exhaustion or services unavailability. Credit goes to the solution in that we have probably suffered a number of attacks, but they were mitigated by the tech solution without any notable impact - automation. We have benefited a lot from it.

It gives us visibility into what's going on with our externally exposed services. The better the visibility it means we are able to take better informed actions to improve our infrastructure, both inside and outside the LAN.

And it has definitely helped us to achieve our network and application uptime requirements for our business and its external stakeholders. We have always maintained a very high service availability. Previously, the work involved was so intense to ensure we could support that availability. The uptime was the same then as it is now, almost 99.99 percent availability. But back then, threats were not as evolved and sophisticated as they are now. In the seven years we have been using the tool, we have continued with availability of services as before. But today, without the Arbor solution, I believe we would have suffered quite a number of service availability issues.

The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me.

They are putting quite a good amount of effort into their research to make their products stand out from the rest.

Day by day, the solution is actually getting smarter and more useful.

I haven't found anything to complain about or anything that they need to improve on.

I have been using Arbor DDoS for close to seven years now.

It's a very well-developed tool. I'm quite impressed. I'm happy with its performance. Stability-wise, it's a good tool. Support is also very impressive.

For my environment, there is no need for growing the platform. We currently have about 5,000 endpoints. But from what I've seen, and the way we deployed it, it looks quite scalable.

I've used NETSCOUT's technical support a number of times. I would rate it at 8 out of 10.  They are doing well, there is always room for improvement. Their technical knowledge is on point, and their turnaround time is on point.

We did not have a previous solution.

The decision to use Arbor was based on their track record and capabilities - they stood out very well.

It's not complex. If you know what you want to use the tool for, the placement, and you know what you want to protect, the setup is very straightforward. It requires minimal downtime to deploy the solution. I found it quite easy.

Deployment took about two hours, but that time includes internal delays. From the moment you start setting it up, it takes no more than 30 minutes. The longest part, before you deploy the technology, is learning your network by monitoring it. That could take a long time, depending on the timeframe that you want to benchmark on. It could take, say, a month, just to get an idea of how your network behaves. But in terms of setting up the device, it should take an hour, tops.

We had three people involved in the initial setup. All are network engineers.

Post-deployment maintenance on our side consists of just the regular updates of the software. 

Implementation was both inhouse and vendor supported - vendor support was great, very knowledgeable resources.

ROI comes from the fact that we've never suffered any outages. In the absence of Arbor, if we were to be compromised, the cost would be way more than the cost of the solution.

The solution is a bit costly if you're on a tight budget, but it's worth the price that they are charging - the ROI is notable in a long run.

I've only used the Arbor solution, so I haven't had any hands-on exposure to other technologies. But from the bit that I've read, and based on the ratings of the other solutions, nothing compares closed to what Arbor anti-DDoS offers. I've tried to compare it with the F5 Silverline solution, but the way that solution does threat mitigation is not as advanced or as comprehensive as what Arbor does.

My advice is "Go for it." It's a great tool. If you're concerned about the availability of your services, I highly recommend it, without any hesitation. If you regard your brand or organization as valuable, then Arbor is the tool for you.

We use these products because of the increase in frequency and sophistication of Denial of Service and Distributed Denial of Service attacks. As a service provider, we need to control and mitigate these attacks.

Valuable features include:

• Simple and centralized management of user access and capabilities
• Viewing and/or configuring of status, history, account, user, AAA, DNS, and NTP settings
• Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control
  

The following areas need improvement:

• Opening and tracking support tickets 
• Online support resources
• Software upgrades/updates and replacement media
• Event management guidelines.
  

The initial implementation phase was a bit tricky but after that, it worked like a charm.

Provides increased performance, scalability, and availability for Peakflow SP-based managed services.

It enables 25 simultaneous users/API per non-leader device. It scales up to ten PI devices and a maximum of 125 simultaneous logins, deployment-wide.

The setup follows a project plan based on a PIP (Performance Improvement Plan) document and the LLD. A process is created to cover site preparation, hardware staging, hardware installation, and link activation and needs the involvement of the Operations team. Deployment takes three to four months.

Our implementation strategy is as follows:

• Assign a project manager to be onsite when needed during the implementation until signoff
• Understand customer’s policies, requirements, and procedures
• Discuss and agree on the general prerequisites for the proposed solutions
• Conduct site survey
• Site preparation for the proposed solutions
• Design the proposed solutions
• Provide detailed project plan for the entire assignment
• Provide Low-Level Design
• Delivering the proposed SW and HW to the site
• Configure the solutions based on best practices
• Complete integration, fine-tuning, testing, and knowledge transfer to provide templates and guidance on use of templates to team members
• Finalize the deliverables along with the client
  

We did include an SI for the deployment. Our experience with that team was excellent as they knew what they were doing.

Pricing is slightly on the higher side.

It's an excellent product DDoS protection against attacks.

We have more than 7,000 users at all levels of access.