Try our new research platform with insights from 80,000+ expert users
Robert Plese - PeerSpot reviewer
Network Engineer at a tech services company with 51-200 employees
Real User
Top 10
Good reporting and works well as an out-of-path DDoS protector
Pros and Cons
  • "Reporting is quite good. There are several pages of reporting on DDoS attacks, and you can find all the details that you need."
  • "There should be an automatic way to configure it to monitor traffic and decide which is an attack and which is not. In Arbor, you need to tweak and set all parameters manually, whereas in Check Point DDoS Protector, you can select the lowest parameters, and over the weeks, Check Point DDoS Protector will learn the traffic and you can then tighten some of the parameters to decide which traffic is regular and which is malicious."

What is our primary use case?

We are not using it in our organization. I'm working for a system integrator, and we have implemented this solution for our customers. Our customers use it as the out-of-path DDoS protector and to reroute the traffic through BGP to TMS to clean the traffic and put back the clean traffic.

What is most valuable?

Reporting is quite good. There are several pages of reporting on DDoS attacks, and you can find all the details that you need.

It's quite good out-of-path equipment. It works fine automatically for out-of-path.

What needs improvement?

There should be an automatic way to configure it to monitor traffic and decide which is an attack and which is not. In Arbor, you need to tweak and set all parameters manually, whereas in Check Point DDoS Protector, you can select the lowest parameters, and over the weeks, Check Point DDoS Protector will learn the traffic and you can then tighten some of the parameters to decide which traffic is regular and which is malicious. Arbor needs to be much more adjustable like Check Point.

I don't use it in-line. I know that they have equipment for in-line protection for DDoS, but it takes many hours to configure the traffic, and it needs to be constantly monitored. It's not as usable as Check Point. For in-line, the configuration takes too long. You need to dedicate one person to work with it full-time, and usually, customers are not willing to do that.

For how long have I used the solution?

We have been using Arbor DDoS for the last two years. 

Buyer's Guide
Arbor DDoS
December 2024
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's quite stable. Similar to Check Point, there is no problem with stability in the new version. I'd rate it a nine out of ten in terms of stability.

What do I think about the scalability of the solution?

It's quite scalable. It's easy to implement more equipment. I'd rate it a seven out of ten in terms of scalability.

How was the initial setup?

It's more complex than Check Point, and it depends on the topology and what customers need. I'd rate it a three out of ten in terms of ease of setup. All of its deployments are on-premises.

What's my experience with pricing, setup cost, and licensing?

I don't deal with the pricing, but it seems that you need to get basic support in order to upgrade the software and implement some patches.

What other advice do I have?

As an out-of-path DDoS protector, it's quite good. I don't have any experience with in-line, but I saw that it's necessary to have one person to comfortably work with it. For out-of-path DDoS protection, Arbor DDoS would be a better solution. For in-line DDoS protection, Check Point DDoS Protector would be a better solution.

Overall, I'd rate Arbor DDoS an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
Oleksii Pavlyk - PeerSpot reviewer
Head of the direction of ensuring the security of digital systems, electronic databases and networks at Ukreximbank
Real User
Top 5Leaderboard
Very stable and scalable.

What is our primary use case?

We use this solution to protect our infrastructure. 

What is most valuable?

The solution is stable and scalable. 

What needs improvement?

Licensing costs could be reduced. 

For how long have I used the solution?

We've been using this solution for close to 18 months. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable, we have 3,000 users. 

How was the initial setup?

The initial setup is easy, it takes a couple of minutes. 

What's my experience with pricing, setup cost, and licensing?

There is an annual license fee with the cost dependent on requirements. 

What other advice do I have?

I recommend this solution and rate it nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Arbor DDoS
December 2024
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Manager IP Core and Transmission Networks at GO PLC
Real User
You can be in a better position to mitigate and find alternatives when there is an attack
Pros and Cons
    • "When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives."

    What is our primary use case?

    My company is a quad-play operator service provider in Malta. We use it for our own internal infrastructure and clients, where we use both always-on and on-demand.

    Our partner has an in-house deployment and can upload it to the cloud as well. This helps to minimize the costs. With in-house deployment, the cost will increase significantly. So, this hybrid approach is advantageous.

    How has it helped my organization?

    When there was an attack, the attack was contained only on the IPs under attack. The rest of the network was not impacted, and that is the most important part.

    The solution has helped consolidate visibility and the actions that we have needed to take. Based on the reports which can be generated, one can be in a better position to mitigate and find alternatives when there is an attack. At the same time, we can limit impact on both the attacked IP ranges and customers as well as other services.

    Arbor DDoS has helped us achieve our network and application uptime requirements. Uptime has improved.

    What is most valuable?

    Arbor provides a full solution. They provide: 

    • The possibility of alarm triggering based on flow packets. 
    • Always-on and on-demand
    • Implementation of BGP Flowspec. 
    • Implementation with their cloud system.
    • Good reporting. 

    What needs improvement?

    When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives.

    For how long have I used the solution?

    I have been using it for more than 10 years now. The solution has changed names over the years. The Arbor suite has evolved a bit over the years, so now we are using Sightline. In the past, it was called Peakflow.

    What do I think about the stability of the solution?

    It is quite stable.

    What do I think about the scalability of the solution?

    The scalability needs to handle going horizontally, apart from the cloud, rather than replacing boxes.

    Initially, the solution was not that mature. It has evolved and scaled better over the years.

    Being a service provider on a small island, our environment is small in scale. Our network is small compared to other operators. We have 20 users internally: our NOC, IP team, and commercial team.

    How was the initial setup?

    It took three months once our agreement was done.

    What about the implementation team?

    Our partner implemented and maintains the system. We use the system to activate mitigation, generate reports, and do some changes. It is self-service, so we are empowered to manage the system.

    We rely on third-party deployment. From this third-party and how they interconnect with us, there will always be some tweaking in relation to understanding which links to use and how to avoid possible loops. 

    We are also looking to implement BGP Flowspec, which is not yet available because we are not exactly interfacing directly with the Arbor platform, but via separate routers that we interface.

    What was our ROI?

    When it comes to DDoS, we are saving by not losing money or clients. Like any insurance, you cannot really quantify it, but you need to have it.

    Attacks are getting bigger and bigger. The cost to have proper DDoS mitigation is once a year insurance. It is getting too large to be sustainable. This is not just related to Arbor. DDoS mitigation is more expensive every year.

    What's my experience with pricing, setup cost, and licensing?

    You need to find a way to get a good offering from Arbor by negotiating a price. That is the challenge. 

    See if it is possible to scale using the cloud service.

    Which other solutions did I evaluate?

    With respect to the competition, I think that Arbor Sightline reporting is cutting-edge. It is significantly more robust than what the other competitors have, such as, Corero, Radware, and Voxility.

    When it comes to the other suppliers, like Corero, Voxility, and Radware, they have automatic mitigation. This will auto-tune to attack changes. With Arbor DDoS, it needs manual intervention. To be fair, I am not sure if that is just our implementation, but that is our understanding for now. 

    Another point is how to handle HTTPS encrypted traffic. On that front, there are some options from other vendors to handle HTTPS without the need to install the certificate, where Arbor might need to do some further development there.

    With other vendors, you might need third-party software for NetFlow or reporting. In my experience, this is what differentiates Arbor DDoS from the rest.

    What other advice do I have?

    Overall, I would rate this solution as an eight (out of 10), the reporting as a 10 (out of 10), and the mitigation as a five to eight (out of 10).

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer991227 - PeerSpot reviewer
    Traffic Management skill center at a comms service provider with 10,001+ employees
    Real User
    A good tool for threat detection and mitigation, but implementation could be more open
    Pros and Cons
    • "I like all the features together as a whole."
    • "Implementation could be better."

    What is our primary use case?

    As an operator, we use Arbor antiDDoS system to protect our backbone, protecting the network and our assets like DNS.I'm involved in the validation and testing of the solution. 

    The solution is installed in our lab, with a simulated full network. We can send some regular traffic as well as DDOS traffic, using some testing tools like IXIA system and opensource tools. 

    For testing, we simulate some regular traffic, as background traffic, and we added some attacks on the network with attack tools. We can monitor what's sent to the network, and we can monitor what's received by the victim. In this case, we can assess which part of the attack was stopped by the system.

    Arbor DDoS helps consolidate visibility on traffic and on DDOS attacks attempts. It can perform direct mitigation action on the network, which is important. It has also helped us achieve our network and application uptime goals.

    What is most valuable?

    I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.

    What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.

    What needs improvement?

    I think Arbor DDoS should be more open to other systems, in the sense of coordination between mitigation centers, like for example the capacity to ask the upstream transit provider for mitigation.

    Netscout's Arbor allows it, but between Arbor systems only. It should be more open to Third party systems, that's what I mean by "openness" : evolution from Netscout signaling protocol to standardized DOTS protocol (DDOS Open Threat Signaling)

    Implementation could also be improved regarding distribution of mitigation directly on network elements.

    For how long have I used the solution?

    I've been using Arbor DDoS for testing for about a year.

    What do I think about the stability of the solution?

    Arbor DDoS is stable and robust, as seen during testing phase and with feedback from the field.

    According to the operational team, there are few tickets open on the Netscout/Arbor site, but I don't have a precise figure, as I'm only involved in testing phase.

    What do I think about the scalability of the solution?

    Arbor DDoS is scalable, both horizontally and vertically. It has good visibility making things quite obvious. There are some price issues with scalability, but technically speaking, the solution is fully scalable.

    How are customer service and technical support?

    Technical support was knowledgeable and responsive.

    How was the initial setup?

    The initial setup is quite complex. It isn't easy to do the configuration, but it's okay once it's done. Arbor's implementation strategy was to monitor first and provide all the configuration or the correct profiling for this system after it's considered safe.

    What about the implementation team?

    NETSCOUT's team deployed our solution.

    What's my experience with pricing, setup cost, and licensing?

    Arbor DDoS is quite expensive, especially for the TMS mitigation part

    Which other solutions did I evaluate?

    We compared it with others actors in antiDDOS domain, such as Nokia Deepfield and others. There are some differences, but generally, the logic is the same.

    Arbor Networks, vendor of the solution, has been in DDoS visibility protection for more than ten years, which affected our decision to go with it. We assessed the company's stability (acquired by Netscout), which was part of the decision.

    What other advice do I have?

    I would advise potential users to try the NETSCOUT Arbor DDoS system but also to check on other solutions.

    On a scale from one to ten, I would give Arbor DDoS a seven.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Waseem Alkhawaja - PeerSpot reviewer
    Product Specialist at a comms service provider with 501-1,000 employees
    Real User
    Top 10
    A tool with great technical support that offers protection against DDoS attacks
    Pros and Cons
    • "The quality of the technical support provided by Arbor DDoS is premium."
    • "With Arbor DDoS, its integration issues with other technologies or other vendors' technologies is an area of concern that could be improved."

    What is our primary use case?

    In my company, we use Arbor DDoS for the DDoS protection it provides.

    What is most valuable?

    The most valuable feature of the solution is that it serves as a tool for DDoS mitigation. The product is also useful when it comes to integrating the on-prem solutions with the cloud scrubbing center of Arbor DDoS.

    What needs improvement?

    My company is okay with Arbor DDoS. I don't know how improvements can be made in the technology used by Arbor DDoS. I can see that Arbor DDoS is the best in the market when it comes to DDoS protection, as they have very rich features while offering seamless integration between on-prem solutions and its cloud scrubbing centers. My company likes the support offered by Arbor DDoS. My company also likes the scalability capacity offered by Arbor DDoS.

    When you use Arbor DDoS, sometimes you may face some integration issues with other technologies or other vendors' technologies, which is normal to an extent when it comes to the competition between vendors as they lock the integration capabilities of their products. With Arbor DDoS, its integration issues with other technologies or other vendors' technologies is an area of concern that could be improved.

    I operate more on the commercial side of the business as I am a product manager in my organization. When speaking about technology from a technical perspective, I am not the right person to comment on what additional features are required in Arbor DDoS.

    It would be great if Arbor DDoS could enhance its technology and protect users from DDoS attacks without installing any on-prem or customer-premise equipment, but from a technical perspective, I don't know if something like this can be done or not.

    For how long have I used the solution?

    I have been using Arbor DDoS for almost four years. My company has a partnership with NETSCOUT.

    What do I think about the stability of the solution?

    Stability-wise, I rate the solution an eight out of ten. Some bug issues are related to any of the technologies in the market.

    What do I think about the scalability of the solution?

    It is a scalable solution. Scalability-wise, I rate the solution an eight out of ten.

    I recommend the solution to businesses that operate medium to large-sized companies.

    How are customer service and support?

    The quality of the technical support provided by Arbor DDoS is premium.

    I rate the technical support a nine out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The product's initial setup phase is complex. When it comes to a service provider in the local market, you need to realize that you are dealing with a complex solution with a high capacity for threat mitigation to serve multiple customers with different requirements. In our company, we have layer 2 attacks and mitigation techniques, where the tool is installed on an on-prem solution in our gateways and integrated with Arbor DDoS global scrubbing center to handle very high or volumetric DDoS attacks. When you want to go for application security with Layer 7 DDoS, you must install the AED or a customer device on an on-prem model. The new model or the business model of customers try to avoid installing any on-prem devices or hardware so they can take over the headache of operation or management or vendor support of their devices.

    The solution is deployed on the on-premises and cloud models. Depending on the cybersecurity compliance requirements, you can choose to deploy the tool on either model as it offers deployment of the product on a hybrid model.

    What's my experience with pricing, setup cost, and licensing?

    Arbor DDoS is an expensive solution and not a low-priced product, as its technology offers very high performance. I believe that the price of Arbor DDoS falls under the bracket of medium to high price.

    Which other solutions did I evaluate?

    There was a plan in my company to work with F5 to protect the cloud environment inside VMware solutions, but we moved to another technology. F5 needs to work on multi-tenant architecture to improve it.

    What other advice do I have?

    Suppose I discuss my experience and my customers' feedback about Arbor DDoS. In that case, I can say that we all are very satisfied with the solution in terms of the performance and the technology itself, like DDoS mitigation techniques for applications starting from Layer 1 to Layer 7. The cloud scrubbing center offered by Arbor DDoS is amazing, as it has reached up to 11 TB. Arbor DDoS offers very nice support. The only issue with the product is when it comes to its integration capabilities with other technologies, an area where I think Arbor DDoS is working on currently. My company has recently dealt with some incidents when it comes to integrating Arbor DDoS with our SIEM solution, and we saw that there were some issues that Arbor DDoS fixed.

    I rate the overall tool an eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Sr. Manager at a energy/utilities company with 10,001+ employees
    Real User
    Traffic filtering is very precise: When you want to stop some traffic, you precisely stop that traffic
    Pros and Cons
    • "The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic."
    • "On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved."

    What is our primary use case?

    It is our ISP, from where we get our internet traffic. We just send it to them and if anything is suspicious or there is some malicious traffic, we talk to them about what kind of traffic it is. If some machine or some router is being attacked by a malicious user, we try to find out the source IP and why this traffic is coming to us. The Arbor solution is deployed on their premises. We just ask them to control or just stop that traffic. They do the filtration. They provide us all the required details to mitigate an attack on any particular machine.

    How has it helped my organization?

    Arbor DDoS is a quick solution when you have identified some of the originating suspicious IPs from which you are getting traffic in your network. If you have identified that some of the email gateways, or any of your web applications, or any of your routers are being attacked, it is effective. You can ask your ISP to block such queries. If the originating IPs are dynamic, it is a little bit difficult for them to identify and block the traffic, but to a certain extent you can minimize the DDoS attack impact with this solution.

    In application layer DDoS attacks, it suggests the actions that should be taken. But at the network layer, you can simply block the originating traffic IP and block the port instantly. It depends on how proactive you are and how effective your incident response team is. Once traffic has started on any of your machines, it can be very difficult to manage it, but you can minimize the impact of malicious traffic with the Arbor tool.

    What is most valuable?

    The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.

    What needs improvement?

    On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved. In today's era, attackers are also developing their skills. Daily, new threats are coming into the environment.

    For how long have I used the solution?

    I've been using Arbor DDoS for almost seven years. I am the cyber security architect in our company and we have a SOC manager. We work together as a team and we are the only two people who use it. 

    We do have a team and they instantly contact the ISP if any malicious source IP has been detected. It has been about six months since we have faced an incident in which we had to reach out to our ISP to block some traffic. We then isolated that machine later on. We instantly blocked that port and signature file. Our SOC team works on the operations part.

    What do I think about the stability of the solution?

    The stability of Arbor DDoS is excellent, whether it is hardware or software stability. Whatever rules are set up inside, it's excellently developed and it excellently manages your good and malicious traffic.

    What do I think about the scalability of the solution?

    In terms of scalability, it's also excellent. DDoS attacks are not very scalable, but compared with other tools, in terms of mitigating those non-scalable DDoS attacks, it is better. In that way, Arbor is scalable. It is very effective when it comes to mitigating or dealing with DDoS attacks.

    We have four SOCs deployed here, and my SOC has one lakh EPS (event per second) capability. It is a big network and we use the biggest telecom operator in India. We just deal enterprise and telecom traffic.

    How are customer service and technical support?

    The support is fine. The ISP team works directly with the Arbor team, so they would have a better idea about that part, but from what I know the support is excellent.

    How was the initial setup?

    We don't have the Arbor solution deployed on-premises. It's with the ISP, so I wasn't involved in the setup or the implementation.

    Which other solutions did I evaluate?

    Arbor is the most effective solution, when compared with other tools. Although I only have experience with Arbor, I have read a lot about other tools. Today, attackers are developing their skills like anything. When some of your workstation IPs are hacked, or some of your application vulnerabilities are exposed, Arbor solutions are very much effective. Although you may have very limited competency or tools to deal with today's DDoS attacks, Arbor is effective.

    Arbor is very precise as far as network layer traffic monitoring and control are concerned, but in my opinion EDR is a better solution when it comes to the application layer and DDoS. Arbor has its modules but EDR is a better solution to mitigate the application layer DDoS attack.

    What other advice do I have?

    Arbor's hybrid approach to DDoS protection is both an advantage and a disadvantage. Sometimes it is not able to filter traffic adequately because of the hybrid approach. It only takes action after a bit of time. It starts acting on malicious traffic a little bit late because of the hybrid approach. On the other hand, after seeing all the aspects, the analysis is sensible and perfect. So it depends on from which side we look at this feature.

    Network layer DDoS attacks are absolutely big. DDoS attacks cannot be mitigated instantly, it takes time. You have to be very aware of your network and about which machine an attack has reached, and what the network architecture is. All those aspects are responsible for the impact of DDoS attacks. Arbor is not absolute but, comparatively, I find it to be an effective solution.

    Overall, it's a great product. It is a very effective product in terms of dealing with DDoS attacks, whether it is network layer attacks or application layer attacks. But it is better in network layer DDoS attacks. It is among the best.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Network Architect at DQE Communications
    Real User
    Comprehensive DDoS mitigation options from targeted off-ramp to BGP flow spec or Remote triggered blackhole
    Pros and Cons
    • "Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends."
    • "The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underling OS to the application version can be easily missed."

    What is our primary use case?

    Using the Arbor SP Insight allows the detection of DDoS attacks coming in from upstream internet providers. The system provides a central analysis to detect DDoS attacks and allow reporting on internet traffic. This along with the TMS physical off-ramp mitigation platform allows us to redirect the inbound attack traffic via BGP. The offramp TMS effectively separates attack traffic from the main path used during normal operation. The system provides attack mitigation for both internal infrastructure and downstream customer services.

    How has it helped my organization?

    Prior to deploying the Arbor solution, DDoS mitigation involved creating ad hoc packet filters to block the malicious traffic during event. These were difficult to apply because getting the detailed match information during an event was problematic. The traffic monitoring systems we had in place did not always have the necessary detail, nor was the attack traffic patterns readily identifiable as malicious. And then the nature of the attacks did not always allow for blocking filters to apply only to malicious traffic. Arbor has made the whole process simpler. 

    What is most valuable?

    The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.

    Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.

    Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.

    What needs improvement?

    The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed.

    Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process.  If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.

    For how long have I used the solution?

    I have been using Arbor DDoS protection for over 8 years across two employers one a large scale enterprise network with dual data centers and 4 ISP upstreams and the second a regional service provider with multiple tier-one upstreams and internet exchange connections.

    How are customer service and technical support?

    Arbor technical support is painless. Support requests at any hour are serviced quickly with an engineer that is very familiar with the platform details. The one RMA from hardware failure that I had to process went through immediately for our next business day delivery.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Team Lead for DDoS Protection at a comms service provider with 10,001+ employees
    Real User
    Our customers can check how many attacks they have faced and how many have been blocked
    Pros and Cons
    • "Our customers are very happy when we provide them with the interface... They can check how many attacks they have faced and how many attacks have been blocked."
    • "Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful."

    What is our primary use case?

    We use it to protect websites, usually. But it's hosted in our network, our infrastructure, and the company websites as well. We are an ISP company and we provide internet services and other services to companies, like banks, etc. Part of our services is DDoS protection.

    How has it helped my organization?

    We are the ISP for government websites here in Saudi Arabia. We had a lot of attacks on those sites. The way we mitigated those attacks was by asking the people who are hosting the website about the features they were using for the websites. They specified two of the ports, and they said we're not going to allow any other port, any other service apart from these two services. We allowed the websites to be accessible through those two ports only. We blocked everything else. This was four years ago and everything has been smooth ever since.

    We have a monitoring team here, which is on watch 24/7. The monitoring part is very easy with this solution.

    What is most valuable?

    Our customers are very happy when we provide them with the interface. We give them read-only privileges and they can review the results by themselves. They can check how many attacks they have faced and how many attacks have been blocked. That is a very valuable feature offered by Arbor DDoS.

    We can also give them more privileges. They can do some tweaking according to their own systems. If they have a database running or if they have a website, they can tweak the features themselves.

    What needs improvement?

    Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    The deployment is okay, stable. But when you are manipulating the countermeasures, that is the difficult part. You have to be very careful, and you have to be sure that these countermeasures will kick in when needed, that they're going to work.

    We have to customize the countermeasures for each customer. That is a real challenge. We should be reviewing them every month. They might be changing their services, they might be using different ports. We have to keep asking our customers, "Okay what are you running now? What are you using now? Which port are you running now?" so that we know what to expect. We need to know which traffic would be legit and which traffic is illegitimate so that we can block the illegitimate traffic without mistakes. We don't want to block the real traffic. There is a feature in Arbor called auto-learning. We can run that and it will help us. But at the end of the day, it's for us to decide what to allow.

    You cannot rely on auto because, for example, if you're running auto-learning, and the services have been running on 80, and all of a sudden it switches to 443, it will keep on blocking. You have to expect what's coming. You cannot rely on auto. Human involvement is always necessary.

    What do I think about the scalability of the solution?

    If the network is expanding, of course, we would expect to need to add more equipment. We would need to expand our solution.

    We had two customers from the government which came in, and they are super-important. Their services cannot go down. We had another solution from Arbor called Pravail. We had that installed for those two customers specifically. Their expected traffic is almost 8 MB, and their throughput is 12 MB. Any noise or malformed packets or out-of-sequence packets get filtered by the Pravail Solution. The bigger attacks will be handled by the TMS, the Threat Mitigation System.

    Scalability is not a problem for Arbor.

    How are customer service and technical support?

    Technical support is really good. ATAC has been good with us. We haven't had any problem contacting them or getting them engaged in our activities. For example, sometimes we need to customize the portal banner. For that, they have been helpful.

    Which solution did I use previously and why did I switch?

    This is our first DDoS solution.

    How was the initial setup?

    The initial setup is kind of complex because it requires peering. We have to design it from scratch, which makes it a little bit complex. It depends on whether we want to get it inline or if we want to apply offloading, and whether the company can afford a TMS of its own or we need to send traffic to a remote TMS, hosted by Arbor itself.

    The last deployment I was involved in took almost a month-and-a-half, with another 15 days for documentation.

    It took about eight to 12 people to get the deployment operational. We had people from the core who were engaged with us for the integration and bringing up the systems. After that, we had to hire some fresh resources, because, honestly, it's a new product and it's not very common. We can't really find experienced people for DDoS.

    It was not much of a challenge when we were developing it and when we were deploying it because we had a resident engineer who was planning everything, who was leading everything. But after that, when we were mitigating the attacks, there were challenges because we didn't have experienced people over here and the attacks were coming day and night, 24 /7. I had to come to the office after midnight and at midday. 

    But now, the system stable and the people that I'm managing are more experienced. They know stuff and it's pretty smooth now.

    What about the implementation team?

    We engaged Arbor itself. We had a resident engineer from Arbor who came here and deployed the system. He was here for a month more for support and for any types of issues that we faced.

    What other advice do I have?

    Go for it. It's one of the best solutions you can get for DDoS. It doesn't matter what services you're going to use. As long as you have the whole solution, the TMS and everything in-house, it's the best solution.

    We have a team of 12 to deploy and monitor the solution; we have three shifts running around the clock. They monitor the system alerts. They monitor the websites using the controls that we have to protect the clients. If one of them catches an attack, there is a high-alert flag and we focus on the attack to see if it has been mitigated or not. If it needs anything, if it needs some tweaking, we have two resources on each watch, a senior resource and a junior. The junior one keeps on monitoring. The senior one comes in whenever there is something to correct or if something needs to be changed in the system.

    For ISPs, Arbor DDoS would be the best solution. For smaller organizations, we can buy the services from Amazon for DDoS protection, and there's Cloudflare. But for ISPs, it's better to have Arbor DDoS because we have everything in-house. ISPs like ours have almost 120 gig bandwidth. For throughput, it's the best one.

    We don't have plans to increase usage currently because when we brought the solution four years ago, we measured it a lot. We bought more than what we needed. The plan is to improve the human operability on the system itself. Things look smooth, but you cannot rely on two or three people. We have to have redundancy in the human workforce. We're planning to expand the team so that we don't need to hire any fresh resources and train them from the start. These services are very expensive and our customers are expecting a perfect solution.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    Buyer's Guide
    Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2024
    Buyer's Guide
    Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.