Arbor DDoS Reviews

We're a managed service provider as well as an internet service provider. We use it to protect our core network from DDoS attacks, and by protecting our core network we can also protect our end customers.

We're in the process of migrating to the newest version, currently. We use the solution in our physical environment, but we also take advantage of their cloud offering.

Previously, we were vulnerable to DDoS attacks, and large-scale attacks could potentially take down parts of our network segments. With the Arbor product, that doesn't happen anymore.

I love the forensics. The forensics give us the ability to look at logs and to look for anomalies and give us traffic information about customers that we might not normally have. We can also use that to assist customers in troubleshooting issues that they might be having. The forensics is what I loved the most.

I struggle with where the product could improve because it's pretty great the way it is.

I would just say more granular reporting, down to our customer level, would be helpful. If we could somehow import customer information in their networks, it would be able to generate reports. It might actually be able to do that right now, and we have just never used it.

I've dealt with other solutions where I said, "I wish it did this," but it didn't. We have tried some other solutions that do what Arbor does and I would often go back to them and say, "Well, I want it to do this," because we already have that now with the Arbor solution. I've dealt with other vendors and I don't see things that they're doing that Arbor doesn't do.

I've been using Arbor DDoS for eight years.

It's very stable. Things do happen and we have had to open support tickets, but that touchpoint with Arbor is very low. There is not a lot of trouble that comes up with it. 

We don't necessarily need to update the firmware versions all the time, although they are available. Sometimes we have stayed with a  version that we were on because it was stable and it was secure. I've dealt with other vendors before where there are constant problems and their solution is, "Well, there's a new firmware version. Upgrade." We don't have those kinds of problems with Arbor.

It's easily scalable. We could add on routers if we wanted to; we could add on more devices to handle more mitigations, or go to the cloud if necessary. If there was a large scale attack, we'd just use their scrubbing centers versus ours. It's very scalable.

It touches a relatively small part of our overall network: It touches our drain points to the internet. But it affects the entire network, which is quite complex. It's protecting our entire network. As our network expands, it can expand with us.

The technical support is very good. We usually get answers right away. We can submit a ticket online or just give them a call and get a quick response.

We didn't have a solution before Arbor, but there was a period of time where we tried another solution. We did not find that solution to be adequate.

With Arbor, when we see DDoS attacks, it is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler.

I wasn't involved in the initial setup, but I was involved, mid-stream, when we brought in the mitigation side. We are currently replacing our aged infrastructure of Arbor products with a newer version. I'm tangentially involved with that.

The updating process is straightforward. They've done a good job of that. And the fact that we've already deployed it before means we can use the template of the previous deployment to set up the new deployment. So it is easy.

Our implementation strategy is the same, whether for the initial setup or for the updates. We're finding where the drains are on our network and set up the monitoring for those points. Then we create the mitigation side at specific data centers so we can route traffic to those devices and mitigate the traffic.

We have seen ROI for sure because uptime, as a service provider, is critical and the solution helps us maintain 100 percent uptime.

There is room for improvement with the pricing. It is an expensive solution. The issue with the pricing is more the way it is built. Right now we're paying per router, and there's a limitation there. I would like to see bundle-pricing where there is an overall solution cost.

I will periodically talk with other vendors, just to make sure Arbor is really the best solution for us.

Work with Arbor. They have great people to help you make sure it's implemented correctly. And they also have a great training team to help you understand the solution and use it to its fullest advantages.

The biggest thing I have learned from using the solution is seeing all the different types of denial of service attacks that are out there. I have come to understand that they will come in waves and that certain types of customers are more prone to attack than others.

It also lets us understand traffic flows on our network, as far as the usual traffic goes. We can understand what our network looks like. What it looks like at 1:00 pm is very different then what it looks like at 3:00 am. The solution helps us understand that.

The users of Arbor DDoS in our company are only a handful of technicians. Our NOC and some of our security people, engineers, are in there, but it protects tens of thousands of customers for us. For deployment and maintenance of this solution we require two security engineers. They maintain the system and make any configuration changes, if necessary. They handle regular maintenance, if necessary, although it's pretty minimal.

I would rate this product as an eleven out of 10.

It is our ISP, from where we get our internet traffic. We just send it to them and if anything is suspicious or there is some malicious traffic, we talk to them about what kind of traffic it is. If some machine or some router is being attacked by a malicious user, we try to find out the source IP and why this traffic is coming to us. The Arbor solution is deployed on their premises. We just ask them to control or just stop that traffic. They do the filtration. They provide us all the required details to mitigate an attack on any particular machine.

Arbor DDoS is a quick solution when you have identified some of the originating suspicious IPs from which you are getting traffic in your network. If you have identified that some of the email gateways, or any of your web applications, or any of your routers are being attacked, it is effective. You can ask your ISP to block such queries. If the originating IPs are dynamic, it is a little bit difficult for them to identify and block the traffic, but to a certain extent you can minimize the DDoS attack impact with this solution.

In application layer DDoS attacks, it suggests the actions that should be taken. But at the network layer, you can simply block the originating traffic IP and block the port instantly. It depends on how proactive you are and how effective your incident response team is. Once traffic has started on any of your machines, it can be very difficult to manage it, but you can minimize the impact of malicious traffic with the Arbor tool.

The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.

On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved. In today's era, attackers are also developing their skills. Daily, new threats are coming into the environment.

I've been using Arbor DDoS for almost seven years. I am the cyber security architect in our company and we have a SOC manager. We work together as a team and we are the only two people who use it. 

We do have a team and they instantly contact the ISP if any malicious source IP has been detected. It has been about six months since we have faced an incident in which we had to reach out to our ISP to block some traffic. We then isolated that machine later on. We instantly blocked that port and signature file. Our SOC team works on the operations part.

The stability of Arbor DDoS is excellent, whether it is hardware or software stability. Whatever rules are set up inside, it's excellently developed and it excellently manages your good and malicious traffic.

In terms of scalability, it's also excellent. DDoS attacks are not very scalable, but compared with other tools, in terms of mitigating those non-scalable DDoS attacks, it is better. In that way, Arbor is scalable. It is very effective when it comes to mitigating or dealing with DDoS attacks.

We have four SOCs deployed here, and my SOC has one lakh EPS (event per second) capability. It is a big network and we use the biggest telecom operator in India. We just deal enterprise and telecom traffic.

The support is fine. The ISP team works directly with the Arbor team, so they would have a better idea about that part, but from what I know the support is excellent.

We don't have the Arbor solution deployed on-premises. It's with the ISP, so I wasn't involved in the setup or the implementation.

Arbor is the most effective solution, when compared with other tools. Although I only have experience with Arbor, I have read a lot about other tools. Today, attackers are developing their skills like anything. When some of your workstation IPs are hacked, or some of your application vulnerabilities are exposed, Arbor solutions are very much effective. Although you may have very limited competency or tools to deal with today's DDoS attacks, Arbor is effective.

Arbor is very precise as far as network layer traffic monitoring and control are concerned, but in my opinion EDR is a better solution when it comes to the application layer and DDoS. Arbor has its modules but EDR is a better solution to mitigate the application layer DDoS attack.

Arbor's hybrid approach to DDoS protection is both an advantage and a disadvantage. Sometimes it is not able to filter traffic adequately because of the hybrid approach. It only takes action after a bit of time. It starts acting on malicious traffic a little bit late because of the hybrid approach. On the other hand, after seeing all the aspects, the analysis is sensible and perfect. So it depends on from which side we look at this feature.

Network layer DDoS attacks are absolutely big. DDoS attacks cannot be mitigated instantly, it takes time. You have to be very aware of your network and about which machine an attack has reached, and what the network architecture is. All those aspects are responsible for the impact of DDoS attacks. Arbor is not absolute but, comparatively, I find it to be an effective solution.

Overall, it's a great product. It is a very effective product in terms of dealing with DDoS attacks, whether it is network layer attacks or application layer attacks. But it is better in network layer DDoS attacks. It is among the best.

Our business is to provide a DDoS protection solution for our customers. Our customers are banks, financial groups, etc.

We might develop some DDoS protection services for our customers under our Internet umbrella. We detect and filter traffic using Arbor DDoS in our network. 

We use it as a BGP or prompt, as a telecom service provider. We have SP and TMS, and that is all our architecture.

We resell on-premise the Arbor edition and install at our customers' site, specifically the Availability Protection System (APS) system.

It protects huge attacks on our Internet system over our network. 

We provide more granular application protection using the APS system, which is located at customer sites.

Our concern is to provide flexibility. We decided to move to this DDoS solution. We wanted to install some local filtering service in the regions. We wanted to be able to add or remove some mitigation capacity to our regional services, which is vital for us. So, we decided to develop these new features to our DDoS service.

Every day or month, we have found some new attack, but I don't think that is very important. It is just the evolution of attacks. We fix it and make a description, so we will be aware when some new attacks come. I think that the Arbor DDoS and APS solutions are quite enough at the moment, as they mitigate all attacks that we face.

The most valuable feature is the ability to work in BGP. It is not important to provide all traffic in a mitigation system every time. We have a lot of customers, and only when a proxy is detected do we use it. This has reduced the cost of our solution. 

We would like the ability to decrypt APS traffic.

We need a SaaS model for the solution.

I opened a ticket with Arbor for the ability to localize numbers of our customers in BGP sessions. This has not been resolved.

We have been using Arbor DDoS for seven years, since 2013. 

It is quite stable. There are no major important bugs, though maybe some small ones. 

There are around five people who maintain it 24 hours a day.

It is quite scalable and effective. You can add new integration services quite easily. 

There are around 60 end users/customers of this solution.

They have good support. Tickets are resolved efficiently in time with Arbor engineers.

It was quite complicated and complex to set up. 

Several engineers were required to deploy it.

There were huge attacks in October, around 62 attacks at 30 gigabits per second, at one of our banks. We used Arbor DDoS to mitigate these attacks, and it performed great.

The solution has a huge price, but we are a global company so we receive global pricing, which is why we chose Arbor. We also receive good prices for Russia.

We also bought the Sentinel feature to use its flow spec because we needed to know how much traffic will be mitigated on our borders. We haven't used it yet, but we are planning on using it in the Spring. We found that the combination of the Sentinel feature with Arbor DDoS going forward is the most important feature.

We do not use the Arbor Cloud DDoS solution because it is too costly. We decided to make our proprietary cloud solution designed by our company.

Several solutions were tested, then we chose Arbor DDoS.

We evaluated several solutions, like NSFOCUS, three months ago, and decided to continue to go with Arbor. Another solution was similar to Arbor because they have a very sophisticated mitigation system. However, they still don't have a system that can analyze traffic by BGP, and their solution was to integrate with Arbor. We decided not to do that. 

Arbor is the solution for telecom services on the market.

Arbor is still the leader versus many vendors and products, which is why we decided to integrate with the Arbor solution for another three years. The solution has met our requirements.

I would recommend using Arbor DDoS.

We will buy the next version on virtual machines. We will buy a server separately with the on-premise solution, then install it on our servers where it would be virtual.

We have been thinking about creating our own DDoS solution using firewalls from other vendors.

We are looking to buy two distributed servers this year that we will need to test locally.

I would rate this solution as an eight (out of 10). Arbor DDoS is a stable solution that fulfills our requirements for DDoS protection services.

Using the Arbor SP Insight allows the detection of DDoS attacks coming in from upstream internet providers. The system provides a central analysis to detect DDoS attacks and allow reporting on internet traffic. This along with the TMS physical off-ramp mitigation platform allows us to redirect the inbound attack traffic via BGP. The offramp TMS effectively separates attack traffic from the main path used during normal operation. The system provides attack mitigation for both internal infrastructure and downstream customer services.

Prior to deploying the Arbor solution, DDoS mitigation involved creating ad hoc packet filters to block the malicious traffic during event. These were difficult to apply because getting the detailed match information during an event was problematic. The traffic monitoring systems we had in place did not always have the necessary detail, nor was the attack traffic patterns readily identifiable as malicious. And then the nature of the attacks did not always allow for blocking filters to apply only to malicious traffic. Arbor has made the whole process simpler. 

The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.

Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.

Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.

The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed.

Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process.  If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.

I have been using Arbor DDoS protection for over 8 years across two employers one a large scale enterprise network with dual data centers and 4 ISP upstreams and the second a regional service provider with multiple tier-one upstreams and internet exchange connections.

Arbor technical support is painless. Support requests at any hour are serviced quickly with an engineer that is very familiar with the platform details. The one RMA from hardware failure that I had to process went through immediately for our next business day delivery.

We use the product for DDoS settings to prevent malware attacks.

The product allows us to check real-time progress, including latency and network activities.

The product could have end-to-end platform visibility, including connectivity and bandwidth, similar to Cisco.

We have been using Arbor DDoS for seven or eight years. At present, we use the latest version.

The product is very stable.

It is a scalable product. Its scalability depends on the bandwidth. It manages around 50,000 internet banking customers.

The technical support services are excellent.

The initial setup is easy. It involves configuring network connectivity, including public IP addresses and firewall/router configurations. It requires setting up security rules or access controls on Arbor to control which traffic is allowed through. It's important to ensure that traffic from the Internet has a few diversions before reaching the firewall. It takes approximately six hours to complete. The system needs to take a downtime for maintenance. It requires around 13 minutes to complete.

The product’s availability and support services are good. I rate it a ten out of ten.

We provide about 50% of the nation's bandwidth because of the submarine cables we have. We use Arbor to provide DDoS-protected bandwidth to our customers who require it.

The most valuable feature is mitigation, which can blackhole the IP.

An improvement would be to provide information on how pricing is done on different customer levels (e.g. is it done per gig or bandwidth?)

I've been using this solution for six or seven years.

Arbor's technical support is very good, we've had no issues with it.

The price is a little high.

I would rate Arbor DDoS as eight out of ten.

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.

The DDoS mitigation. There is no other feature.

It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.

But otherwise, from a user perspective, it's pretty straightforward.

It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.

Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.

There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.

Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.

I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.

When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.

The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.

The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.

The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.

When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.

In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.

I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.

To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.

I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.

Arbor DDoS is not used for enterprise companies but by some other companies, including NIDC, a government entity.

Analytics and its attack mitigation capabilities are valuable features of the solution.

It is an expensive product, so there is room for improvement in terms of pricing.

I work for the sales department. So, I've been using Arbor DDoS for three to four years. My company has a partnership with Arbor.

The product is stable. I rate its stability a ten out of ten.

The product is scalable. I rate its stability a ten out of ten.

It is an expensive product. I use this product for its different features.

I rate the overall product a ten out of ten.