Arbor DDoS Reviews

It is our ISP, from where we get our internet traffic. We just send it to them and if anything is suspicious or there is some malicious traffic, we talk to them about what kind of traffic it is. If some machine or some router is being attacked by a malicious user, we try to find out the source IP and why this traffic is coming to us. The Arbor solution is deployed on their premises. We just ask them to control or just stop that traffic. They do the filtration. They provide us all the required details to mitigate an attack on any particular machine.

Arbor DDoS is a quick solution when you have identified some of the originating suspicious IPs from which you are getting traffic in your network. If you have identified that some of the email gateways, or any of your web applications, or any of your routers are being attacked, it is effective. You can ask your ISP to block such queries. If the originating IPs are dynamic, it is a little bit difficult for them to identify and block the traffic, but to a certain extent you can minimize the DDoS attack impact with this solution.

In application layer DDoS attacks, it suggests the actions that should be taken. But at the network layer, you can simply block the originating traffic IP and block the port instantly. It depends on how proactive you are and how effective your incident response team is. Once traffic has started on any of your machines, it can be very difficult to manage it, but you can minimize the impact of malicious traffic with the Arbor tool.

The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.

On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved. In today's era, attackers are also developing their skills. Daily, new threats are coming into the environment.

I've been using Arbor DDoS for almost seven years. I am the cyber security architect in our company and we have a SOC manager. We work together as a team and we are the only two people who use it. 

We do have a team and they instantly contact the ISP if any malicious source IP has been detected. It has been about six months since we have faced an incident in which we had to reach out to our ISP to block some traffic. We then isolated that machine later on. We instantly blocked that port and signature file. Our SOC team works on the operations part.

The stability of Arbor DDoS is excellent, whether it is hardware or software stability. Whatever rules are set up inside, it's excellently developed and it excellently manages your good and malicious traffic.

In terms of scalability, it's also excellent. DDoS attacks are not very scalable, but compared with other tools, in terms of mitigating those non-scalable DDoS attacks, it is better. In that way, Arbor is scalable. It is very effective when it comes to mitigating or dealing with DDoS attacks.

We have four SOCs deployed here, and my SOC has one lakh EPS (event per second) capability. It is a big network and we use the biggest telecom operator in India. We just deal enterprise and telecom traffic.

The support is fine. The ISP team works directly with the Arbor team, so they would have a better idea about that part, but from what I know the support is excellent.

We don't have the Arbor solution deployed on-premises. It's with the ISP, so I wasn't involved in the setup or the implementation.

Arbor is the most effective solution, when compared with other tools. Although I only have experience with Arbor, I have read a lot about other tools. Today, attackers are developing their skills like anything. When some of your workstation IPs are hacked, or some of your application vulnerabilities are exposed, Arbor solutions are very much effective. Although you may have very limited competency or tools to deal with today's DDoS attacks, Arbor is effective.

Arbor is very precise as far as network layer traffic monitoring and control are concerned, but in my opinion EDR is a better solution when it comes to the application layer and DDoS. Arbor has its modules but EDR is a better solution to mitigate the application layer DDoS attack.

Arbor's hybrid approach to DDoS protection is both an advantage and a disadvantage. Sometimes it is not able to filter traffic adequately because of the hybrid approach. It only takes action after a bit of time. It starts acting on malicious traffic a little bit late because of the hybrid approach. On the other hand, after seeing all the aspects, the analysis is sensible and perfect. So it depends on from which side we look at this feature.

Network layer DDoS attacks are absolutely big. DDoS attacks cannot be mitigated instantly, it takes time. You have to be very aware of your network and about which machine an attack has reached, and what the network architecture is. All those aspects are responsible for the impact of DDoS attacks. Arbor is not absolute but, comparatively, I find it to be an effective solution.

Overall, it's a great product. It is a very effective product in terms of dealing with DDoS attacks, whether it is network layer attacks or application layer attacks. But it is better in network layer DDoS attacks. It is among the best.

Our business is to provide a DDoS protection solution for our customers. Our customers are banks, financial groups, etc.

We might develop some DDoS protection services for our customers under our Internet umbrella. We detect and filter traffic using Arbor DDoS in our network. 

We use it as a BGP or prompt, as a telecom service provider. We have SP and TMS, and that is all our architecture.

We resell on-premise the Arbor edition and install at our customers' site, specifically the Availability Protection System (APS) system.

It protects huge attacks on our Internet system over our network. 

We provide more granular application protection using the APS system, which is located at customer sites.

Our concern is to provide flexibility. We decided to move to this DDoS solution. We wanted to install some local filtering service in the regions. We wanted to be able to add or remove some mitigation capacity to our regional services, which is vital for us. So, we decided to develop these new features to our DDoS service.

Every day or month, we have found some new attack, but I don't think that is very important. It is just the evolution of attacks. We fix it and make a description, so we will be aware when some new attacks come. I think that the Arbor DDoS and APS solutions are quite enough at the moment, as they mitigate all attacks that we face.

The most valuable feature is the ability to work in BGP. It is not important to provide all traffic in a mitigation system every time. We have a lot of customers, and only when a proxy is detected do we use it. This has reduced the cost of our solution. 

We would like the ability to decrypt APS traffic.

We need a SaaS model for the solution.

I opened a ticket with Arbor for the ability to localize numbers of our customers in BGP sessions. This has not been resolved.

We have been using Arbor DDoS for seven years, since 2013. 

It is quite stable. There are no major important bugs, though maybe some small ones. 

There are around five people who maintain it 24 hours a day.

It is quite scalable and effective. You can add new integration services quite easily. 

There are around 60 end users/customers of this solution.

They have good support. Tickets are resolved efficiently in time with Arbor engineers.

It was quite complicated and complex to set up. 

Several engineers were required to deploy it.

There were huge attacks in October, around 62 attacks at 30 gigabits per second, at one of our banks. We used Arbor DDoS to mitigate these attacks, and it performed great.

The solution has a huge price, but we are a global company so we receive global pricing, which is why we chose Arbor. We also receive good prices for Russia.

We also bought the Sentinel feature to use its flow spec because we needed to know how much traffic will be mitigated on our borders. We haven't used it yet, but we are planning on using it in the Spring. We found that the combination of the Sentinel feature with Arbor DDoS going forward is the most important feature.

We do not use the Arbor Cloud DDoS solution because it is too costly. We decided to make our proprietary cloud solution designed by our company.

Several solutions were tested, then we chose Arbor DDoS.

We evaluated several solutions, like NSFOCUS, three months ago, and decided to continue to go with Arbor. Another solution was similar to Arbor because they have a very sophisticated mitigation system. However, they still don't have a system that can analyze traffic by BGP, and their solution was to integrate with Arbor. We decided not to do that. 

Arbor is the solution for telecom services on the market.

Arbor is still the leader versus many vendors and products, which is why we decided to integrate with the Arbor solution for another three years. The solution has met our requirements.

I would recommend using Arbor DDoS.

We will buy the next version on virtual machines. We will buy a server separately with the on-premise solution, then install it on our servers where it would be virtual.

We have been thinking about creating our own DDoS solution using firewalls from other vendors.

We are looking to buy two distributed servers this year that we will need to test locally.

I would rate this solution as an eight (out of 10). Arbor DDoS is a stable solution that fulfills our requirements for DDoS protection services.

Using the Arbor SP Insight allows the detection of DDoS attacks coming in from upstream internet providers. The system provides a central analysis to detect DDoS attacks and allow reporting on internet traffic. This along with the TMS physical off-ramp mitigation platform allows us to redirect the inbound attack traffic via BGP. The offramp TMS effectively separates attack traffic from the main path used during normal operation. The system provides attack mitigation for both internal infrastructure and downstream customer services.

Prior to deploying the Arbor solution, DDoS mitigation involved creating ad hoc packet filters to block the malicious traffic during event. These were difficult to apply because getting the detailed match information during an event was problematic. The traffic monitoring systems we had in place did not always have the necessary detail, nor was the attack traffic patterns readily identifiable as malicious. And then the nature of the attacks did not always allow for blocking filters to apply only to malicious traffic. Arbor has made the whole process simpler. 

The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.

Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.

Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.

The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed.

Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process.  If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.

I have been using Arbor DDoS protection for over 8 years across two employers one a large scale enterprise network with dual data centers and 4 ISP upstreams and the second a regional service provider with multiple tier-one upstreams and internet exchange connections.

Arbor technical support is painless. Support requests at any hour are serviced quickly with an engineer that is very familiar with the platform details. The one RMA from hardware failure that I had to process went through immediately for our next business day delivery.

We use this solution to protect our infrastructure. 

The solution is stable and scalable. 

Licensing costs could be reduced. 

We've been using this solution for close to 18 months. 

The solution is stable. 

The solution is scalable, we have 3,000 users. 

The initial setup is easy, it takes a couple of minutes. 

There is an annual license fee with the cost dependent on requirements. 

I recommend this solution and rate it nine out of 10.

We are not using it in our organization. I'm working for a system integrator, and we have implemented this solution for our customers. Our customers use it as the out-of-path DDoS protector and to reroute the traffic through BGP to TMS to clean the traffic and put back the clean traffic.

Reporting is quite good. There are several pages of reporting on DDoS attacks, and you can find all the details that you need.

It's quite good out-of-path equipment. It works fine automatically for out-of-path.

There should be an automatic way to configure it to monitor traffic and decide which is an attack and which is not. In Arbor, you need to tweak and set all parameters manually, whereas in Check Point DDoS Protector, you can select the lowest parameters, and over the weeks, Check Point DDoS Protector will learn the traffic and you can then tighten some of the parameters to decide which traffic is regular and which is malicious. Arbor needs to be much more adjustable like Check Point.

I don't use it in-line. I know that they have equipment for in-line protection for DDoS, but it takes many hours to configure the traffic, and it needs to be constantly monitored. It's not as usable as Check Point. For in-line, the configuration takes too long. You need to dedicate one person to work with it full-time, and usually, customers are not willing to do that.

We have been using Arbor DDoS for the last two years. 

It's quite stable. Similar to Check Point, there is no problem with stability in the new version. I'd rate it a nine out of ten in terms of stability.

It's quite scalable. It's easy to implement more equipment. I'd rate it a seven out of ten in terms of scalability.

It's more complex than Check Point, and it depends on the topology and what customers need. I'd rate it a three out of ten in terms of ease of setup. All of its deployments are on-premises.

I don't deal with the pricing, but it seems that you need to get basic support in order to upgrade the software and implement some patches.

As an out-of-path DDoS protector, it's quite good. I don't have any experience with in-line, but I saw that it's necessary to have one person to comfortably work with it. For out-of-path DDoS protection, Arbor DDoS would be a better solution. For in-line DDoS protection, Check Point DDoS Protector would be a better solution.

Overall, I'd rate Arbor DDoS an eight out of ten.

We use the product for DDoS settings to prevent malware attacks.

The product allows us to check real-time progress, including latency and network activities.

The product could have end-to-end platform visibility, including connectivity and bandwidth, similar to Cisco.

We have been using Arbor DDoS for seven or eight years. At present, we use the latest version.

The product is very stable.

It is a scalable product. Its scalability depends on the bandwidth. It manages around 50,000 internet banking customers.

The technical support services are excellent.

The initial setup is easy. It involves configuring network connectivity, including public IP addresses and firewall/router configurations. It requires setting up security rules or access controls on Arbor to control which traffic is allowed through. It's important to ensure that traffic from the Internet has a few diversions before reaching the firewall. It takes approximately six hours to complete. The system needs to take a downtime for maintenance. It requires around 13 minutes to complete.

The product’s availability and support services are good. I rate it a ten out of ten.

We provide about 50% of the nation's bandwidth because of the submarine cables we have. We use Arbor to provide DDoS-protected bandwidth to our customers who require it.

The most valuable feature is mitigation, which can blackhole the IP.

An improvement would be to provide information on how pricing is done on different customer levels (e.g. is it done per gig or bandwidth?)

I've been using this solution for six or seven years.

Arbor's technical support is very good, we've had no issues with it.

The price is a little high.

I would rate Arbor DDoS as eight out of ten.

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.

The DDoS mitigation. There is no other feature.

It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.

But otherwise, from a user perspective, it's pretty straightforward.

It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.

Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.

There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.

Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.

I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.

When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.

The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.

The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.

The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.

When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.

In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.

I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.

To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.

I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.