What is our primary use case?
Using the Arbor SP Insight allows the detection of DDoS attacks coming in from upstream internet providers. The system provides a central analysis to detect DDoS attacks and allow reporting on internet traffic. This along with the TMS physical off-ramp mitigation platform allows us to redirect the inbound attack traffic via BGP. The offramp TMS effectively separates attack traffic from the main path used during normal operation. The system provides attack mitigation for both internal infrastructure and downstream customer services.
How has it helped my organization?
Prior to deploying the Arbor solution, DDoS mitigation involved creating ad hoc packet filters to block the malicious traffic during event. These were difficult to apply because getting the detailed match information during an event was problematic. The traffic monitoring systems we had in place did not always have the necessary detail, nor was the attack traffic patterns readily identifiable as malicious. And then the nature of the attacks did not always allow for blocking filters to apply only to malicious traffic. Arbor has made the whole process simpler.
What is most valuable?
The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.
Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.
Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.
What needs improvement?
The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed.
Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process. If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.
For how long have I used the solution?
I have been using Arbor DDoS protection for over 8 years across two employers one a large scale enterprise network with dual data centers and 4 ISP upstreams and the second a regional service provider with multiple tier-one upstreams and internet exchange connections.
How are customer service and technical support?
Arbor technical support is painless. Support requests at any hour are serviced quickly with an engineer that is very familiar with the platform details. The one RMA from hardware failure that I had to process went through immediately for our next business day delivery.
Which deployment model are you using for this solution?
Invest in better cybersecurity for your business. Find out how Arbor DDoS can help protect your network from DDoS threats.