Arbor DDoS Review

A good tool for threat detection and mitigation, but implementation could be more open

What is our primary use case?

As an operator, we use Arbor antiDDoS system to protect our backbone, protecting the network and our assets like DNS.I'm involved in the validation and testing of the solution. 

The solution is installed in our lab, with a simulated full network. We can send some regular traffic as well as DDOS traffic, using some testing tools like IXIA system and opensource tools. 

For testing, we simulate some regular traffic, as background traffic, and we added some attacks on the network with attack tools. We can monitor what's sent to the network, and we can monitor what's received by the victim. In this case, we can assess which part of the attack was stopped by the system.

Arbor DDoS helps consolidate visibility on traffic and on DDOS attacks attempts. It can perform direct mitigation action on the network, which is important. It has also helped us achieve our network and application uptime goals.

What is most valuable?

I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.

What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.

What needs improvement?

I think Arbor DDoS should be more open to other systems, in the sense of coordination between mitigation centers, like for example the capacity to ask the upstream transit provider for mitigation.

Netscout's Arbor allows it, but between Arbor systems only. It should be more open to Third party systems, that's what I mean by "openness" : evolution from Netscout signaling protocol to standardized DOTS protocol (DDOS Open Threat Signaling)

Implementation could also be improved regarding distribution of mitigation directly on network elements.

For how long have I used the solution?

I've been using Arbor DDoS for testing for about a year.

What do I think about the stability of the solution?

Arbor DDoS is stable and robust, as seen during testing phase and with feedback from the field.

According to the operational team, there are few tickets open on the Netscout/Arbor site, but I don't have a precise figure, as I'm only involved in testing phase.

What do I think about the scalability of the solution?

Arbor DDoS is scalable, both horizontally and vertically. It has good visibility making things quite obvious. There are some price issues with scalability, but technically speaking, the solution is fully scalable.

How are customer service and technical support?

Technical support was knowledgeable and responsive.

How was the initial setup?

The initial setup is quite complex. It isn't easy to do the configuration, but it's okay once it's done. Arbor's implementation strategy was to monitor first and provide all the configuration or the correct profiling for this system after it's considered safe.

What about the implementation team?

NETSCOUT's team deployed our solution.

What's my experience with pricing, setup cost, and licensing?

Arbor DDoS is quite expensive, especially for the TMS mitigation part

Which other solutions did I evaluate?

We compared it with others actors in antiDDOS domain, such as Nokia Deepfield and others. There are some differences, but generally, the logic is the same.

Arbor Networks, vendor of the solution, has been in DDoS visibility protection for more than ten years, which affected our decision to go with it. We assessed the company's stability (acquired by Netscout), which was part of the decision.

What other advice do I have?

I would advise potential users to try the NETSCOUT Arbor DDoS system but also to check on other solutions.

On a scale from one to ten, I would give Arbor DDoS a seven.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Arbor DDoS reviews from users
Under Attack?
Invest in better cybersecurity for your business. Find out how Arbor DDoS can help protect your network from DDoS threats.
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,372 professionals have used our research since 2012.
Add a Comment
ITCS user