What is our primary use case?
I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.
How has it helped my organization?
I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.
What is most valuable?
The DDoS mitigation. There is no other feature.
It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.
What needs improvement?
For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.
But otherwise, from a user perspective, it's pretty straightforward.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.
What do I think about the scalability of the solution?
Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.
There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.
How is customer service and technical support?
Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.
Which solutions did we use previously?
I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.
When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.
How was the initial setup?
The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.
The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.
The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.
When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.
In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.
What was our ROI?
I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.
What's my experience with pricing, setup cost, and licensing?
To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.
What other advice do I have?
Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.
I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Dec 13 2018
Learn More About Arbor DDoS