What is our primary use case?
Our primary use case is developing threshold values for all groups. We use it to analyze packets to build a use-case for when a server group hits the limit of incoming traffic. In such a case we suspect traffic.
We use it to build use-case scenarios, based on the server input and a client's requirements. Some clients have a number of users accessing a given server which affects the bandwidth. In each case, we need to tell DDoS what is considered legitimate traffic.
How has it helped my organization?
It prevents all unwanted or malicious traffic, using the Threat Intelligence feeds.
What is most valuable?
There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds.
There are two modes in the product: The first is a learning mode and the other is a production mode. First, we learn the traffic using the learning mode. We use it to fine-tune what is suspicious data and what is legitimate traffic.
What needs improvement?
Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning. Self-learning would be an improvement.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability of Arbor DDoS is good. It's not that complex as a product and stability is not an issue.
What do I think about the scalability of the solution?
The scalability is good. Configuration-wise, an administrator could create issues. But the product itself is good.
I have implemented it multiple times in industries like oil and gas, banking, and insurance.
How is customer service and technical support?
The response from Arbor's technical support is good. They respond within two days.
How was the initial setup?
The initial setup is straightforward. It's very simple. I have deployed the product for multiple clients. Implementation takes less than three to four hours, but the fine-tuning takes some time, based on the organization's needs. That can take more than a month.
Our implementation strategy is based on how many servers and groups there are and what kind of traffic is coming to/from the internet. These are the factors that affect how we deploy it. Deployment requires two to three consultants who are security architects. For maintenance, one administrator is fine.
What's my experience with pricing, setup cost, and licensing?
Licensing is based on features, I believe.
What other advice do I have?
Implementation is very easy but making the product work optimally is more difficult.
It's the best product. I would rate it at eight out of ten. There are some minor issues with blocking legitimate traffic and that's why it's not a ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Dec 26 2018
Invest in better cybersecurity for your business. Find out how Arbor DDoS can help protect your network from DDoS threats.