What is our primary use case?
We have captured a profile for every production group which has a server-type configuration. We also enable signaling. If there is a huge amount of traffic, it will indicate that to us. Accordingly, we will inform them to take action or whatever. We will determine whether it is legitimate or not based on the requirements.
There is a given bandwidth for any organization, an expected amount of traffic at a given point of time. If it sees more than the traffic which we are expecting at a given point of time, it could be an anomaly. We will then check internally whether a download or upload is happening, etc. Normally, if it sees a huge amount of traffic at the same time, then automated cloud signaling will be enabled and, automatically, the traffic will be dropped.
How has it helped my organization?
There are multiple malicious IPs which are present everywhere. So, wherever the traffic comes from, it comes directly to the internet firewall, which utilizes the firewall's bandwidth, latency, etc. We block such traffic directly at the Arbor level only.
Also, with network-level signatures, we can block things like malicious packets at the Arbor level only.
What is most valuable?
It's very user-friendly. Everything is done through a GUI. It doesn't take much time to learn how to use it. Once you see it a few times you understand it.
It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken.
With Arbor, every six or 12 months, we can do DDoS testing.
Also, there are HTTP connections. We can tell it there are multiple production categories which are present in a server-type configuration and we can use that.
In very rare situations we use it to capture traffic. If there is any malicious traffic we can capture the packet where we can see the HTTP request.
What needs improvement?
On the main page there are alerts that we are unable to clear, even though the issue has been resolved.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is very good. We have never faced an issue with it.
What do I think about the scalability of the solution?
The scalability depends on the box but we have never had any issues with that.
How is customer service and technical support?
We use technical support when there is some issue with the box or traffic and we are unable to resolve it. Our interaction with them is good. They check the issues. It usually takes them one or two days to respond. They're knowledgeable and helpful.
The last issue we contacted them on was during implementation. We connected to one of two management ports but it was not working. They told us to change the management port and when we did everything was fine.
How was the initial setup?
I did the initial setup. It's not complex. We have a default admin and password where we need to set a management IP. Once management IP is set, if we connect it through a comm port, we need to set our system IP tools in the same subnet so that we can connect to Arbor. After that, we can set up usernames, passwords, and an IP access list. We can even change the group password.
If you have some knowledge, the implementation will only take between a half-hour and an hour. The only scenario where it takes time is when we put it into inline mode; when we mount the devices into the network.
One person is enough for deployment, if they have knowledge of how to implement it. There is no need for two or three. The number of people required to maintain it depends on the automation. One person is often enough.
What other advice do I have?
We have seven people who directly access Arbor DDoS, mostly project engineers.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Jan 01 2019
Learn More About Arbor DDoS