F5 DDoS Hybrid Defender (EOL) Review

Excellent DDoS protection with responsive technical support and a straightforward setup

What is our primary use case?

We primarily use the solution for DDoS protection. 

We use it as a multivector environment model. We are a system integrator so we have the opportunity to engage multiple customers. 

On the side of infrastructure protection, infrastructure monitoring, or infrastructure protection for application infrastructure protection, we use this. It's the very first point of call for attacks as it is at the edge of the system you have to protect. The F5 has what we call a Hybrid Defender, which is a DDoS platform.

It operates at the edge of our network or traffic to prevent attacks based on signatures. It also works in a hybrid configuration with solutions and has a very good hybrid configuration with the cloud platform, which handles scrubbing. If there is a rudimentary attack it can intelligently signal the cloud and redirect traffic to the cloud where that attack can be fully mitigated before clean traffic is passed on to the user.

What is most valuable?

It handles the whole process with a very smart configuration. Just like other F5 components, it runs on the BIG-IP appliance platform, which is renowned for F5 and can manage, along with other F5 components, what they call BIG-IP, an analytics platform.

F5 can be probably be referred to as an application security company. They have very, very extensive knowledge on the standard application patterns and behaviors of different kinds of applications and protocols to which an application communicates with. Due to this, they can mitigate very effectively against DDoS attacks. That's something that you don't just find in the industry. 

The extent in which the solution is very effective is due to its ability to handle not just the most current signatures for malware, but also issues around emerging signatures. The Hybrid Defender has the ability to add a very rich source of intelligence via the F5 Threat Intelligence Chip Subscription and that provides a lot of intelligence.

The intelligence is aggregated by a 24/7 research center in F5. The learnings are downloaded to every client of a F5 DDoS appliance, and that gives everyone all the contextual information they need to know to in order to analyze traffic effectively. F5 doesn't just block, it provides users with contextual information to go by. 

Most competitor's environments will have their appliance do a hard stop. This means they weigh traffic from real customers and that affects the overall business experience. F5, on the other hand, uses contextual information to be able to specify what is malicious traffic and what is real traffic. That comes from its pool of intelligence, and from its threat intelligence team.

What needs improvement?

DDoS comes in an appliance. If we could have other variations in terms of appliances that DDoS can come in, tht would be helpful. This is especially necessary if one wants to cater to smaller environments.

We've seen the rise of smaller entities, and their requirements grow by the day. Having the ability to give them appliances that fit their needs in terms of that small or medium-sized segment and the pricing they can handle would be something that's great to see.

For how long have I used the solution?

I've been dealing with the solution for about three years now.

What do I think about the stability of the solution?

It's a very stable product. There aren't bugs or glitches. It's reliable. It doesn't crash.

What do I think about the scalability of the solution?

If you have a virtual platform and you need to move to a hardware platform, you can scale up with this solution quite well. If you have an appliance on a certain model, you will need to move to the next model. You can do a software upgrade to scale and that gives you access to more throughput. If you are dealing with an attack, and you're moving to a higher level of attack prevention, it may make sense to move to the Silverline product, which can be done very easily. In general, I'd say scalability is easy to achieve.

How are customer service and technical support?

The technical support is quite good. We find them to be very responsive. We're satisfied with their level of service.

How was the initial setup?

In general, it's easy to do the initial setup, whether you are deploying it virtually or not. It's an appliance so a lot of things have to be done ahead of time. 

Factors from the customer environment may increase the length of implementation. Generally, you can get this up and running in a few days. That said, getting the hardware to the customer might require some logistics, and that may take a few days as well. Once the solution is in hand, however, you're looking at three to five days.

A single skilled person knowledgable in F5 can handle the maintenance aspect of the solution. It won't take too much time in terms of manhours required for regular maintenance.

What's my experience with pricing, setup cost, and licensing?

The pricing that they offer is pretty standard across the industry. It's not astronomical. There aren't surprises.

What other advice do I have?

The solution is on the Silverline platform, which is a managed service which you can subscribe to. However, we also have the Hybrid Defender which is an on-premise appliance. In terms of deployment models, most customer requirements have a hybrid approach. They have an appliance in their environment, and then when they have a rudimentary appliance that is larger than the throughput for the appliance. They can redirect those attacks to the Silverline, which is F5's own cloud version for DDoS.

I'd recommend the solution. The product is good in the virtual, physical and cloud deployments. Whichever a company chooses really just depends on their consumption style. Those interested in the product should have a good conversation with an F5 partner to get a lay of the land.

F5 is a channel-centric company and they have lots of skilled partners around who could guide organizations through the onboarding of the product.

I'd rate the solution nine out of ten. It could always be better, however, it's a very good product.

Which deployment model are you using for this solution?

Hybrid Cloud
**Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Find out what your peers are saying about F5, NETSCOUT, Radware and others in Distributed Denial of Service (DDOS) Protection. Updated: June 2021.
522,693 professionals have used our research since 2012.
Add a Comment
ITCS user