Our company also uses Radware as a solution. We build our portfolio based on the appliance software and professional services that could be added to create value for customers.

The battle between NETSCOUT and Radware will continue until the end of time. There are periods of time when NETSCOUT is better and then it switches to Radware. We look beyond the technology when choosing a solution for customers. 

Radware offers more functionality because they include volumetric DDoS attack and botnet protection in their package. The network behavior analysis in Radware's DefensePro includes intrusion, malware protection, and anti-botnet solutions that are more comprehensive than NETSCOUT. Radware puts an emphasis on cloud service using the OPEX model, which allows a startup purchase for a lower investment that we can enhance for our customers over time. This gives us the flexibility to add licenses at any point.

Fortinet also has a good model where you can choose to buy segments of virtual machines instead of whole machines. You buy and accrue points that give you access to segments of these virtual machines. 

We've looked at Radware among others. Some of the other ones are really GUI-heavy. They have pretty pictures and you can click around, but that's the extent of what you can do. You can't go in and fine tune some of these systems. They're either very network-mitigation-type heavy, or they're more on the application. They're not a really good balance of both, which I've been able to find with Arbor. Another thing I have found is that a lot of these competitors have feeds. And once you start diving into their feeds and seeing where their sources are, a lot of them have Arbor as one of their feeds.

One of the reasons that we stay with Arbor is its evolution to meet growing concerns around DDoS attacks. My job is to find the best product out there to protect our infrastructure. I've looked for years and years, and continue to look, and Arbor has been able to give us the best results overall, as well as the best equipment, with the least number of headaches. We get a great bang for our buck. Requests that we put in for features are met with either a great explanation of why they can't fit it in, or are deployed months after we've requested them. Arbor's biggest feature is not their equipment, rather it's their knowledge, because they get such great visibility into the global network. They're able to see things that are months ahead of hitting the rest of the industry and are usually one step ahead of what's about to hit.

The new feature that stands out compared to their competition is their automatic flow specs. Flow specs are nothing more than dynamic ACLs on the network edge, using PGP. What this does is it surgically reduces the amount of capacity we need to use from their TMS (threat mitigation system) and now use the network edges, the routers, to drop the traffic that's not wanted. There are a lot of what we call "dumb attacks," reflection amplification attacks, that can decimate a data center. With flow specs, we're able to drop that traffic before it even enters into our network. That's exactly what you want. You want to be able to stop and drop traffic further up the stack, as much as possible.

Another feature that they're working on, that I'm excited to see, is the ability to share these flow specs, these rules, with your provider. So if we have an attack, and we have AT&T or another of the big Tier-1s, we can send them our rules, and they can block the traffic at their network at that time, which reduces the liability to our network as well.

They're also starting to put out reporting features. It's often hard to take what you see at the technical level and push that up to your C-level type of executives. They like pretty graphs and you can't really do that with the information from NetFlow. But using the new executive reporting makes it a lot easier for us to justify it for next year's budget. And if there are budget cuts somewhere, we can always show to our leadership how useful this deployment is, to get the additional capital or OpEx, if need be.

These features are available in competing products, but not to the extent that Arbor has in its reporting. Reporting is available in a lot of products, but the information they provide is something you have to go in and actually create. And you're limited to what you're able to create. With Arbor, and its REST API, we can now create all kinds of reports that suit the person or the audience that we're trying to get to.

There's no other competitor that I'm aware of, right now, that's working with the providers to be able to share flow specs between them. That's one of the advantages that Arbor has in working with something like 95 percent of the Tier-1 providers. Arbor has a little more insight into the bigger providers that we rely on. Other competitors have not gone to that level yet.

I didn't evaluate other products before choosing Arbor DDoS.

There was a plan in my company to work with F5 to protect the cloud environment inside VMware solutions, but we moved to another technology. F5 needs to work on multi-tenant architecture to improve it.

Arbor is the most effective solution, when compared with other tools. Although I only have experience with Arbor, I have read a lot about other tools. Today, attackers are developing their skills like anything. When some of your workstation IPs are hacked, or some of your application vulnerabilities are exposed, Arbor solutions are very much effective. Although you may have very limited competency or tools to deal with today's DDoS attacks, Arbor is effective.

Arbor is very precise as far as network layer traffic monitoring and control are concerned, but in my opinion EDR is a better solution when it comes to the application layer and DDoS. Arbor has its modules but EDR is a better solution to mitigate the application layer DDoS attack.

We have evaluated Arbor against other OEMs. It is not only about the feature comparison, it is also based on what kind of skill sets are available in any enterprise and what are they more comfortable with. We are living in a world that is very heterogeneous, and we like to keep it heterogeneous in order to maintain some level of redundancy of the OEM level. This is where from a security perspective Arbor DDoS has the advantage. Customers tend to pick vendors who have a multi-level approach that can protect them from any potential attacks.

As a product/platform, Arbor is quite focused and offers quite smooth features vis-à-vis its competition. The acceptance that we see for Arbor, from the customer's perspective, is very high. Many customers prefer to go with Arbor solutions rather than any other solution when it comes to DDoS. Abor solution offers service feature, reliability, and a brand that can be trusted. From our perspective, we value it quite highly as far as its standards of security when providing DDoS services.

With respect to the competition, I think that Arbor Sightline reporting is cutting-edge. It is significantly more robust than what the other competitors have, such as, Corero, Radware, and Voxility.

When it comes to the other suppliers, like Corero, Voxility, and Radware, they have automatic mitigation. This will auto-tune to attack changes. With Arbor DDoS, it needs manual intervention. To be fair, I am not sure if that is just our implementation, but that is our understanding for now. 

Another point is how to handle HTTPS encrypted traffic. On that front, there are some options from other vendors to handle HTTPS without the need to install the certificate, where Arbor might need to do some further development there.

With other vendors, you might need third-party software for NetFlow or reporting. In my experience, this is what differentiates Arbor DDoS from the rest.

We compared it with others actors in antiDDOS domain, such as Nokia Deepfield and others. There are some differences, but generally, the logic is the same.

Arbor Networks, vendor of the solution, has been in DDoS visibility protection for more than ten years, which affected our decision to go with it. We assessed the company's stability (acquired by Netscout), which was part of the decision.

I will periodically talk with other vendors, just to make sure Arbor is really the best solution for us.

Several solutions were tested, then we chose Arbor DDoS.

We evaluated several solutions, like NSFOCUS, three months ago, and decided to continue to go with Arbor. Another solution was similar to Arbor because they have a very sophisticated mitigation system. However, they still don't have a system that can analyze traffic by BGP, and their solution was to integrate with Arbor. We decided not to do that. 

Arbor is the solution for telecom services on the market.

Arbor is still the leader versus many vendors and products, which is why we decided to integrate with the Arbor solution for another three years. The solution has met our requirements.

I have evaluated other solutions in a demo environment. 

Radware is the leading DDoS solution right now and a strong competitor. I found that its graphical interface is complex and hard to handle. It takes time to configure properly, is hard to read, and is poor for reporting. 

I've only used the Arbor solution, so I haven't had any hands-on exposure to other technologies. But from the bit that I've read, and based on the ratings of the other solutions, nothing compares closed to what Arbor anti-DDoS offers. I've tried to compare it with the F5 Silverline solution, but the way that solution does threat mitigation is not as advanced or as comprehensive as what Arbor does.

We are evaluating other options. We may apply one if we find an appropriate solution. As I mentioned before, Arbor DDoS prices are too high, it's very expensive. It would be better to have more than one vendor in our infrastructure, because there is no competition when you have one vendor or one solution.

We did look at competitors but I don't remember which ones now.

Actually there is a different planning team which takes care of the projects, so I don't know if they were considering any other vendor or not, but right now Arbor is the first choice and we are working with it.

Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment. So, Arbor is very helpful to have inside of the most recent attacks and their backgrounds.

This is the first enterprise anti-DDoS product that we acquired. It later became Imperva.

At that time (2008-09), when we checked the other options, there was not even a single product vendor that had the ability to do both network traffic analysis and DDoS traffic cleansing.

There were other proposals such as Radware and Cisco Guard for DDOS protection.

Not applicable.

I did not evaluate other options.

Yes. Checkpoint.