We just raised a $30M Series A: Read our story

Arbor DDoS OverviewUNIXBusinessApplication

Arbor DDoS is #1 ranked solution in top Distributed Denial of Service (DDOS) Protection tools. IT Central Station users give Arbor DDoS an average rating of 8 out of 10. Arbor DDoS is most commonly compared to Radware DefensePro:Arbor DDoS vs Radware DefensePro. Arbor DDoS is popular among the large enterprise segment, accounting for 46% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 33% of all views.
What is Arbor DDoS?

Arbor Networks, the security division of NETSCOUT, is driven to protect the infrastructure and ecosystem of the internet. It is the principle upon which we were founded in 2000; and remains the common thread that runs through all that we do today. Arbor’s approach is rooted in the study of network traffic. Arbor’s suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through our ATLAS infrastructure. Sourced from more than 300 service provider customers, ATLAS delivers intelligence based on insight into approximately 1/3 of global internet traffic. Supported by Arbor’s Security Engineering & Response Team (ASERT), smart workflows and rich user context, Arbor’s network insights help customers see, understand and solve the most complex and consequential security challenges facing their organizations.

Arbor DDoS was previously known as Arbor Networks SP, Arbor Networks TMS, Arbor Cloud for ENT.

Arbor DDoS Buyer's Guide

Download the Arbor DDoS Buyer's Guide including reviews and more. Updated: November 2021

Arbor DDoS Customers

Xtel Communications

Arbor DDoS Video

Pricing Advice

What users are saying about Arbor DDoS pricing:
  • "Arbor is striking a good balance between pricing and what they deliver."
  • "There is room for improvement with the pricing. It is an expensive solution. The issue with the pricing is more the way it is built. Right now we're paying per router, and there's a limitation there. I would like to see bundle-pricing where there is an overall solution cost."
  • "The solution is a bit costly if you're a small organization, but I think it's worth the price that they are charging."
  • "We do not use the Arbor Cloud DDoS solution because it is too costly."
  • "You need to find a way to get a good offering from Arbor by negotiating a price. That is the challenge."
  • "Arbor DDoS is quite expensive, but all these solutions are expensive because they deal with confidential information."

Arbor DDoS Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Roman Lara
Sr. Security Engineer at Rackspace
Real User
Top 20
With automatic flow specs we're able to drop that traffic before it even enters into our network

Pros and Cons

  • "We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs..."
  • "I would also like more visibility into their bad actor feeds, their fingerprint feeds. We try to be good stewards of the internet, so if there are attacks, or bad actors within our networks, if there were an easier way for us to find them, we could stop them from doing their malicious activity, and at the same time save money."

What is our primary use case?

We're a hosting company and, in this industry, it's inevitable that you're going to be attacked. We originally purchased the product back in early 2000 for the SQL monitoring. Over the years, DDoS has become a nuisance for other companies we're hosting as well. We had originally purchased it just for internal use, and to predict our own internal infrastructure. But we found an avenue to offer it to our customers as well. It has just grown from there.

It's on-prem to protect our own infrastructure, as well as in the product that we sell to our customers to protect their services. We have a hybrid as well, as we use Arbor Cloud to protect our company's major assets if needed, as a type of over-capacity swing-over.

How has it helped my organization?

In terms of the visibility it provides into traffic to the application layer with the Sightline with Sentinel product, it's really good for what it's getting. If you're sampling traffic at the network edge, you don't get the grand scope that you would if you were seeing every single packet. But you're also getting a wide view of information, and at my level, working on the backbone, I need to see the grand scheme of things. If one customer is being scanned or penetrated in one way, it's not as important to me on the network layer as it is to somebody further down the stack. But if I'm seeing all the different scans coming in at a network layer, or bad actors that we have already identified as trying to hit our infrastructure, then that gives me a better idea of what's going on in my network, which is extremely important to me at that point. I can rally the troops to where I need them at that time.

We've gotten to the point where we have worked with this for so long that the protection provided by Sightline with Sentinel, across the different layers of our architecture from the network to the application, is automatic for us. There are very few adjustments that we need to do for customers, even with the wide range of customers that we have. We've been able to configure and to templatize different aspects of the system to fit about 80 percent of our customers, without having to go in there and fine tune. And now, with the addition of the passive protection, we're able to go in and tune a template further, so that it matches the customer even better with what we're doing.

Another way it helps the way our organization functions is because it does have a GUI. I'm able to present information and walk different parts of our leadership through different aspects of attacks, and how we're blocking them. One of the biggest examples of that was my ability to show them, by deploying flow specs, how much traffic I was dropping at the network edge, compared to how much traffic was actually coming into our networks. I showed them how it was saving us from having to upgrade capacity within the data center. It's been our backbone to different aspects of our environment.

In addition, other security groups that may not be at the network level, have the ability to go in and pull NetFlow from Arbor, and start looking for defined signatures of known bad actors out there or known signatures of tools that they may have. 

We're averaging about 1,900 attacks a day. And we're only looking at attacks that could affect our infrastructure. We don't offer this service to everybody within our data centers. Arbor was deployed to protect the infrastructure. There are still a lot of attacks that are getting through that we're not really worried about. We're only looking at the larger types of attacks and engaging them more.

And because this is pretty much automated, we are able to catch attacks now within five to 30 seconds. And in the world of hosting, every single millisecond counts. We offer 99 percent uptime. Without Arbor, we'd probably be around 75 to 80 percent uptime. Attacks are cheap nowadays. People can create a lot of bandwidth for a couple of dollars.

Arbor DDoS also consolidates visibility and the actions we need to take, at the backbone level. Because we have 10 data centers spread out across the globe, and more coming in the future, it gives us better visibility not only into bad actors and traffic coming in, but also the ability to see how traffic is moving from one data center to another. Peer evaluation helps us to see if a peer at a given location is a better use than at another location. Also, point-to-point, from data center to data center, for VPN services that we offer, it has opened up a lot of different aspects of traffic analysis that we weren't really utilizing. Now, we're able to see where we need to adjust our bandwidth, and save money, and other places where we need to raise bandwidth before it costs us money.

It's also helped us get a better idea for future capacity planning, not only for current data centers, but data centers that are going to be in different regions where our company is located. 

And the biggest benefit, for us as A company, are savings from peer evaluations; seeing where we can better utilize the relationship with different providers and if there is the potential for mutual benefit across multiple data centers, globally.

What is most valuable?

I'm a network engineer by trade. We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs, as we get charged for outbound traffic. But the biggest use right now is for DDoS.

I like Arbor's hybrid approach to DDoS protection. It's a really good setup. We have the on-premise devices and we can monitor and protect our own infrastructure and that gives us a good handle on that traffic. Since we offer it as a service to our customers, those customers really don't want their traffic leaving the data center. Since we're global, when we get to Europe, there are places where that's not possible. So having a hybrid approach, and especially now with the new features that they're installing, we can kick up to Arbor, if needed, to protect our infrastructure and still have visibility within our own deployment to see how traffic looks without having to go to the third-party portal to log in and see traffic.

Its ability to incorporate DDoS with visibility and protection from the network layer up to the application layer, through the use of the Smart Data feature, works really well. You get a lot more visibility than you would with just NetFlow, especially when we get into the situations where we're in the DDoS and seeing every single package that's coming through. In that situation, a wider scope of information is available not only to us but to other security teams as well. We coordinate with our other security teams, further down the stack, and are able to mitigate at different levels using the information that we're pulling from Arbor. We call it the "security onion." We mitigate at different layers.

What needs improvement?

Their RESTful API is still a work-in-progress. They're pushing out different versions of the API with each code upgrade.

I would also like more visibility into their bad actor feeds, their fingerprint feeds. We try to be good stewards of the internet, so if there are attacks, or bad actors within our networks, if there were an easier way for us to find them, we could stop them from doing their malicious activity, and at the same time save money.

For how long have I used the solution?

The company has been using Arbor DDoS for 20 years now. I have been using it for 11 years.

What do I think about the stability of the solution?

The overall stability is great. In the 11 years that I've worked with it, I've had to replace three devices because of an issue with the actual hardware or software. And in my line of business, that's beyond awesome. We have replaced more backbone devices in that time, in one data center, than Arbor devices.

What do I think about the scalability of the solution?

Scalability is great, at least at the hosting level. Tier-1s may have bigger issues with scalability as far as actual filtering devices go. But they've gone to virtual machines now as well, where they're able to deploy these virtual devices in a way that they couldn't with hardware devices, and at a better cost.

If we can find another use for increasing visibility, we're always glad to help. One of the things that we've found in the past, from security incidents, was that different groups were seeing different issues at different times and nobody knew about it until everybody together came afterwards to discuss the problems or the issues that happened. So we're coordinating with other departments within our organization, not only to provide our feeds, but other feeds from other security tools.

How are customer service and technical support?

Their technical support is excellent. One of the biggest things about Arbor is their knowledge. We're usually about a step behind when it comes to their code — that's just engineering caution — so by the time we run into an issue, they have already seen it, most of the time, and are able to fix the issue for us before it becomes a bigger issue. There have been times when they practically contact us about possible patching that we may need, just to circumvent any future problems.

I'm in a position where I've been affiliated with Arbor for such a long time, that I know a lot of their top engineers, and any kind of features that we request are usually fast-tracked.

Which solution did I use previously and why did I switch?

We had Cisco products. We switched because the usability was just too complex. With Cisco, we were able to adjust many things, but there were way too many buttons to push, to help you out. Arbor gives you a great balance between simplicity and surgical precision that I haven't been able to find in other products.

I do test other DDoS products. And one of the things that I have found is that there's a lot of what I call "black magic" software, where you click on a button or switch and it automatically does what you want it to do, but you really have no understanding of what it's doing on the back-end. With Arbor, and being in engineering, you have a great idea of what's going on and how it's being utilized, which makes troubleshooting issues during mitigations a lot easier. If you know exactly what a countermeasure is doing, then you're able to precisely say if it's an issue with your system or if it's further down the stream on another device, a firewall or a load balancer, etc.

How was the initial setup?

The setup depends on the network, but from start to finish, they're really good at helping you set this up. Their sales engineers are very hands-on people. It's pretty much straightforward for a mid-level engineer to set up, without any real help.

We redeploy new hardware every five years, and we can redeploy 48 devices within three days with no network interruption. And we can deploy a single data center for DDoS within four hours, max.

We have a standard implementation strategy. We have them on standby. We have them deliver all their devices with any code that we're going to be upgrading to or running. For the most part, they will stage any type of code or patches that we may need. From there, it's pretty much unplug it and plug it back in.

We have a team of three for deployment. At any given time, one way or another, I would say close to 150 people are using it. Their roles include peer coordinators. We also have our design and build engineers looking at capacity. There are people on my team that deal with nothing but DDoS attacks. I have network operations dealing with network visibility. I have internal SOCs that are looking for any kind of malware or bad actors trying to invade our corporate network. We also have our customer SOC desk looking at the internal data center backbone for customers.

What was our ROI?

We have definitely seen ROI. DDoS is something that was not supposed to stay around, but it has been around for quite a long time now. If you're going to be in the internet business, the chances of your being attacked are great. We've been able to incorporate it into our service where it pays for itself very quickly.

Our deployment can pay for itself within a year, and we're protecting close to $80 million of monthly revenue of customers that are using the service. 

And that's just a portion of what it's being used for. The capacity planning and being able to block outbound DoS attacks, saving us bandwidth, adds up as well. The last metrics we had there, we were sitting at close to $375,000 per data center by reducing outbound attacks. That also makes our facility less attractive to bad actors to use as a jumping off point or as a reflection point.

What's my experience with pricing, setup cost, and licensing?

You pay for what you get. Like any other consumer product, there are things out there that are extremely cheaper than Arbor, but you're also not going to get the type of information that you do with Arbor. And there are some other companies out there that are a little pricier than Arbor, that are not going to mitigate and give you the type of information that you want. Arbor is striking a good balance between pricing and what they deliver.

In  terms of costs in addition to their standard licensing fees, it depends. There are other feeds that you can subscribe to. There are different services that they're starting to bundle up with NETSCOUT, that you'll be able to subscribe to. There are some feeds on proactive alerting. Because they have such a big visibility into the global internet network, they're able to see botnets discussing or targeting potential customers of yours, and they can actually make you aware of such. They have different feeds that they get from their security team that help you mitigate DoS attacks without any kind of intrusion on your part. You don't have to make any kind of adjustment to countermeasure. These are pre-configured signatures that they see in the wild and that feed is delivered straight to your mitigation device and can mitigate DoS attacks that common users wouldn't be able to do by themselves. That is great for those who are first taking on the product and getting into taking on DDoS attacks.

Which other solutions did I evaluate?

We've looked at Radware among others. Some of the other ones are really GUI-heavy. They have pretty pictures and you can click around, but that's the extent of what you can do. You can't go in and fine tune some of these systems. They're either very network-mitigation-type heavy, or they're more on the application. They're not a really good balance of both, which I've been able to find with Arbor. Another thing I have found is that a lot of these competitors have feeds. And once you start diving into their feeds and seeing where their sources are, a lot of them have Arbor as one of their feeds.

One of the reasons that we stay with Arbor is its evolution to meet growing concerns around DDoS attacks. My job is to find the best product out there to protect our infrastructure. I've looked for years and years, and continue to look, and Arbor has been able to give us the best results overall, as well as the best equipment, with the least number of headaches. We get a great bang for our buck. Requests that we put in for features are met with either a great explanation of why they can't fit it in, or are deployed months after we've requested them. Arbor's biggest feature is not their equipment, rather it's their knowledge, because they get such great visibility into the global network. They're able to see things that are months ahead of hitting the rest of the industry and are usually one step ahead of what's about to hit.

The new feature that stands out compared to their competition is their automatic flow specs. Flow specs are nothing more than dynamic ACLs on the network edge, using PGP. What this does is it surgically reduces the amount of capacity we need to use from their TMS (threat mitigation system) and now use the network edges, the routers, to drop the traffic that's not wanted. There are a lot of what we call "dumb attacks," reflection amplification attacks, that can decimate a data center. With flow specs, we're able to drop that traffic before it even enters into our network. That's exactly what you want. You want to be able to stop and drop traffic further up the stack, as much as possible.

Another feature that they're working on, that I'm excited to see, is the ability to share these flow specs, these rules, with your provider. So if we have an attack, and we have AT&T or another of the big Tier-1s, we can send them our rules, and they can block the traffic at their network at that time, which reduces the liability to our network as well.

They're also starting to put out reporting features. It's often hard to take what you see at the technical level and push that up to your C-level type of executives. They like pretty graphs and you can't really do that with the information from NetFlow. But using the new executive reporting makes it a lot easier for us to justify it for next year's budget. And if there are budget cuts somewhere, we can always show to our leadership how useful this deployment is, to get the additional capital or OpEx, if need be.

These features are available in competing products, but not to the extent that Arbor has in its reporting. Reporting is available in a lot of products, but the information they provide is something you have to go in and actually create. And you're limited to what you're able to create. With Arbor, and its REST API, we can now create all kinds of reports that suit the person or the audience that we're trying to get to.

There's no other competitor that I'm aware of, right now, that's working with the providers to be able to share flow specs between them. That's one of the advantages that Arbor has in working with something like 95 percent of the Tier-1 providers. Arbor has a little more insight into the bigger providers that we rely on. Other competitors have not gone to that level yet.

What other advice do I have?

Talk with their sales engineers and understand the different uses of Arbor. If you're just looking just for a pure DDoS product, there may be other solutions within Arbor that are better to use, or different feeds that may be beneficial. Maybe you're more into capacity planning or peering analysis, and there are other things in addition to those that you can do with Arbor. If you're buying it for DDoS, you still do capacity planning and peer evaluation for the same cost using the same license. But what I've found with other people that use the product is they're single-use. Some buy it for DDoS and only use it for DDoS. They don't take into account the other information that they could be pulling from it.

The sheer amount of traffic that's out there in the network is one of the biggest things I've learned from using the solution. Looking at north-south traffic, traffic coming into our data centers and out of our data centers, it's a lot higher than what we had thought we would see when we first started using Arbor. It helped us to provide an infrastructure that was future-proof. Before we started understanding the different uses of Arbor, we would upgrade our routers on the edge, only to have to upgrade two or three years later when the actual router was still viable but it just wasn't able to control or handle the capacity. Now, we're able to put devices in place that are future-proof and that reduces our costs by not having to replace those devices every so often because they ran out of bandwidth.

Another thing we found was the number of bad actors that were living within our environment. When cloud first started popping up, everybody rushed to get their own clouds up and running. What wasn't taken into account was that there was a lot of malicious traffic that was being generated by these types of environments. They gave us a better understanding of cloud computing and the security issues that we would be facing as we tried to expand that environment.

Sightline with Sentinel does not yet communicate information upstream to our service provider around attacks, so that they can stop the attack closer to the attacker. It's something that we've been working on with Arbor for many years. There are some programs out there that Arbor is working on where we can communicate with other deployments that have Arbor. From the engineering perspective, we're all for it, not only at my company but even at the major Tier-1s. It's when you get up to higher management that we hit the roadblocks. Everybody in security wants to share information, but nobody wants to say anything either.

More and more people are coming around to the idea that they need some type of DDoS protection as part of their security posture. We tell customers that there's no one silver bullet out there that's going to do it all. Arbor does a great job of mitigating DoS attacks but we don't want to do all the blocking with Arbor devices, so further down the stack you want load balancers and firewalls to help you out.

The fact that Arbor has been in DDoS visibility and protection for more than 10 years definitely affects our confidence in it. I've been with other providers that use Arbor as well and that's one of the things that is always brought up, the confidence level. Deploying this on my network and the visibility it's going to give me is hands-down better, compared to an up and coming cheaper product that may claim to have better abilities to mitigate DDoS attacks. But they don't have the visibility that you really need. That's the key asset that Arbor has because they've been in the business for so long and have these great relationships with these big Tier-1 providers. They're not only able to provide the necessary equipment but, more importantly, the knowledge that comes with it. At the root of things, all DDoS vendors basically do the same thing, they drop traffic. It's the knowledge of what type of traffic to drop that is extremely important, to me and others who are in the same business. When you have visibility into one-third of the global internet, you have great visibility into what's going to happen in the future as well.

I would give Arbor DDoS a nine out of 10. There's always room for improvement. With DDoS products, there's always an evolving merry-go-round of different attacks. For me, giving it a 10 would be that silver bullet where it is going to handle all your attacks. Arbor will be straightforward with you and let you know that it's not that silver bullet and that there are times when its system is not the best system for the use that you have. One of the downfalls, at least on our site, has been that its visibility into the application layer in the monitoring mode is not the best, and that's because it's sampling traffic. Once it's in a mitigation and seeing packet-for-packet, it's devastating to see the amount of information you can pull. That's why we've gone ahead and implemented different Arbor devices lower down, closer to the application, to give us even more visibility.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
TP
Assistant General Manager at a comms service provider with 1,001-5,000 employees
Real User
Top 5Leaderboard
The Cloud subscription makes the scalability limitless and you secure yourself for anything beyond your current mitigation capacity

Pros and Cons

  • "We have taken on the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available."
  • "There is always room for improvement for any product or service. If we can bring in more agility when deploying services, that is definitely a scope which we can work towards. Nowadays, everything is being offered as a service model. It is not that we have to deploy the physical hardware, many things move up to the cloud, or even can be delivered in the VNS form in the customer's environment as well. So, in that space, if we can add more features to make it more seamless for customers to use and make it available through some marketplace, not only at the hyperscalers, but also for any on-prem deployment, that definitely would be a big plus."

What is our primary use case?

We are a telecom service provider. We provide services to our enterprise customers in India and compliment these services with security layer as a part of our security services.

Being a part of the solution design team, I have been interacting with customers and creating solutions for them to fulfill their requirements. One of the products that we have in our offerings portfolio is around security, which is complimenting our connectivity portfolio. We provide this from Arbor platform, which we have deployed in our network. We have taken the hybrid model from Arbor, and there was a physical installation done in two of the gateways of the country. If the mitigation capacity goes beyond the subscribed boxes, then the Arbor Cloud subscription usage hits and mitigation would be done accordingly.

We have deployed Arbor platform and for our customers, we offer it as a managed service from our network. There are also customers looking for on-premise deployment. 

We are using Arbor's hybrid approach for our overall product build. We have on-premise deployment, however, beyond that we have taken the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available.

How has it helped my organization?

We use Arbor platform to provide DDoS services for our customers. We provide a clean pipeline solution to our customers. We have seen a tremendous response from many customer segments, particularly during the certain period, which is the time period when our customers expect a lot of traffic volumes coming through to their servers. This is where these DDoS services are being requested by the customer. Predominantly, it is DDoS that we offer to our customers, and mostly customers also want protection from the volumetric attacks, but there are certainly cases where application layer attacks are also looked at being mitigated by customers. In more than 75 percent of the cases, it is a volumetric attack protection that customers are looking for.

We have a vast connectivity portfolio and the Arbor solution complements that. In addition to that, it is also helping us to understand where challenges are coming from, so we can do the mitigation in our own network. We can plan our investments accordingly and help to make the network more secure and robust for ourselves as well as our customers.

Recently we have faced unprecedented times when people overnight started to operate from their homes. At that time, many applications for most enterprise customers were exposed to the open Internet by allowing remote working, from homes or anywhere, and the users were given access to the applications over the open Internet. That posed a serious threat to attacks. At the same time, that provided a lot of opportunities for security companies. When we look at the way in which applications are being consumed by end users, security becomes very paramount, because it's not only making the application available to end users, but it is also making it available in a more secure manner.

The moment that we open up these applications to open Internet, we increase the attack surface for the infrastructure/application, and that is where security becomes very critical. We have seen high adoption of security as a service for our customers, because no one wants to invest on day one in the security infrastructure equipment. This is for obvious reasons: 

  1. No budgets being accounted for this
  2. Even if budgets are accounted, it becomes practically impossible to deploy such solutions in such short time frame 

What we have seen is there has been a huge demand from our customers in providing these security services as managed services where the service can be enabled within a short time span. Going forward, I will still see these demands from the market, from across all customers be it large or small, and we plan to provide these services as a managed service on pay-as-you-go model.

What is most valuable?

We are living in a world that is changing at a very fast pace. We have to match the pace of  the world, not only from network security per se, but also from the point of view of the security at a larger level. We are not just protecting the safety of the customer, but protecting the application as such. That is where the real threat comes from, and the challenge is being thrown to all the providers and OEMs to keep our feature set updated and adding to features for minimal costs.

What needs improvement?

There is always room for improvement for any product or service. If we can bring in more agility when deploying services, that is definitely a scope which we can work towards. Nowadays, everything is being offered as a service model. It is not that we have to deploy the physical hardware, many things move up to the cloud, or even can be delivered as a VNF in the customer's environment as well. So, in that space, if we can add more features to make it more seamless for customers to use and make it available through some marketplace, not only at the hyperscalers, but also for any on-prem deployment, that definitely would be a big plus. 

If we could decouple the hardware and software, making it more easily available for the customers with the exact robustness of the functionality, then that would be beneficial. At the same time, it would bring in cost efficiencies, which eventually is the end goal of most CXOs within an organization.

For how long have I used the solution?

The relationship with Arbor is quite old, however, from current organization per se it is around 5 years.

What do I think about the stability of the solution?

The entire deployment of the hardware that we have done so far is quite stable and robust. As of now, the dependency is more on the hardware itself, which comes along with the Arbor solution. 

What do I think about the scalability of the solution?

I am convinced with the kind of scalability Arbor brings in. The Cloud subscription, which is available as one of its features, makes the scalability limitless. This is something which makes Arbor stand out from the others, not only from the perspective of scalability, but also from the overall user experience perspective as well. It is critical to still manage within the limits of the customer and do all the mitigation that is required for them.

What was our ROI?

In the world that we are living, there are challenges everywhere at every step. We are able to run our businesses without a glitch and offer DDOS services to our customer within the SLA

Which other solutions did I evaluate?

We have evaluated Arbor against other OEMs. It is not only about the feature comparison, it is also based on what kind of skill sets are available in any enterprise and what are they more comfortable with. We are living in a world that is very heterogeneous, and we like to keep it heterogeneous in order to maintain some level of redundancy of the OEM level. This is where from a security perspective Arbor DDoS has the advantage. Customers tend to pick vendors who have a multi-level approach that can protect them from any potential attacks.

As a product/platform, Arbor is quite focused and offers quite smooth features vis-à-vis its competition. The acceptance that we see for Arbor, from the customer's perspective, is very high. Many customers prefer to go with Arbor solutions rather than any other solution when it comes to DDoS. Abor solution offers service feature, reliability, and a brand that can be trusted. From our perspective, we value it quite highly as far as its standards of security when providing DDoS services.

What other advice do I have?

It is not just about the features alone, it is about how smoothly you will be able to deploy the solution, e.g., the availability of the product and how the OEM is maintaining the relationship with its customer. There are multiple factors that need to be considered. "This is not just a one-time sale. It's about how easily the systems are available, and how well your partner is able to support you and provide lifecycle management."

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Erik Nordquist
Product Manager, MSx Security Services at TPx Communications
MSP
Top 20
Forensics enable us to look at logs, to see anomalies, and they give us information we might not have about customers

Pros and Cons

  • "It is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler."

    What is our primary use case?

    We're a managed service provider as well as an internet service provider. We use it to protect our core network from DDoS attacks, and by protecting our core network we can also protect our end customers.

    We're in the process of migrating to the newest version, currently. We use the solution in our physical environment, but we also take advantage of their cloud offering.

    How has it helped my organization?

    Previously, we were vulnerable to DDoS attacks, and large-scale attacks could potentially take down parts of our network segments. With the Arbor product, that doesn't happen anymore.

    What is most valuable?

    I love the forensics. The forensics give us the ability to look at logs and to look for anomalies and give us traffic information about customers that we might not normally have. We can also use that to assist customers in troubleshooting issues that they might be having. The forensics is what I loved the most.

    What needs improvement?

    I struggle with where the product could improve because it's pretty great the way it is.

    I would just say more granular reporting, down to our customer level, would be helpful. If we could somehow import customer information in their networks, it would be able to generate reports. It might actually be able to do that right now, and we have just never used it.

    I've dealt with other solutions where I said, "I wish it did this," but it didn't. We have tried some other solutions that do what Arbor does and I would often go back to them and say, "Well, I want it to do this," because we already have that now with the Arbor solution. I've dealt with other vendors and I don't see things that they're doing that Arbor doesn't do.

    For how long have I used the solution?

    I've been using Arbor DDoS for eight years.

    What do I think about the stability of the solution?

    It's very stable. Things do happen and we have had to open support tickets, but that touchpoint with Arbor is very low. There is not a lot of trouble that comes up with it. 

    We don't necessarily need to update the firmware versions all the time, although they are available. Sometimes we have stayed with a  version that we were on because it was stable and it was secure. I've dealt with other vendors before where there are constant problems and their solution is, "Well, there's a new firmware version. Upgrade." We don't have those kinds of problems with Arbor.

    What do I think about the scalability of the solution?

    It's easily scalable. We could add on routers if we wanted to; we could add on more devices to handle more mitigations, or go to the cloud if necessary. If there was a large scale attack, we'd just use their scrubbing centers versus ours. It's very scalable.

    It touches a relatively small part of our overall network: It touches our drain points to the internet. But it affects the entire network, which is quite complex. It's protecting our entire network. As our network expands, it can expand with us.

    How are customer service and technical support?

    The technical support is very good. We usually get answers right away. We can submit a ticket online or just give them a call and get a quick response.

    Which solution did I use previously and why did I switch?

    We didn't have a solution before Arbor, but there was a period of time where we tried another solution. We did not find that solution to be adequate.

    With Arbor, when we see DDoS attacks, it is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler.

    How was the initial setup?

    I wasn't involved in the initial setup, but I was involved, mid-stream, when we brought in the mitigation side. We are currently replacing our aged infrastructure of Arbor products with a newer version. I'm tangentially involved with that.

    The updating process is straightforward. They've done a good job of that. And the fact that we've already deployed it before means we can use the template of the previous deployment to set up the new deployment. So it is easy.

    Our implementation strategy is the same, whether for the initial setup or for the updates. We're finding where the drains are on our network and set up the monitoring for those points. Then we create the mitigation side at specific data centers so we can route traffic to those devices and mitigate the traffic.

    What was our ROI?

    We have seen ROI for sure because uptime, as a service provider, is critical and the solution helps us maintain 100 percent uptime.

    What's my experience with pricing, setup cost, and licensing?

    There is room for improvement with the pricing. It is an expensive solution. The issue with the pricing is more the way it is built. Right now we're paying per router, and there's a limitation there. I would like to see bundle-pricing where there is an overall solution cost.

    Which other solutions did I evaluate?

    I will periodically talk with other vendors, just to make sure Arbor is really the best solution for us.

    What other advice do I have?

    Work with Arbor. They have great people to help you make sure it's implemented correctly. And they also have a great training team to help you understand the solution and use it to its fullest advantages.

    The biggest thing I have learned from using the solution is seeing all the different types of denial of service attacks that are out there. I have come to understand that they will come in waves and that certain types of customers are more prone to attack than others.

    It also lets us understand traffic flows on our network, as far as the usual traffic goes. We can understand what our network looks like. What it looks like at 1:00 pm is very different then what it looks like at 3:00 am. The solution helps us understand that.

    The users of Arbor DDoS in our company are only a handful of technicians. Our NOC and some of our security people, engineers, are in there, but it protects tens of thousands of customers for us. For deployment and maintenance of this solution we require two security engineers. They maintain the system and make any configuration changes, if necessary. They handle regular maintenance, if necessary, although it's pretty minimal.

    I would rate this product as an eleven out of 10.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Manohar  Rajoria
    Sr. Manager at a energy/utilities company with 10,001+ employees
    Real User
    Top 20
    Traffic filtering is very precise: When you want to stop some traffic, you precisely stop that traffic

    Pros and Cons

    • "The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic."
    • "On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved."

    What is our primary use case?

    It is our ISP, from where we get our internet traffic. We just send it to them and if anything is suspicious or there is some malicious traffic, we talk to them about what kind of traffic it is. If some machine or some router is being attacked by a malicious user, we try to find out the source IP and why this traffic is coming to us. The Arbor solution is deployed on their premises. We just ask them to control or just stop that traffic. They do the filtration. They provide us all the required details to mitigate an attack on any particular machine.

    How has it helped my organization?

    Arbor DDoS is a quick solution when you have identified some of the originating suspicious IPs from which you are getting traffic in your network. If you have identified that some of the email gateways, or any of your web applications, or any of your routers are being attacked, it is effective. You can ask your ISP to block such queries. If the originating IPs are dynamic, it is a little bit difficult for them to identify and block the traffic, but to a certain extent you can minimize the DDoS attack impact with this solution.

    In application layer DDoS attacks, it suggests the actions that should be taken. But at the network layer, you can simply block the originating traffic IP and block the port instantly. It depends on how proactive you are and how effective your incident response team is. Once traffic has started on any of your machines, it can be very difficult to manage it, but you can minimize the impact of malicious traffic with the Arbor tool.

    What is most valuable?

    The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.

    What needs improvement?

    On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved. In today's era, attackers are also developing their skills. Daily, new threats are coming into the environment.

    For how long have I used the solution?

    I've been using Arbor DDoS for almost seven years. I am the cyber security architect in our company and we have a SOC manager. We work together as a team and we are the only two people who use it. 

    We do have a team and they instantly contact the ISP if any malicious source IP has been detected. It has been about six months since we have faced an incident in which we had to reach out to our ISP to block some traffic. We then isolated that machine later on. We instantly blocked that port and signature file. Our SOC team works on the operations part.

    What do I think about the stability of the solution?

    The stability of Arbor DDoS is excellent, whether it is hardware or software stability. Whatever rules are set up inside, it's excellently developed and it excellently manages your good and malicious traffic.

    What do I think about the scalability of the solution?

    In terms of scalability, it's also excellent. DDoS attacks are not very scalable, but compared with other tools, in terms of mitigating those non-scalable DDoS attacks, it is better. In that way, Arbor is scalable. It is very effective when it comes to mitigating or dealing with DDoS attacks.

    We have four SOCs deployed here, and my SOC has one lakh EPS (event per second) capability. It is a big network and we use the biggest telecom operator in India. We just deal enterprise and telecom traffic.

    How are customer service and technical support?

    The support is fine. The ISP team works directly with the Arbor team, so they would have a better idea about that part, but from what I know the support is excellent.

    How was the initial setup?

    We don't have the Arbor solution deployed on-premises. It's with the ISP, so I wasn't involved in the setup or the implementation.

    Which other solutions did I evaluate?

    Arbor is the most effective solution, when compared with other tools. Although I only have experience with Arbor, I have read a lot about other tools. Today, attackers are developing their skills like anything. When some of your workstation IPs are hacked, or some of your application vulnerabilities are exposed, Arbor solutions are very much effective. Although you may have very limited competency or tools to deal with today's DDoS attacks, Arbor is effective.

    Arbor is very precise as far as network layer traffic monitoring and control are concerned, but in my opinion EDR is a better solution when it comes to the application layer and DDoS. Arbor has its modules but EDR is a better solution to mitigate the application layer DDoS attack.

    What other advice do I have?

    Arbor's hybrid approach to DDoS protection is both an advantage and a disadvantage. Sometimes it is not able to filter traffic adequately because of the hybrid approach. It only takes action after a bit of time. It starts acting on malicious traffic a little bit late because of the hybrid approach. On the other hand, after seeing all the aspects, the analysis is sensible and perfect. So it depends on from which side we look at this feature.

    Network layer DDoS attacks are absolutely big. DDoS attacks cannot be mitigated instantly, it takes time. You have to be very aware of your network and about which machine an attack has reached, and what the network architecture is. All those aspects are responsible for the impact of DDoS attacks. Arbor is not absolute but, comparatively, I find it to be an effective solution.

    Overall, it's a great product. It is a very effective product in terms of dealing with DDoS attacks, whether it is network layer attacks or application layer attacks. But it is better in network layer DDoS attacks. It is among the best.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    RM
    Network Security Architecture at a financial services firm with 501-1,000 employees
    Real User
    Top 20
    Gives us visibility into what's going on with our publicly exposed services - hits; both good and bad.

    Pros and Cons

    • "The auto-mitigation, that signaling feature, where it automatically raises an alarm that a line is under attack, is important. The upstream service provider will then do something to reduce the load on our internet lines. The fact that it's automated means I don't have to sit and always be looking at threats coming through. It does it almost automatically, without any intervention by me."

      What is our primary use case?

      We are using it for application availability, for its perimeter protection against DDoS and such service-exhausting attacks. Our goal is service availability and protecting our infrastructure against reputational damage and other penalties that could be incurred as a result of outages and malicious activities.

      How has it helped my organization?

      In terms of availability, we have never suffered any service exhaustion or services unavailability. Credit goes to the solution in that we have probably suffered a number of attacks, but they were mitigated by the tech solution without any notable impact - automation. We have benefited a lot from it.

      It gives us visibility into what's going on with our externally exposed services. The better the visibility it means we are able to take better informed actions to improve our infrastructure, both inside and outside the LAN.

      And it has definitely helped us to achieve our network and application uptime requirements for our business and its external stakeholders. We have always maintained a very high service availability. Previously, the work involved was so intense to ensure we could support that availability. The uptime was the same then as it is now, almost 99.99 percent availability. But back then, threats were not as evolved and sophisticated as they are now. In the seven years we have been using the tool, we have continued with availability of services as before. But today, without the Arbor solution, I believe we would have suffered quite a number of service availability issues.

      What is most valuable?

      The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me.

      They are putting quite a good amount of effort into their research to make their products stand out from the rest.

      Day by day, the solution is actually getting smarter and more useful.

      What needs improvement?

      I haven't found anything to complain about or anything that they need to improve on.

      For how long have I used the solution?

      I have been using Arbor DDoS for close to seven years now.

      What do I think about the stability of the solution?

      It's a very well-developed tool. I'm quite impressed. I'm happy with its performance. Stability-wise, it's a good tool. Support is also very impressive.

      What do I think about the scalability of the solution?

      For my environment, there is no need for growing the platform. We currently have about 5,000 endpoints. But from what I've seen, and the way we deployed it, it looks quite scalable.

      How are customer service and technical support?

      I've used NETSCOUT's technical support a number of times. I would rate it at 8 out of 10.  They are doing well, there is always room for improvement. Their technical knowledge is on point, and their turnaround time is on point.

      Which solution did I use previously and why did I switch?

      We did not have a previous solution.

      The decision to use Arbor was based on their track record and capabilities - they stood out very well.

      How was the initial setup?

      It's not complex. If you know what you want to use the tool for, the placement, and you know what you want to protect, the setup is very straightforward. It requires minimal downtime to deploy the solution. I found it quite easy.

      Deployment took about two hours, but that time includes internal delays. From the moment you start setting it up, it takes no more than 30 minutes. The longest part, before you deploy the technology, is learning your network by monitoring it. That could take a long time, depending on the timeframe that you want to benchmark on. It could take, say, a month, just to get an idea of how your network behaves. But in terms of setting up the device, it should take an hour, tops.

      We had three people involved in the initial setup. All are network engineers.

      Post-deployment maintenance on our side consists of just the regular updates of the software. 

      What about the implementation team?

      Implementation was both inhouse and vendor supported - vendor support was great, very knowledgeable resources.

      What was our ROI?

      ROI comes from the fact that we've never suffered any outages. In the absence of Arbor, if we were to be compromised, the cost would be way more than the cost of the solution.

      What's my experience with pricing, setup cost, and licensing?

      The solution is a bit costly if you're on a tight budget, but it's worth the price that they are charging - the ROI is notable in a long run.

      Which other solutions did I evaluate?

      I've only used the Arbor solution, so I haven't had any hands-on exposure to other technologies. But from the bit that I've read, and based on the ratings of the other solutions, nothing compares closed to what Arbor anti-DDoS offers. I've tried to compare it with the F5 Silverline solution, but the way that solution does threat mitigation is not as advanced or as comprehensive as what Arbor does.

      What other advice do I have?

      My advice is "Go for it." It's a great tool. If you're concerned about the availability of your services, I highly recommend it, without any hesitation. If you regard your brand or organization as valuable, then Arbor is the tool for you.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      AS
      Engineer at a comms service provider with 10,001+ employees
      Real User
      Top 20
      Performs great at protecting our customers against attacks

      Pros and Cons

      • "There were huge attacks in October, around 62 attacks at 30 gigabits per second, at one of our banks. We used Arbor DDoS to mitigate these attacks, and it performed great."
      • "We need a SaaS model for the solution."

      What is our primary use case?

      Our business is to provide a DDoS protection solution for our customers. Our customers are banks, financial groups, etc.

      We might develop some DDoS protection services for our customers under our Internet umbrella. We detect and filter traffic using Arbor DDoS in our network. 

      We use it as a BGP or prompt, as a telecom service provider. We have SP and TMS, and that is all our architecture.

      We resell on-premise the Arbor edition and install at our customers' site, specifically the Availability Protection System (APS) system.

      How has it helped my organization?

      It protects huge attacks on our Internet system over our network. 

      We provide more granular application protection using the APS system, which is located at customer sites.

      Our concern is to provide flexibility. We decided to move to this DDoS solution. We wanted to install some local filtering service in the regions. We wanted to be able to add or remove some mitigation capacity to our regional services, which is vital for us. So, we decided to develop these new features to our DDoS service.

      Every day or month, we have found some new attack, but I don't think that is very important. It is just the evolution of attacks. We fix it and make a description, so we will be aware when some new attacks come. I think that the Arbor DDoS and APS solutions are quite enough at the moment, as they mitigate all attacks that we face.

      What is most valuable?

      The most valuable feature is the ability to work in BGP. It is not important to provide all traffic in a mitigation system every time. We have a lot of customers, and only when a proxy is detected do we use it. This has reduced the cost of our solution. 

      What needs improvement?

      We would like the ability to decrypt APS traffic.

      We need a SaaS model for the solution.

      I opened a ticket with Arbor for the ability to localize numbers of our customers in BGP sessions. This has not been resolved.

      For how long have I used the solution?

      We have been using Arbor DDoS for seven years, since 2013. 

      What do I think about the stability of the solution?

      It is quite stable. There are no major important bugs, though maybe some small ones. 

      There are around five people who maintain it 24 hours a day.

      What do I think about the scalability of the solution?

      It is quite scalable and effective. You can add new integration services quite easily. 

      There are around 60 end users/customers of this solution.

      How are customer service and technical support?

      They have good support. Tickets are resolved efficiently in time with Arbor engineers.

      How was the initial setup?

      It was quite complicated and complex to set up. 

      What about the implementation team?

      Several engineers were required to deploy it.

      What was our ROI?

      There were huge attacks in October, around 62 attacks at 30 gigabits per second, at one of our banks. We used Arbor DDoS to mitigate these attacks, and it performed great.

      What's my experience with pricing, setup cost, and licensing?

      The solution has a huge price, but we are a global company so we receive global pricing, which is why we chose Arbor. We also receive good prices for Russia.

      We also bought the Sentinel feature to use its flow spec because we needed to know how much traffic will be mitigated on our borders. We haven't used it yet, but we are planning on using it in the Spring. We found that the combination of the Sentinel feature with Arbor DDoS going forward is the most important feature.

      We do not use the Arbor Cloud DDoS solution because it is too costly. We decided to make our proprietary cloud solution designed by our company.

      Which other solutions did I evaluate?

      Several solutions were tested, then we chose Arbor DDoS.

      We evaluated several solutions, like NSFOCUS, three months ago, and decided to continue to go with Arbor. Another solution was similar to Arbor because they have a very sophisticated mitigation system. However, they still don't have a system that can analyze traffic by BGP, and their solution was to integrate with Arbor. We decided not to do that. 

      Arbor is the solution for telecom services on the market.

      Arbor is still the leader versus many vendors and products, which is why we decided to integrate with the Arbor solution for another three years. The solution has met our requirements.

      What other advice do I have?

      I would recommend using Arbor DDoS.

      We will buy the next version on virtual machines. We will buy a server separately with the on-premise solution, then install it on our servers where it would be virtual.

      We have been thinking about creating our own DDoS solution using firewalls from other vendors.

      We are looking to buy two distributed servers this year that we will need to test locally.

      I would rate this solution as an eight (out of 10). Arbor DDoS is a stable solution that fulfills our requirements for DDoS protection services.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      WF
      Manager IP Core and Transmission Networks at GO PLC
      Real User
      Top 5Leaderboard
      You can be in a better position to mitigate and find alternatives when there is an attack

      Pros and Cons

        • "When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives."

        What is our primary use case?

        My company is a quad-play operator service provider in Malta. We use it for our own internal infrastructure and clients, where we use both always-on and on-demand.

        Our partner has an in-house deployment and can upload it to the cloud as well. This helps to minimize the costs. With in-house deployment, the cost will increase significantly. So, this hybrid approach is advantageous.

        How has it helped my organization?

        When there was an attack, the attack was contained only on the IPs under attack. The rest of the network was not impacted, and that is the most important part.

        The solution has helped consolidate visibility and the actions that we have needed to take. Based on the reports which can be generated, one can be in a better position to mitigate and find alternatives when there is an attack. At the same time, we can limit impact on both the attacked IP ranges and customers as well as other services.

        Arbor DDoS has helped us achieve our network and application uptime requirements. Uptime has improved.

        What is most valuable?

        Arbor provides a full solution. They provide: 

        • The possibility of alarm triggering based on flow packets. 
        • Always-on and on-demand
        • Implementation of BGP Flowspec. 
        • Implementation with their cloud system.
        • Good reporting. 

        What needs improvement?

        When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives.

        For how long have I used the solution?

        I have been using it for more than 10 years now. The solution has changed names over the years. The Arbor suite has evolved a bit over the years, so now we are using Sightline. In the past, it was called Peakflow.

        What do I think about the stability of the solution?

        It is quite stable.

        What do I think about the scalability of the solution?

        The scalability needs to handle going horizontally, apart from the cloud, rather than replacing boxes.

        Initially, the solution was not that mature. It has evolved and scaled better over the years.

        Being a service provider on a small island, our environment is small in scale. Our network is small compared to other operators. We have 20 users internally: our NOC, IP team, and commercial team.

        How was the initial setup?

        It took three months once our agreement was done.

        What about the implementation team?

        Our partner implemented and maintains the system. We use the system to activate mitigation, generate reports, and do some changes. It is self-service, so we are empowered to manage the system.

        We rely on third-party deployment. From this third-party and how they interconnect with us, there will always be some tweaking in relation to understanding which links to use and how to avoid possible loops. 

        We are also looking to implement BGP Flowspec, which is not yet available because we are not exactly interfacing directly with the Arbor platform, but via separate routers that we interface.

        What was our ROI?

        When it comes to DDoS, we are saving by not losing money or clients. Like any insurance, you cannot really quantify it, but you need to have it.

        Attacks are getting bigger and bigger. The cost to have proper DDoS mitigation is once a year insurance. It is getting too large to be sustainable. This is not just related to Arbor. DDoS mitigation is more expensive every year.

        What's my experience with pricing, setup cost, and licensing?

        You need to find a way to get a good offering from Arbor by negotiating a price. That is the challenge. 

        See if it is possible to scale using the cloud service.

        Which other solutions did I evaluate?

        With respect to the competition, I think that Arbor Sightline reporting is cutting-edge. It is significantly more robust than what the other competitors have, such as, Corero, Radware, and Voxility.

        When it comes to the other suppliers, like Corero, Voxility, and Radware, they have automatic mitigation. This will auto-tune to attack changes. With Arbor DDoS, it needs manual intervention. To be fair, I am not sure if that is just our implementation, but that is our understanding for now. 

        Another point is how to handle HTTPS encrypted traffic. On that front, there are some options from other vendors to handle HTTPS without the need to install the certificate, where Arbor might need to do some further development there.

        With other vendors, you might need third-party software for NetFlow or reporting. In my experience, this is what differentiates Arbor DDoS from the rest.

        What other advice do I have?

        Overall, I would rate this solution as an eight (out of 10), the reporting as a 10 (out of 10), and the mitigation as a five to eight (out of 10).

        Which deployment model are you using for this solution?

        Hybrid Cloud
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PL
        Traffic Management skill center at a comms service provider with 10,001+ employees
        Real User
        Top 20
        A good tool for threat detection and mitigation, but implementation could be more open

        Pros and Cons

        • "I like all the features together as a whole."
        • "Implementation could be better."

        What is our primary use case?

        As an operator, we use Arbor antiDDoS system to protect our backbone, protecting the network and our assets like DNS.I'm involved in the validation and testing of the solution. 

        The solution is installed in our lab, with a simulated full network. We can send some regular traffic as well as DDOS traffic, using some testing tools like IXIA system and opensource tools. 

        For testing, we simulate some regular traffic, as background traffic, and we added some attacks on the network with attack tools. We can monitor what's sent to the network, and we can monitor what's received by the victim. In this case, we can assess which part of the attack was stopped by the system.

        Arbor DDoS helps consolidate visibility on traffic and on DDOS attacks attempts. It can perform direct mitigation action on the network, which is important. It has also helped us achieve our network and application uptime goals.

        What is most valuable?

        I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.

        What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.

        What needs improvement?

        I think Arbor DDoS should be more open to other systems, in the sense of coordination between mitigation centers, like for example the capacity to ask the upstream transit provider for mitigation.

        Netscout's Arbor allows it, but between Arbor systems only. It should be more open to Third party systems, that's what I mean by "openness" : evolution from Netscout signaling protocol to standardized DOTS protocol (DDOS Open Threat Signaling)

        Implementation could also be improved regarding distribution of mitigation directly on network elements.

        For how long have I used the solution?

        I've been using Arbor DDoS for testing for about a year.

        What do I think about the stability of the solution?

        Arbor DDoS is stable and robust, as seen during testing phase and with feedback from the field.

        According to the operational team, there are few tickets open on the Netscout/Arbor site, but I don't have a precise figure, as I'm only involved in testing phase.

        What do I think about the scalability of the solution?

        Arbor DDoS is scalable, both horizontally and vertically. It has good visibility making things quite obvious. There are some price issues with scalability, but technically speaking, the solution is fully scalable.

        How are customer service and technical support?

        Technical support was knowledgeable and responsive.

        How was the initial setup?

        The initial setup is quite complex. It isn't easy to do the configuration, but it's okay once it's done. Arbor's implementation strategy was to monitor first and provide all the configuration or the correct profiling for this system after it's considered safe.

        What about the implementation team?

        NETSCOUT's team deployed our solution.

        What's my experience with pricing, setup cost, and licensing?

        Arbor DDoS is quite expensive, especially for the TMS mitigation part

        Which other solutions did I evaluate?

        We compared it with others actors in antiDDOS domain, such as Nokia Deepfield and others. There are some differences, but generally, the logic is the same.

        Arbor Networks, vendor of the solution, has been in DDoS visibility protection for more than ten years, which affected our decision to go with it. We assessed the company's stability (acquired by Netscout), which was part of the decision.

        What other advice do I have?

        I would advise potential users to try the NETSCOUT Arbor DDoS system but also to check on other solutions.

        On a scale from one to ten, I would give Arbor DDoS a seven.

        Which deployment model are you using for this solution?

        On-premises
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Buyer's Guide
        Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.