Arbor DDoS Valuable Features

Roman Lara
Sr. Security Engineer at Rackspace
I'm a network engineer by trade. We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs, as we get charged for outbound traffic. But the biggest use right now is for DDoS. I like Arbor's hybrid approach to DDoS protection. It's a really good setup. We have the on-premise devices and we can monitor and protect our own infrastructure and that gives us a good handle on that traffic. Since we offer it as a service to our customers, those customers really don't want their traffic leaving the data center. Since we're global, when we get to Europe, there are places where that's not possible. So having a hybrid approach, and especially now with the new features that they're installing, we can kick up to Arbor, if needed, to protect our infrastructure and still have visibility within our own deployment to see how traffic looks without having to go to the third-party portal to log in and see traffic. Its ability to incorporate DDoS with visibility and protection from the network layer up to the application layer, through the use of the Smart Data feature, works really well. You get a lot more visibility than you would with just NetFlow, especially when we get into the situations where we're in the DDoS and seeing every single package that's coming through. In that situation, a wider scope of information is available not only to us but to other security teams as well. We coordinate with our other security teams, further down the stack, and are able to mitigate at different levels using the information that we're pulling from Arbor. We call it the "security onion." We mitigate at different layers. View full review »
Network Security Architecture at a financial services firm with 501-1,000 employees
The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me. They are putting quite a good amount of effort into their research to make their products stand out from the rest. Day by day, the solution is actually getting smarter and more useful. View full review »
Technical Lead - DEVSECOPS with 1,001-5,000 employees
We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly. Many times an attack is with hundreds of GBs on our devices. We're able to filter that out. Also, it is able to find new, different IPs. Arbor keeps them for one or two days, but it will release them after some time. That enables us to blacklist them permanently so that we don't get that IP's traffic. It also denies fragmented packets. View full review »
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.
Steve Puluka
Network Architect at DQE Communications
The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports. Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends. Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes. View full review »
Information Security Analyst at a financial services firm with 1,001-5,000 employees
In the GUI, the packet capture is a very good option, as is the option to block an IP address. These help in analyzing traffic and blocking unwanted IP addresses as a preliminary troubleshooting step. Also, they have a customer program where, if we find a blacklisted or bad-reputation IP, we can submit it to Arbor directly. View full review »
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.