Arbor DDoS Overview

What is Arbor DDoS?

Arbor Networks, the security division of NETSCOUT, is driven to protect the infrastructure and ecosystem of the internet. It is the principle upon which we were founded in 2000; and remains the common thread that runs through all that we do today. Arbor’s approach is rooted in the study of network traffic. Arbor’s suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through our ATLAS infrastructure. Sourced from more than 300 service provider customers, ATLAS delivers intelligence based on insight into approximately 1/3 of global internet traffic. Supported by Arbor’s Security Engineering & Response Team (ASERT), smart workflows and rich user context, Arbor’s network insights help customers see, understand and solve the most complex and consequential security challenges facing their organizations.

Arbor DDoS is also known as Arbor Networks SP, Arbor Networks TMS, Arbor Cloud for ENT.

Arbor DDoS Buyer's Guide

Download the Arbor DDoS Buyer's Guide including reviews and more. Updated: April 2021

Arbor DDoS Customers

Xtel Communications

Arbor DDoS Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
HR
SnrProjEng081
Senior Project Engineer at a tech services company with 10,001+ employees
Real User
Jan 1, 2019
We're able to block traffic before it gets to the firewall, but alerts on the main page can't be cleared when resolved

What is our primary use case?

We have captured a profile for every production group which has a server-type configuration. We also enable signaling. If there is a huge amount of traffic, it will indicate that to us. Accordingly, we will inform them to take action or whatever. We will determine whether it is legitimate or not based on the requirements. There is a given bandwidth for any organization, an expected amount of traffic at a given point of time. If it sees more than the traffic which we are expecting at a given point of time, it could be an anomaly. We will then check internally whether a download or upload is… more »

Pros and Cons

  • "It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken."
  • "On the main page there are alerts that we are unable to clear, even though the issue has been resolved."

What other advice do I have?

We have seven people who directly access Arbor DDoS, mostly project engineers.
VJ
Vikas Jain
Engineer at RailTel Corporation of India Ltd
Real User
Dec 30, 2018
I like the IP location policy to control traffic based on geolocation.

What is our primary use case?

Mitigating network level volumetric attacks, complete network visibility and complete control on applying countermeasures.

What is most valuable?

DDoS amplification Flow specs Blackhole mitigation, and IP location policy to control traffic based on geolocation.

What needs improvement?

Cloud signaling integration with third-party DDoS solution provider. Currently, it supports only its DDoS APS box.

For how long have I used the solution?

One to three years.
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
475,705 professionals have used our research since 2012.
TabbrezBalbbale
Security Advisor at a comms service provider with 10,001+ employees
Real User
Top 20
Dec 27, 2018
Key features include Web 2.0 interactive attack alerting and traffic visualization

What is our primary use case?

We use these products because of the increase in frequency and sophistication of Denial of Service and Distributed Denial of Service attacks. As a service provider, we need to control and mitigate these attacks.

Pros and Cons

  • "Valuable features include simple and centralized management of user access and capabilities, as well as Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control."
  • "The following areas need improvement: opening and tracking support tickets, online support resources, software upgrades/updates and replacement media, and event management guidelines."

What other advice do I have?

It's an excellent product DDoS protection against attacks. We have more than 7,000 users at all levels of access.
Usman Khan
Team Lead for DDoS Protection at a comms service provider with 10,001+ employees
Real User
Dec 26, 2018
Our customers can check how many attacks they have faced and how many have been blocked

What is our primary use case?

We use it to protect websites, usually. But it's hosted in our network, our infrastructure, and the company websites as well. We are an ISP company and we provide internet services and other services to companies, like banks, etc. Part of our services is DDoS protection.

Pros and Cons

  • "Our customers are very happy when we provide them with the interface... They can check how many attacks they have faced and how many attacks have been blocked."
  • "Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful."

What other advice do I have?

Go for it. It's one of the best solutions you can get for DDoS. It doesn't matter what services you're going to use. As long as you have the whole solution, the TMS and everything in-house, it's the best solution. We have a team of 12 to deploy and monitor the solution; we have three shifts running around the clock. They monitor the system alerts. They monitor the websites using the controls that we have to protect the clients. If one of them catches an attack, there is a high-alert flag and we focus on the attack to see if it has been mitigated or not. If it needs anything, if it needs some…
AbuFaizal
Security Consultant at a tech services company with 10,001+ employees
Consultant
Dec 26, 2018
We're able to develop threshold values for clients' servers to help flag suspicious traffic

What is our primary use case?

Our primary use case is developing threshold values for all groups. We use it to analyze packets to build a use-case for when a server group hits the limit of incoming traffic. In such a case we suspect traffic. We use it to build use-case scenarios, based on the server input and a client's requirements. Some clients have a number of users accessing a given server which affects the bandwidth. In each case, we need to tell DDoS what is considered legitimate traffic.

Pros and Cons

  • "There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds."
  • "Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning."

What other advice do I have?

Implementation is very easy but making the product work optimally is more difficult. It's the best product. I would rate it at eight out of ten. There are some minor issues with blocking legitimate traffic and that's why it's not a ten.
SR
ManagerI46d2
Manager IP Services at a tech company with 10,001+ employees
Real User
Dec 26, 2018
Has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment.

What is our primary use case?

I was working in the ISP environment and the Arbor DDoS solution is integrated in there.

Pros and Cons

  • "Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment."
  • "I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions."

What other advice do I have?

Arbor has a global ranking and global recognition. Whenever you do a search on Google, you can find Arbor on the top three or top five DDoS protection vendors. Obviously, Arbor is very reliable.
MN
Security1a8a
Security Consultant with 51-200 employees
Consultant
Dec 13, 2018
Operating the solution is easy, it's just one dashboard with mitigation

What is our primary use case?

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

Pros and Cons

  • "It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy."
  • "For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit... In F5 I have full control of everything."

What other advice do I have?

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source. I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or…
AG
Securityebea
Security Architect with 1,001-5,000 employees
Reseller
Dec 13, 2018
Easy to deploy and user-friendly, we can use the web interface or CLI to troubleshoot

What is our primary use case?

We are an internet service provider. We are using Arbor in our networks and it mitigates all attacks on our network. We are using BGP for traffic diversion.

Pros and Cons

  • "It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated."

    What other advice do I have?

    I would recommend Arbor's solution. I like it. In terms of increasing the usage of Arbor, when we expand our networks, we open new sites or data centers, we always use Arbor. In the future, if expand out, we will use it again. I rate it a nine out of ten because I have been using it for about eight years and it's very user-friendly, troubleshooting is good, and the reporting side is also good. It's easy to deploy and our customer feedback has been good. It's just that the pricing is very expensive, so I give it a nine.
    TK
    SecExp99
    Security Expert at a comms service provider with 10,001+ employees
    Real User
    Dec 12, 2018
    Protects both our company's and customers' infrastructures, but pricing is expensive

    What is our primary use case?

    We are using Arbor as a DDoS protection infrastructure. It protects our both our company's infrastructure and also our customers' infrastructure. We are not using it to protect one website, we are protecting a lot of websites and a lot of customers' infrastructures including their websites, their web services, etc.

    Pros and Cons

    • "We also use it by serving our customers' cloud signaling services with on-premise APS devices."

      What other advice do I have?

      Arbor is very good at what it does. If you have enough budget you can apply it to your infrastructure and use its flexibility and reporting features very well. But if you don't have the budget and you don't expand the budget for the coming next years, I suggest not getting in touch with Arbor. Five or six engineers can log in to devices, but in our company two people are managing infrastructure. There are always ways to optimize it, but we have been working for two years to optimize it and it's in a good situation compared to two years ago. I would rate it a seven out of ten. My rating is…
      RN
      CloudSece7fe
      Cloud Security Specialist at a tech services company with 11-50 employees
      Real User
      Nov 11, 2018
      Cloud Signalling enables us to synchronize with on-premise solutions

      What is our primary use case?

      The main focus was DDoS protection.

      Pros and Cons

        • "The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not."

        What other advice do I have?

        Don't worry that it is complex because, out-of-the-box, it protects you from the basics. Just open it and connect, that's all you have to do. But if you are making an investment of this type because you have to be protected against all scenarios, you have two options: close support from Arbor or a specialized engineer. If you have those resources, all the rest is very straightforward. It becomes a simple solution that can give you good results. I give the solution a nine out of ten. I try to put myself in the shoes of our company's owner. If a solution is simple to operate and gives good…
        HV
        NetCon37561
        Network Consultant at a comms service provider with 51-200 employees
        Consultant
        Jun 14, 2018
        We are able to respond quickly and prevent DDoS attacks

        What is our primary use case?

        It is mostly for Internet Service Providers (ISPs). It is for operations on the service provider and network security operations. It is a good solution.

        How has it helped my organization?

        It improves our organization by preventing attacks and improving the availability of the network on services, which provides a better service to customers.

        What is most valuable?

        We are able to respond quickly and prevent DDoS attacks.

        What needs improvement?

        There is some room for AI to take place.

        For how long have I used the solution?

        More than five years.

        What do I think about the stability of the solution?

        Stability is perfectly good. I have not seen an issue in years.

        What do I think about the scalability of the solution?

        Its scalability is big.…
        it_user816366
        Security Consultant at a tech services company with 11-50 employees
        Reseller
        Feb 28, 2018
        Provides easy management, high visibility, and quick response capabilities

        What is our primary use case?

        Arbor Pravail APS devices are using for protecting availability of services. DDOS, rating, and behavior analyses are the base of this product. 

        How has it helped my organization?

        Arbor Pravail APS devices provides easy management, high visibility, and quick response capabilities. Therefore, we can quickly complete the POV PoC demo process.

        What is most valuable?

        Arbor Pravail APS products provide high visibility. With real-time packet capture features, you can easily and quickly response. 

        What needs improvement?

        Arbor Pravail APS devices do not sync features or config the backup enough. This needs to be improved.

        For how long have I used the solution?

        More than five years.
        it_user663393
        Cyber Security Analyst at a tech services company with 10,001+ employees
        Consultant
        Nov 2, 2017
        The implementation was done by a vendor team, and they were excellent

        Pros and Cons

        • "Predefined filters/techniques to easily stop the attacks and start mitigation."
        • "Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,"

        What other advice do I have?

        Be in direct contact with Arbor TAC rather than choosing a vendor in-between.
        it_user700122
        Information Security Officer at a comms service provider
        Real User
        Jul 13, 2017
        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        What is most valuable?

        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        How has it helped my organization?

        It provides a much more efficient protection of our customers.

        What needs improvement?

        A small improvement could be a better reporting system.

        For how long have I used the solution?

        I've used this solution for two years.

        What do I think about the stability of the solution?

        No. Since day one, the product works without any issues.

        What do I think about the scalability of the solution?

        I didn't encounter issues with scalability.

        How are customer service and technical support?

        Very Good. The technical support team was there each time we needed them, offering…
        it_user667689
        IT Security Manager at a comms service provider with 501-1,000 employees
        Real User
        May 23, 2017
        It helped us to find the best IP network route to reach countries with low latency.

        What other advice do I have?

        It is vital to identify the number of routers that are going to be integrated and the scrubbing capacity required for the expected lifetime of the product, as it is not scalable once you have purchased it. For others who expect to implement Arbor, the key prerequisite is to identify the network devices that are going to integrate, since it will dictate the licensing. Since it is not scalable, so users should have to get this right before purchasing the product.
        it_user626721
        Security Consultant & IT Professional at Sistemas Aplicativos, SISAP
        Consultant
        May 22, 2017
        It provides mitigation templates for volumetric and application-level attacks.

        What other advice do I have?

        You have to be clear as to what do you want to protect, i.e., the applications, networks, etc. The most complex appliances are for the Arbor Networks SP/TMS solutions, so you have to know the BGP, peering, diversion, and reinjection concepts.
        it_user664614
        Cyber Security Analyst at a tech services company with 10,001+ employees
        Consultant
        May 22, 2017
        It provides predefined filters/techniques to easily stop attacks. The auto-mitigation feature starts with the default filters, which could impact a customer’s link.

        What other advice do I have?

        Be in direct contact with Arbor, rather than choosing a vendor in between.