We just raised a $30M Series A: Read our story

Arbor DDoS OverviewUNIXBusinessApplication

Arbor DDoS is #1 ranked solution in top Distributed Denial of Service (DDOS) Protection tools. IT Central Station users give Arbor DDoS an average rating of 8 out of 10. Arbor DDoS is most commonly compared to Radware DefensePro:Arbor DDoS vs Radware DefensePro. Arbor DDoS is popular among the large enterprise segment, accounting for 46% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 32% of all views.
What is Arbor DDoS?

Arbor Networks, the security division of NETSCOUT, is driven to protect the infrastructure and ecosystem of the internet. It is the principle upon which we were founded in 2000; and remains the common thread that runs through all that we do today. Arbor’s approach is rooted in the study of network traffic. Arbor’s suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through our ATLAS infrastructure. Sourced from more than 300 service provider customers, ATLAS delivers intelligence based on insight into approximately 1/3 of global internet traffic. Supported by Arbor’s Security Engineering & Response Team (ASERT), smart workflows and rich user context, Arbor’s network insights help customers see, understand and solve the most complex and consequential security challenges facing their organizations.

Arbor DDoS was previously known as Arbor Networks SP, Arbor Networks TMS, Arbor Cloud for ENT.

Arbor DDoS Buyer's Guide

Download the Arbor DDoS Buyer's Guide including reviews and more. Updated: December 2021

Arbor DDoS Customers

Xtel Communications

Arbor DDoS Video

Archived Arbor DDoS Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AM
Technical Lead - DEVSECOPS with 1,001-5,000 employees
Real User
Stable, scalable, and handles complex environments

Pros and Cons

  • "We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly."
  • "If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there. It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see."

What is our primary use case?

We use Arbor DDoS in the Asia Pacific region for a couple of government clients and Financial sector. The primary use case is for different types of problems that we do not see with other solutions, such as IPS, IDS, and FireEye. It has that type of detection and it blocks things.

How has it helped my organization?

It detect and protect DDOS effectively.

What is most valuable?

We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly. Many times an attack is with hundreds of GBs on our devices. We're able to filter that out.

Also, it is able to find new, different IPs. Arbor keeps them for one or two days, but it will release them after some time. That enables us to blacklist them permanently so that we don't get that IP's traffic.

It also denies fragmented packets.

What needs improvement?

If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there.  It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It's a stable solution. We haven't had any issues up until now, except for one or two times. On those occasions, we found attacks were getting through but then we realized we needed to update the signature database. Since then, it has been working fine. It is blocking as it should.

There haven't been any bugs.

What do I think about the scalability of the solution?

We haven't had any issues with the scalability.

How are customer service and technical support?

Technical support is good. They respond swiftly.

Which solution did I use previously and why did I switch?

We found what we wanted in Arbor DDoS. It met our expectations, as IT users of different types of complex environments. It fit our needs. After we did the PoC, we found that this product is good. It was scalable and stable.

How was the initial setup?

The initial setup is complex.

Deployment took about four months. After getting vendor support for installation, we then configured IP ranges for different clients. Then we set up the bandwidth and enabled logins.

There has not been much to deploy and maintain since then.

What about the implementation team?

Arbor directly helped with the deployment.

What was our ROI?

DDoS is a major problem. If it infiltrates one device, it can move laterally, compromising much more. Up until now, we haven't lost any confidential data. The DDoS protection solution is a valuable tool to our organization.

Which other solutions did I evaluate?

We did look at competitors but I don't remember which ones now.

What other advice do I have?

We have two teams that work with it. There is the maintenance team and we are the team that takes action.

I would rate Arbor DDoS at eight out of ten. It's stable, it's scalable, and it can handle complex environments. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
LM
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
The introduction of IP-intelligence helps in determining IPs with a bad reputation

Pros and Cons

  • "In the GUI, the packet capture is a very good option, as is the option to block an IP address."
  • "There is definitely room for improvement in third-party intelligence and integrations."

What is our primary use case?

We observed traffic over six months to create a benchmark. We created alerts to trigger and be sent to our SOC once the traffic exceeds the benchmark.

How has it helped my organization?

The introduction of IP-intelligence helps in determining IPs with a bad reputation. We recently upgraded to the latest version and that functionality is enabled now. They've come up with centralized intelligence based on their own cloud, and they feed the data, the intelligence.

What is most valuable?

In the GUI, the packet capture is a very good option, as is the option to block an IP address. These help in analyzing traffic and blocking unwanted IP addresses as a preliminary troubleshooting step.

Also, they have a customer program where, if we find a blacklisted or bad-reputation IP, we can submit it to Arbor directly.

What needs improvement?

There is definitely room for improvement in third-party intelligence and integrations. I would like to see more threat intelligence and internal traffic monitoring for C & C communications.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

We have not faced any scalability issues since we have a very confined environment.

How are customer service and technical support?

Tech support is good. They have really good expertise from the appliance point of view.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

Although I was not involved in the initial setup, I understand that it is easy. In terms of the specifics of our implementation, it's sensitive information so it can not be made public. Because of the criticality, I cannot comment on configuration or how is it implemented.

Regarding the simple setup, it is because of the out-of-the-box configurations which Arbor provides you with. I don't think there is another way to implement it as such. It was per Arbor's standards, so there was nothing that was done differently.

What's my experience with pricing, setup cost, and licensing?

Pricing is average.

What other advice do I have?

Go for the latest appliances.

We do have plans to increase our usage of this type of solution, but now there are a lot of other services coming up so we are looking in parallel at other stuff, for other functionalities and features from Arbor itself.

I rate Arbor DDoS at eight out of ten. They have done a considerable amount of development in the last few years when it comes to features. However, there is a restriction when the environment is hosted in the cloud and it is on-prem, so there a challenge there: The full-fledged features don't comply with certain requirements. There are always challenges.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
555,139 professionals have used our research since 2012.
HR
Senior Project Engineer at a tech services company with 10,001+ employees
Real User
We're able to block traffic before it gets to the firewall, but alerts on the main page can't be cleared when resolved

Pros and Cons

  • "It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken."
  • "On the main page there are alerts that we are unable to clear, even though the issue has been resolved."

What is our primary use case?

We have captured a profile for every production group which has a server-type configuration. We also enable signaling. If there is a huge amount of traffic, it will indicate that to us. Accordingly, we will inform them to take action or whatever. We will determine whether it is legitimate or not based on the requirements.

There is a given bandwidth for any organization, an expected amount of traffic at a given point of time. If it sees more than the traffic which we are expecting at a given point of time, it could be an anomaly. We will then check internally whether a download or upload is happening, etc. Normally, if it sees a huge amount of traffic at the same time, then automated cloud signaling will be enabled and, automatically, the traffic will be dropped.

How has it helped my organization?

There are multiple malicious IPs which are present everywhere. So, wherever the traffic comes from, it comes directly to the internet firewall, which utilizes the firewall's bandwidth, latency, etc. We block such traffic directly at the Arbor level only. 

Also, with network-level signatures, we can block things like malicious packets at the Arbor level only.

What is most valuable?

It's very user-friendly. Everything is done through a GUI. It doesn't take much time to learn how to use it. Once you see it a few times you understand it.

It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken.

With Arbor, every six or 12 months, we can do DDoS testing.

Also, there are HTTP connections. We can tell it there are multiple production categories which are present in a server-type configuration and we can use that. 

In very rare situations we use it to capture traffic. If there is any malicious traffic we can capture the packet where we can see the HTTP request.

What needs improvement?

On the main page there are alerts that we are unable to clear, even though the issue has been resolved.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is very good. We have never faced an issue with it.

What do I think about the scalability of the solution?

The scalability depends on the box but we have never had any issues with that.

How is customer service and technical support?

We use technical support when there is some issue with the box or traffic and we are unable to resolve it. Our interaction with them is good. They check the issues. It usually takes them one or two days to respond. They're knowledgeable and helpful.

The last issue we contacted them on was during implementation. We connected to one of two management ports but it was not working. They told us to change the management port and when we did everything was fine.

How was the initial setup?

I did the initial setup. It's not complex. We have a default admin and password where we need to set a management IP. Once management IP is set, if we connect it through a comm port, we need to set our system IP tools in the same subnet so that we can connect to Arbor. After that, we can set up usernames, passwords, and an IP access list. We can even change the group password.

If you have some knowledge, the implementation will only take between a half-hour and an hour. The only scenario where it takes time is when we put it into inline mode; when we mount the devices into the network.

One person is enough for deployment, if they have knowledge of how to implement it. There is no need for two or three. The number of people required to maintain it depends on the automation. One person is often enough. 

What other advice do I have?

We have seven people who directly access Arbor DDoS, mostly project engineers.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
VJ
Engineer at RailTel Corporation of India Ltd
Real User
I like the IP location policy to control traffic based on geolocation.

What is our primary use case?

Mitigating network level volumetric attacks, complete network visibility and complete control on applying countermeasures.

What is most valuable?

DDoS amplification Flow specs Blackhole mitigation, and IP location policy to control traffic based on geolocation.

What needs improvement?

Cloud signaling integration with third-party DDoS solution provider. Currently, it supports only its DDoS APS box.

For how long have I used the solution?

One to three years.

What is our primary use case?

Mitigating network level volumetric attacks, complete network visibility and complete control on applying countermeasures.

What is most valuable?

  • DDoS amplification
  • Flow specs
  • Blackhole mitigation, and
  • IP location policy to control traffic based on geolocation.

What needs improvement?

Cloud signaling integration with third-party DDoS solution provider. Currently, it supports only its DDoS APS box.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
TabbrezBalbbale
Security Advisor at a comms service provider with 10,001+ employees
Real User
Key features include Web 2.0 interactive attack alerting and traffic visualization

Pros and Cons

  • "Valuable features include simple and centralized management of user access and capabilities, as well as Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control."
  • "The following areas need improvement: opening and tracking support tickets, online support resources, software upgrades/updates and replacement media, and event management guidelines."

What is our primary use case?

We use these products because of the increase in frequency and sophistication of Denial of Service and Distributed Denial of Service attacks. As a service provider, we need to control and mitigate these attacks.

What is most valuable?

Valuable features include:

  • Simple and centralized management of user access and capabilities
  • Viewing and/or configuring of status, history, account, user, AAA, DNS, and NTP settings
  • Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control

What needs improvement?

The following areas need improvement:

  • Opening and tracking support tickets 
  • Online support resources
  • Software upgrades/updates and replacement media
  • Event management guidelines.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The initial implementation phase was a bit tricky but after that, it worked like a charm.

What do I think about the scalability of the solution?

Provides increased performance, scalability, and availability for Peakflow SP-based managed services.

It enables 25 simultaneous users/API per non-leader device. It scales up to ten PI devices and a maximum of 125 simultaneous logins, deployment-wide.

How was the initial setup?

The setup follows a project plan based on a PIP (Performance Improvement Plan) document and the LLD. A process is created to cover site preparation, hardware staging, hardware installation, and link activation and needs the involvement of the Operations team. Deployment takes three to four months.

Our implementation strategy is as follows:

  • Assign a project manager to be onsite when needed during the implementation until signoff
  • Understand customer’s policies, requirements, and procedures
  • Discuss and agree on the general prerequisites for the proposed solutions
  • Conduct site survey
  • Site preparation for the proposed solutions
  • Design the proposed solutions
  • Provide detailed project plan for the entire assignment
  • Provide Low-Level Design
  • Delivering the proposed SW and HW to the site
  • Configure the solutions based on best practices
  • Complete integration, fine-tuning, testing, and knowledge transfer to provide templates and guidance on use of templates to team members
  • Finalize the deliverables along with the client

What about the implementation team?

We did include an SI for the deployment. Our experience with that team was excellent as they knew what they were doing.

What's my experience with pricing, setup cost, and licensing?

Pricing is slightly on the higher side.

What other advice do I have?

It's an excellent product DDoS protection against attacks.

We have more than 7,000 users at all levels of access.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Usman Khan
Team Lead for DDoS Protection at a comms service provider with 10,001+ employees
Real User
Our customers can check how many attacks they have faced and how many have been blocked

Pros and Cons

  • "Our customers are very happy when we provide them with the interface... They can check how many attacks they have faced and how many attacks have been blocked."
  • "Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful."

What is our primary use case?

We use it to protect websites, usually. But it's hosted in our network, our infrastructure, and the company websites as well. We are an ISP company and we provide internet services and other services to companies, like banks, etc. Part of our services is DDoS protection.

How has it helped my organization?

We are the ISP for government websites here in Saudi Arabia. We had a lot of attacks on those sites. The way we mitigated those attacks was by asking the people who are hosting the website about the features they were using for the websites. They specified two of the ports, and they said we're not going to allow any other port, any other service apart from these two services. We allowed the websites to be accessible through those two ports only. We blocked everything else. This was four years ago and everything has been smooth ever since.

We have a monitoring team here, which is on watch 24/7. The monitoring part is very easy with this solution.

What is most valuable?

Our customers are very happy when we provide them with the interface. We give them read-only privileges and they can review the results by themselves. They can check how many attacks they have faced and how many attacks have been blocked. That is a very valuable feature offered by Arbor DDoS.

We can also give them more privileges. They can do some tweaking according to their own systems. If they have a database running or if they have a website, they can tweak the features themselves.

What needs improvement?

Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The deployment is okay, stable. But when you are manipulating the countermeasures, that is the difficult part. You have to be very careful, and you have to be sure that these countermeasures will kick in when needed, that they're going to work.

We have to customize the countermeasures for each customer. That is a real challenge. We should be reviewing them every month. They might be changing their services, they might be using different ports. We have to keep asking our customers, "Okay what are you running now? What are you using now? Which port are you running now?" so that we know what to expect. We need to know which traffic would be legit and which traffic is illegitimate so that we can block the illegitimate traffic without mistakes. We don't want to block the real traffic. There is a feature in Arbor called auto-learning. We can run that and it will help us. But at the end of the day, it's for us to decide what to allow.

You cannot rely on auto because, for example, if you're running auto-learning, and the services have been running on 80, and all of a sudden it switches to 443, it will keep on blocking. You have to expect what's coming. You cannot rely on auto. Human involvement is always necessary.

What do I think about the scalability of the solution?

If the network is expanding, of course, we would expect to need to add more equipment. We would need to expand our solution.

We had two customers from the government which came in, and they are super-important. Their services cannot go down. We had another solution from Arbor called Pravail. We had that installed for those two customers specifically. Their expected traffic is almost 8 MB, and their throughput is 12 MB. Any noise or malformed packets or out-of-sequence packets get filtered by the Pravail Solution. The bigger attacks will be handled by the TMS, the Threat Mitigation System.

Scalability is not a problem for Arbor.

How are customer service and technical support?

Technical support is really good. ATAC has been good with us. We haven't had any problem contacting them or getting them engaged in our activities. For example, sometimes we need to customize the portal banner. For that, they have been helpful.

Which solution did I use previously and why did I switch?

This is our first DDoS solution.

How was the initial setup?

The initial setup is kind of complex because it requires peering. We have to design it from scratch, which makes it a little bit complex. It depends on whether we want to get it inline or if we want to apply offloading, and whether the company can afford a TMS of its own or we need to send traffic to a remote TMS, hosted by Arbor itself.

The last deployment I was involved in took almost a month-and-a-half, with another 15 days for documentation.

It took about eight to 12 people to get the deployment operational. We had people from the core who were engaged with us for the integration and bringing up the systems. After that, we had to hire some fresh resources, because, honestly, it's a new product and it's not very common. We can't really find experienced people for DDoS.

It was not much of a challenge when we were developing it and when we were deploying it because we had a resident engineer who was planning everything, who was leading everything. But after that, when we were mitigating the attacks, there were challenges because we didn't have experienced people over here and the attacks were coming day and night, 24 /7. I had to come to the office after midnight and at midday. 

But now, the system stable and the people that I'm managing are more experienced. They know stuff and it's pretty smooth now.

What about the implementation team?

We engaged Arbor itself. We had a resident engineer from Arbor who came here and deployed the system. He was here for a month more for support and for any types of issues that we faced.

What other advice do I have?

Go for it. It's one of the best solutions you can get for DDoS. It doesn't matter what services you're going to use. As long as you have the whole solution, the TMS and everything in-house, it's the best solution.

We have a team of 12 to deploy and monitor the solution; we have three shifts running around the clock. They monitor the system alerts. They monitor the websites using the controls that we have to protect the clients. If one of them catches an attack, there is a high-alert flag and we focus on the attack to see if it has been mitigated or not. If it needs anything, if it needs some tweaking, we have two resources on each watch, a senior resource and a junior. The junior one keeps on monitoring. The senior one comes in whenever there is something to correct or if something needs to be changed in the system.

For ISPs, Arbor DDoS would be the best solution. For smaller organizations, we can buy the services from Amazon for DDoS protection, and there's Cloudflare. But for ISPs, it's better to have Arbor DDoS because we have everything in-house. ISPs like ours have almost 120 gig bandwidth. For throughput, it's the best one.

We don't have plans to increase usage currently because when we brought the solution four years ago, we measured it a lot. We bought more than what we needed. The plan is to improve the human operability on the system itself. Things look smooth, but you cannot rely on two or three people. We have to have redundancy in the human workforce. We're planning to expand the team so that we don't need to hire any fresh resources and train them from the start. These services are very expensive and our customers are expecting a perfect solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
AbuFaizal
Security Consultant at a tech services company with 10,001+ employees
Consultant
We're able to develop threshold values for clients' servers to help flag suspicious traffic

Pros and Cons

  • "There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds."
  • "Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning."

What is our primary use case?

Our primary use case is developing threshold values for all groups. We use it to analyze packets to build a use-case for when a server group hits the limit of incoming traffic. In such a case we suspect traffic.

We use it to build use-case scenarios, based on the server input and a client's requirements. Some clients have a number of users accessing a given server which affects the bandwidth. In each case, we need to tell DDoS what is considered legitimate traffic.

How has it helped my organization?

It prevents all unwanted or malicious traffic, using the Threat Intelligence feeds.

What is most valuable?

There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds.

There are two modes in the product: The first is a learning mode and the other is a production mode. First, we learn the traffic using the learning mode. We use it to fine-tune what is suspicious data and what is legitimate traffic.

What needs improvement?

Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning. Self-learning would be an improvement.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of Arbor DDoS is good. It's not that complex as a product and stability is not an issue.

What do I think about the scalability of the solution?

The scalability is good. Configuration-wise, an administrator could create issues. But the product itself is good.

I have implemented it multiple times in industries like oil and gas, banking, and insurance.

How is customer service and technical support?

The response from Arbor's technical support is good. They respond within two days.

How was the initial setup?

The initial setup is straightforward. It's very simple. I have deployed the product for multiple clients. Implementation takes less than three to four hours, but the fine-tuning takes some time, based on the organization's needs. That can take more than a month.

Our implementation strategy is based on how many servers and groups there are and what kind of traffic is coming to/from the internet. These are the factors that affect how we deploy it. Deployment requires two to three consultants who are security architects. For maintenance, one administrator is fine.

What's my experience with pricing, setup cost, and licensing?

Licensing is based on features, I believe.

What other advice do I have?

Implementation is very easy but making the product work optimally is more difficult.

It's the best product. I would rate it at eight out of ten. There are some minor issues with blocking legitimate traffic and that's why it's not a ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
SR
Manager IP Services at a tech company with 10,001+ employees
Real User
Has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment.

Pros and Cons

  • "Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment."
  • "I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions."

What is our primary use case?

I was working in the ISP environment and the Arbor DDoS solution is integrated in there.

How has it helped my organization?

We have certain gaming server data centers having some big or small LAN protectors. All protectors have been added to Arbor for mitigation and protection and the IPs with frequent attacks are separately added for more focus monitoring. Usually when gaming users go online they experience this type of high volume attack. We pick those IPs and separately define an Arbor for mitigation and the whether those are positive.

What is most valuable?

Specifically in the ISP infrastructure where I was working, Arbor DDoS is integrated to detect the threats and mitigation. Basically, the peak flow TMS solution and peak flow SP solution has been procured by my company. We are providing services to customers and protecting our own infrastructure as well.

When you work in an ISP or enterprise environment, the main priority is to protect your services or your customers services, like bandwidth. There must be no high volume breach towards any customer, such as a DDoS attack or application level attack. The purpose of procuring a peak flow TMS solution is to mitigate the high volume attacks towards our customers and to protect our internal infrastructure as well. This is our priority in this aspect.

What needs improvement?

I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions. Plus, hardware stability is a big issue with Arbor. We have frequent outages with the hardware.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Arbor is good for expansions or forecasts, and helps us as well. Their pre-sales team is very dedicated and focused and they just nominate the POC, who then provides the capability, descriptions and presentations to us.

How are customer service and technical support?

They are helpful. Their response time is good. 

Which solution did I use previously and why did I switch?

No, we were just manually blackholing at level three, an upper level. We were not using any specific DDoS solutions like Arbor.

How was the initial setup?

Initial setup is a bit complex because it is a Linux based working environment for configuration. A bit of expertise is required to configure the setup. It requires an expert level assistance from Arbor to complete the configuration or to apply any new system.

Deployment took around 3-4 months because we had two sites nationwide on which peak flow was deployed.

What about the implementation team?

Yes. They were just handling the physical connectivity, the mounting, placement and insertion of the cords. By law, integration is pushed by the Arbor expert.

What's my experience with pricing, setup cost, and licensing?

Licensing is good and they are very helpful to us. Without licensing you cannot get the complete features of the product, as well as the complete level of support, so licensing is obviously a good option.

Which other solutions did I evaluate?

Actually there is a different planning team which takes care of the projects, so I don't know if they were considering any other vendor or not, but right now Arbor is the first choice and we are working with it.

Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment. So, Arbor is very helpful to have inside of the most recent attacks and their backgrounds.

What other advice do I have?

Arbor has a global ranking and global recognition. Whenever you do a search on Google, you can find Arbor on the top three or top five DDoS protection vendors. Obviously, Arbor is very reliable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MN
Security Consultant with 51-200 employees
Consultant
Operating the solution is easy, it's just one dashboard with mitigation

Pros and Cons

  • "It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy."
  • "For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit... In F5 I have full control of everything."

What is our primary use case?

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

How has it helped my organization?

I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.

What is most valuable?

The DDoS mitigation. There is no other feature.

It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.

What needs improvement?

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.

But otherwise, from a user perspective, it's pretty straightforward.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.

What do I think about the scalability of the solution?

Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.

There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.

How are customer service and technical support?

Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.

Which solution did I use previously and why did I switch?

I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.

When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.

How was the initial setup?

The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.

The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.

The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.

When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.

In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.

What was our ROI?

I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.

What's my experience with pricing, setup cost, and licensing?

To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.

What other advice do I have?

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.

I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
AG
Security Architect with 1,001-5,000 employees
Reseller
Easy to deploy and user-friendly, we can use the web interface or CLI to troubleshoot

Pros and Cons

  • "It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated."

    What is our primary use case?

    We are an internet service provider. We are using Arbor in our networks and it mitigates all attacks on our network. We are using BGP for traffic diversion.

    How has it helped my organization?

    When we implement Arbor in an organization it is protected against DDoS attacks. We also protect our services, our customers and their networks with it. We need Arbor or a similar solution in our organization.

    What is most valuable?

    It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated. I like the features.

    What needs improvement?

    Sometimes the PPM module gives you an error. They improved it, they deployed a patch, and fixed it. Generally, if it gives you an error, you need to power it off and back on again.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It's more stable than its competitors. We haven't had any stability issues with it.

    What do I think about the scalability of the solution?

    It's scalable.

    How are customer service and technical support?

    Technical support is pretty good. Sometimes first-level engineers take too much time, but when they escalate to the engineers they solve our problems. So the first level of support, I am not sure about them, but the other levels are good.

    They respond to our tickets.

    Which solution did I use previously and why did I switch?

    We used Cisco Guard but Cisco no longer sells that solution. It was a very complex solution and our customer satisfaction was very low. We searched for a new solution and we liked Arbor.

    How was the initial setup?

    It is easy to deploy. You can easily configure the interface, connect your network, and easily do the BGP configuration from the menu.

    If you're deploying the TMS product, it takes about one hour for the physical deployment and configuration requirements. The Collector is easily done in TMS. Their inline solution, APS devices, is also easily done. It takes about a half an hour for an APS device.

    We don't have a specific deployment strategy. For deployment, the minimum staff required is one security guy and one network guy.

    What about the implementation team?

    We generally get support from Arbor engineers while we deploy.

    What was our ROI?

    We have gained from this product, and our customers are also satisfied with this solution. It helps with our profit. It's a good investment.

    What's my experience with pricing, setup cost, and licensing?

    Arbor's products are very expensive. Their competitors are cheap when compared with Arbor. Now we are using Arbor, but in the future, if the price remains expensive, we might PoC the competitors. If we have the budget, we want to use Arbor, but in the future, if we have budget problems we may try other products.

    What other advice do I have?

    I would recommend Arbor's solution. I like it.

    In terms of increasing the usage of Arbor, when we expand our networks, we open new sites or data centers, we always use Arbor. In the future, if expand out, we will use it again.

    I rate it a nine out of ten because I have been using it for about eight years and it's very user-friendly, troubleshooting is good, and the reporting side is also good. It's easy to deploy and our customer feedback has been good. It's just that the pricing is very expensive, so I give it a nine.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    TK
    Security Expert at a comms service provider with 10,001+ employees
    Real User
    Protects both our company's and customers' infrastructures, but pricing is expensive

    Pros and Cons

    • "We also use it by serving our customers' cloud signaling services with on-premise APS devices."

      What is our primary use case?

      We are using Arbor as a DDoS protection infrastructure. It protects our both our company's infrastructure and also our customers' infrastructure. We are not using it to protect one website, we are protecting a lot of websites and a lot of customers' infrastructures including their websites, their web services, etc.

      How has it helped my organization?

      It protects our infrastructure. We are in a particular geography so we face a lot of cyber attacks, especially DDoS attacks. It's very beneficial for our infrastructure. It's a vital component for every provider network.

      What is most valuable?

      We are using it mainly for DDoS protection. Reporting functions provide good visibility. Also, API's helps us to improve our service. We are also using it by serving cloud signaling service to our customers for their on-premise APS devices.

      What needs improvement?

      Learning period for managed objects are too short; better to have auto-profiling based on learning.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      As long as you don't touch it, it's very stable. But if you try to configure new features or some new deployment, sometimes that can be a problem. A few weeks ago we had an appliance that went down. 

      What do I think about the scalability of the solution?

      It's very scalable. It has a central management platform that manages all appliances, so if you have a few sites, you can scale it to other sites with new devices and you can manage them from the central management platform.

      How is customer service and technical support?

      Arbor has an engineer in our country and we try to solve our cases or our problems or our new feature configurations with him. Also we are able to do that by contacting tech directly. The guys in our country help us contact the tech team. They also have another contact in the tech team so they can speed up the resolution of our cases by communicating with him.

      When issues arise, they're helpful, they're knowledgeable and responsive.

      The last ticket we submitted was when one of our appliances went down while we were configuring it one night. They solved it within four or five hours after we opened the case. They sent the solution within that time. The appliance went back up and has continued to work properly.

      How was the initial setup?

      The setup is very straightforward, not too complex. Their tech team is very helpful.

      What's my experience with pricing, setup cost, and licensing?

      As far as I know, they are very successful in DDoS protection. Because they know it, their service prices are too high. They provide cloud DDoS protection for ISPs, but that is also too expensive. 

      Which other solutions did I evaluate?

      We are evaluating other options. We may apply one if we find an appropriate solution. As I mentioned before, Arbor DDoS prices are too high, it's very expensive. It would be better to have more than one vendor in our infrastructure, because there is no competition when you have one vendor or one solution.

      What other advice do I have?

      Arbor is very good at what it does. If you have enough budget you can apply it to your infrastructure and use its flexibility and reporting features very well. But if you don't have the budget and you don't expand the budget for the coming next years, I suggest not getting in touch with Arbor.

      Five or six engineers can log in to devices, but in our company two people are managing infrastructure. There are always ways to optimize it, but we have been working for two years to optimize it and it's in a good situation compared to two years ago.

      I would rate it a seven out of ten. My rating is based on the general problems that we had and the solutions for them, as well as the daily stability of these devices.

      We are using nearly all the features of Arbor. Currently, they are enough for us, but in the future, if there are different kinds of DDoS attacks I believe that Arbor DDoS will also take action against them.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      RN
      Cloud Security Specialist at a tech services company with 11-50 employees
      Real User
      Cloud Signalling enables us to synchronize with on-premise solutions

      Pros and Cons

        • "The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not."

        What is our primary use case?

        The main focus was DDoS protection.

        How has it helped my organization?

        Some months ago, in Mexico, we had presidential elections. At that time it was very important to deny DDoS attacks, especially on the platform for counting votes in the election. This solution was good for our customers.

        What is most valuable?

        • AIF
        • Cloud Signalling - In my previous environment, we worked with Arbor as a carrier but in my current company some of our customers have the solution on-premise and we have to synchronize the solution with the Arbor solution that our customers have in their enterprises. The ability to work with the Arbor solution on the carrier side and on-premise provides solutions for both types of customers.

        What needs improvement?

        The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not.

        The first impression needs to be more mature. It needs to be something that you would be proud to show someone. If you have a visitor to your SOC and you show him your installation, you need something more impressive. The look and feel of other brands is really nice, while Arbor is really simple. It's a good solution but not as spectacular as others. It's a matter of marketing, not performance.

        For how long have I used the solution?

        Three to five years.

        What do I think about the stability of the solution?

        The product is very stable. 

        What do I think about the scalability of the solution?

        The scalability is really amazing. That was part of the equation for one particular customer. When they understood how the bandwidth can be shared between different branches of their backbone, that they could really grow by correctly re-routing traffic, they were really happy with the solution.

        How are customer service and technical support?

        My interaction with tech support was really nice. I used to be part of HPE some time ago and I understand how those kinds of companies work. You have to have all the requirements before you make an appointment with the engineers. When we followed up with all the requirements that Arbor needed, the process was very straightforward.

        In terms of submitting a ticket, they are responsive and knowledgeable. They are very experienced people.

        Which solution did I use previously and why did I switch?

        My former company didn't have a previous solution. The company was new in Mexico and there were many considerations regarding government involvement in the industry, so security considerations were not there at that time.

        Arbor is the official solution for my former company, worldwide. Also, Arbor was sold as OEM as part of Cisco, and Cisco has a very strong position in that company. Both of those facts helped push the Arbor solution there.

        How was the initial setup?

        The setup is very straightforward, once the final architecture is decided. 

        However, the decision regarding the final architecture was not very simple because the carrier environment is very complex. In addition, at the time, the carrier I was working for bought another small carrier and was doing the integration between both their installations and backbones. That was very complex. But once all those details were decided, the placement of the Arbor solution was very straightforward.

        The setup work and testing of the Arbor solution took about three to four weeks, not including all the pre-planning and architecture discussions.

        What about the implementation team?

        I played a part, but Arbor engineers do the whole installation process. I helped as much as I could but Arbor wants the implementation done by Arbor techs. I helped with some minor activities.

        For the deployment, there was one senior engineer and one junior engineer. On our side, there were a number of people, me and a couple of other engineers. And when we tested the mitigation between different branches, there were three Arbor engineers with us.

        What's my experience with pricing, setup cost, and licensing?

        Because the solutions from competitors are very different, it's not easy to compare. However, the licensing from Arbor is clear and understandable and the pricing is reasonable when looking at the market, in general.

        What other advice do I have?

        Don't worry that it is complex because, out-of-the-box, it protects you from the basics. Just open it and connect, that's all you have to do. But if you are making an investment of this type because you have to be protected against all scenarios, you have two options: close support from Arbor or a specialized engineer. If you have those resources, all the rest is very straightforward. It becomes a simple solution that can give you good results.

        I give the solution a nine out of ten. I try to put myself in the shoes of our company's owner. If a solution is simple to operate and gives good results, it's good for me. The solution needs to do what it's supposed to do and be simple to manage.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        HV
        Network Consultant at a comms service provider with 51-200 employees
        Consultant
        We are able to respond quickly and prevent DDoS attacks

        What is our primary use case?

        It is mostly for Internet Service Providers (ISPs). It is for operations on the service provider and network security operations. It is a good solution.

        How has it helped my organization?

        It improves our organization by preventing attacks and improving the availability of the network on services, which provides a better service to customers.

        What is most valuable?

        We are able to respond quickly and prevent DDoS attacks.

        What needs improvement?

        There is some room for AI to take place.

        For how long have I used the solution?

        More than five years.

        What do I think about the stability of the solution?

        Stability is perfectly good. I have not seen an issue in years.

        What do I think about the scalability of the solution?

        Its scalability is big.…

        What is our primary use case?

        It is mostly for Internet Service Providers (ISPs). It is for operations on the service provider and network security operations. It is a good solution.

        How has it helped my organization?

        It improves our organization by preventing attacks and improving the availability of the network on services, which provides a better service to customers.

        What is most valuable?

        We are able to respond quickly and prevent DDoS attacks.

        What needs improvement?

        There is some room for AI to take place.

        For how long have I used the solution?

        More than five years.

        What do I think about the stability of the solution?

        Stability is perfectly good. I have not seen an issue in years.

        What do I think about the scalability of the solution?

        Its scalability is big. It is for large deployments of big organizations and service providers.

        How is customer service and technical support?

        Technical support is good. They provide quite good support. They have different levels depending on the pockets that you have bought, so you get the relative support. They have a lot of levels for support and good SLAs.

        How was the initial setup?

        The initial setup is complex, but experts are involved. Even with experts from both the vendor and the operator side, the initial set up can take some time, though it is essential.

        What's my experience with pricing, setup cost, and licensing?

        We work with different vendors from different industries.

        What other advice do I have?

        Most important important criteria when selecting a vendor:

        • How the offering covers the business needs.
        • The reputation of the vendor.
        Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
        ITCS user
        Security Consultant at a tech services company with 11-50 employees
        Reseller
        Provides easy management, high visibility, and quick response capabilities

        What is our primary use case?

        Arbor Pravail APS devices are using for protecting availability of services. DDOS, rating, and behavior analyses are the base of this product. 

        How has it helped my organization?

        Arbor Pravail APS devices provides easy management, high visibility, and quick response capabilities. Therefore, we can quickly complete the POV PoC demo process.

        What is most valuable?

        Arbor Pravail APS products provide high visibility. With real-time packet capture features, you can easily and quickly response. 

        What needs improvement?

        Arbor Pravail APS devices do not sync features or config the backup enough. This needs to be improved.

        For how long have I used the solution?

        More than five years.

        What is our primary use case?

        Arbor Pravail APS devices are using for protecting availability of services. DDOS, rating, and behavior analyses are the base of this product. 

        How has it helped my organization?

        Arbor Pravail APS devices provides easy management, high visibility, and quick response capabilities. Therefore, we can quickly complete the POV PoC demo process.

        What is most valuable?

        Arbor Pravail APS products provide high visibility. With real-time packet capture features, you can easily and quickly response. 

        What needs improvement?

        Arbor Pravail APS devices do not sync features or config the backup enough. This needs to be improved.

        For how long have I used the solution?

        More than five years.
        Disclosure: My company has a business relationship with this vendor other than being a customer: Value-added reseller
        ITCS user
        Cyber Security Analyst at a tech services company with 10,001+ employees
        Consultant
        The implementation was done by a vendor team, and they were excellent

        Pros and Cons

        • "Predefined filters/techniques to easily stop the attacks and start mitigation."
        • "Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,"

        What is most valuable?

        • Very user-friendly GUI
        • Simplest way of mitigation
        • Predefined filters/techniques to easily stop the attacks and start mitigation.

        How has it helped my organization?

        My last project was with the biggest banks of India (almost all of them) and MNC, so it helped us to protect their network from present DoS/DDoS attacks.

        What needs improvement?

        Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,

        E.g., if we have enabled monitoring of internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also creates looping in the network for any misconfiguration, which can impact the ISP’s internal network and the customer's link utilization.

        For how long have I used the solution?

        Two years.

        What was my experience with deployment of the solution?

        No issues.

        What do I think about the stability of the solution?

        No issues.

        What do I think about the scalability of the solution?

        No issues.

        How are customer service and technical support?

        Customer Service:

        A seven out of 10, because response times from Arbor TAC are little higher.

        Technical Support:

        An eight out of 10. Very good.

        Which solution did I use previously and why did I switch?

        Not applicable.

        How was the initial setup?

        Not applicable.

        What about the implementation team?

        The implementation was done by Arbor itself. They were excellent.

        What was our ROI?

        Not applicable.

        What's my experience with pricing, setup cost, and licensing?

        Not applicable.

        Which other solutions did I evaluate?

        Not applicable.

        What other advice do I have?

        Be in direct contact with Arbor TAC rather than choosing a vendor in-between.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We protect our internal network as well as customers.
        it_user700122
        Information Security Officer at a comms service provider
        Real User
        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        What is most valuable?

        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        How has it helped my organization?

        It provides a much more efficient protection of our customers.

        What needs improvement?

        A small improvement could be a better reporting system.

        For how long have I used the solution?

        I've used this solution for two years.

        What do I think about the stability of the solution?

        No. Since day one, the product works without any issues.

        What do I think about the scalability of the solution?

        I didn't encounter issues with scalability.

        How are customer service and technical support?

        Very Good. The technical support team was there each time we needed them, offering…

        What is most valuable?

        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        How has it helped my organization?

        It provides a much more efficient protection of our customers.

        What needs improvement?

        A small improvement could be a better reporting system.

        For how long have I used the solution?

        I've used this solution for two years.

        What do I think about the stability of the solution?

        No. Since day one, the product works without any issues.

        What do I think about the scalability of the solution?

        I didn't encounter issues with scalability.

        How are customer service and technical support?

        Very Good. The technical support team was there each time we needed them, offering valuable help and advice.

        Which solution did I use previously and why did I switch?

        I did not use a different solution prior to Arbor DDoS.

        How was the initial setup?

        No, the initial setup was easy. The excellent interface makes it easy to configure.

        What about the implementation team?

        Check if you can combine the product’s Cloud Signaling capabilities with your upstream provider. This will enhance your DDOS protection even further

        What's my experience with pricing, setup cost, and licensing?

        Start with a small license. Measure your bandwidth requirements.

        Which other solutions did I evaluate?

        Yes. Checkpoint.

        Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        it_user667689
        IT Security Manager at a comms service provider with 501-1,000 employees
        Real User
        It helped us to find the best IP network route to reach countries with low latency.

        What is most valuable?

        • As an ISP, it is important to know from where the traffic comes so as to neutralize any attacks.

        • The Arbor Networks SP device provided great visualization of the network traffic.

        • Arbor Networks TMS is for cleaning the DDoS traffic, which is used sparsely.

        How has it helped my organization?

        The Arbor Networks SP device allowed us to optimize the network traffic. For example, it helped us to find the best IP network route to reach certain countries with low latency.

        What needs improvement?

        My opinion is that these Arbor devices should be scalable, in terms of the hardware.

        Network bandwidth is rapidly increasing. Therefore, it is not practical to predict the network traffic as what it will be in five years time and also, to accordingly plan the required hardware specifications.

        For how long have I used the solution?

        I have been using this solution since 2009.

        We have been using the Arbor Peakflow SP CP-5000 and Arbor Peakflow TMS 2700.

        What do I think about the stability of the solution?

        Both the devices were very stable at the operation.

        What do I think about the scalability of the solution?

        Unfortunately, these devices are not scalable and we have to upgrade to the next model in order to increase the threat mitigation capabilities.

        How are customer service and technical support?

        We’ve received technical support mainly from Thailand. The guy who supported us was very competent with the products.

        Which solution did I use previously and why did I switch?

        We were not using any other solution before.

        How was the initial setup?

        The initial IP configuration has to be done in a command line, but the rest you can do via the web interface.

        What's my experience with pricing, setup cost, and licensing?

        As a comparatively medium-scale ISP, we struggled with the license restrictions. By default, the Arbor SP device has only five licenses, which means only five routers can be integrated.

        Which other solutions did I evaluate?

        At that time (2008-09), when we checked the other options, there was not even a single product vendor that had the ability to do both network traffic analysis and DDoS traffic cleansing.

        There were other proposals such as Radware and Cisco Guard for DDOS protection.

        What other advice do I have?

        It is vital to identify the number of routers that are going to be integrated and the scrubbing capacity required for the expected lifetime of the product, as it is not scalable once you have purchased it.

        For others who expect to implement Arbor, the key prerequisite is to identify the network devices that are going to integrate, since it will dictate the licensing. Since it is not scalable, so users should have to get this right before purchasing the product.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user626721
        Security Consultant & IT Professional at Sistemas Aplicativos, SISAP
        Consultant
        It provides mitigation templates for volumetric and application-level attacks.

        What is most valuable?

        The deployment methods are really important as are the mitigation templates for volumetric and application-level attacks.

        How has it helped my organization?

        We do not have this product in our organization. We are service providers for Arbor.

        This product improves the application's availability; we have mitigated targeted attacks for some clients.

        What needs improvement?

        I believe that the Arbor Cloud should be available, even if the customer does not have any Arbor appliance on-premise.

        For how long have I used the solution?

        I have been using Arbor technologies for about two years.

        What do I think about the stability of the solution?

        In the two years I have been using the product, I haven't encountered any stability issues. The solution is pretty robust and stable.

        What do I think about the scalability of the solution?

        Both solutions, Arbor Networks SP/TMS and APS, are very scalable.

        The important point about Arbor Networks APS is that it is usually deployed inline, so you have to be aware of the number of switch ports available for each model.

        How is customer service and technical support?

        I have a lot of experience with the technical support for multiple vendors (HPE, Cisco, Palo Alto Networks, Imperva, etc.) and the Arbor support is really good; usually, they respond with the workaround for your issue.

        I really recommend the technical support from Arbor.

        How was the initial setup?

        Setup complexity depends on the appliance:

        • Arbor Networks APS: The setup is really straightforward; deployment and tuning are not that hard.
        • Arbor Networks SP/TMS: This a complex solution and usually deployed in Diversion/Reinjection mode. Customers have to know the concepts and configuration about BGP, routing etc.

        What's my experience with pricing, setup cost, and licensing?

        Arbor Networks APS licensing usually depends on the throughput of the enterprise.

        Arbor Networks SP/TMS licensing usually depends on the throughput and the number of managed routers.

        Note: It is not a cheap solution, but this is the most deployed anti-DDoS solution worldwide.

        Which other solutions did I evaluate?

        This is the first enterprise anti-DDoS product that we acquired. It later became Imperva.

        What other advice do I have?

        You have to be clear as to what do you want to protect, i.e., the applications, networks, etc.

        The most complex appliances are for the Arbor Networks SP/TMS solutions, so you have to know the BGP, peering, diversion, and reinjection concepts.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are partners.
        it_user664614
        Cyber Security Analyst at a tech services company with 10,001+ employees
        Consultant
        It provides predefined filters/techniques to easily stop attacks. The auto-mitigation feature starts with the default filters, which could impact a customer’s link.

        What is most valuable?

        • It is user-friendly and has a very easy GUI.

        • It provides the simplest method of mitigation.

        • It provides predefined filters/techniques to easily stop attacks.

        How has it helped my organization?

        My last project was with (almost all of) the biggest banks and MNCs in India. It helped us to protect their network from the present DDoS attacks.

        What needs improvement?

        The auto-mitigation feature is provided when DDoS is observed on any of the links/customers (configured under auto-mitigation). It automatically starts mitigation with the default filters. In the default filter mode, there could be an impact on a customer’s link.

        For example, if we have enabled monitoring of the internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also create looping in the network for any misconfiguration. This can impact the ISP's internal network and the customer's link utilization.

        For how long have I used the solution?

        I have used this solution for two years.

        What do I think about the stability of the solution?

        We did not have stability issues.

        What do I think about the scalability of the solution?

        We did not have scalability issues.

        How are customer service and technical support?

        I would rate the technical support a 7/10.

        Which solution did I use previously and why did I switch?

        We were using black-hole mitigation. We switched from that technique because we were dropping all the traffic of the attacked link, rather than vulnerable traffic; there were many more loopholes.

        How was the initial setup?

        The setup is a little complex regarding the methods of configuration with the customers, as we need to provide them with a clean pipe path during mitigation. Also, it is mostly used on ISPs so the configuration on gateways is a little hectic.

        What's my experience with pricing, setup cost, and licensing?

        They offer good prices.

        Which other solutions did I evaluate?

        I did not evaluate other options.

        What other advice do I have?

        Be in direct contact with Arbor, rather than choosing a vendor in between.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Buyer's Guide
        Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.