You can be in a better position to mitigate and find alternatives when there is an attack
What is our primary use case?
My company is a quad-play operator service provider in Malta. We use it for our own internal infrastructure and clients, where we use both always-on and on-demand. Our partner has an in-house deployment and can upload it to the cloud as well. This helps to minimize the costs. With in-house deployment, the cost will increase significantly. So, this hybrid approach is advantageous.
Pros and Cons
"When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives."
What other advice do I have?
Overall, I would rate this solution as an eight (out of 10), the reporting as a 10 (out of 10), and the mitigation as a five to eight (out of 10).