If you were talking to someone whose organization is considering A10 Thunder TPS, what would you say?
How would you rate it and why? Any other tips or advice?
Select Thunder TPS hardware models to benefit from our Security and Policy Engine (SPE) hardware acceleration, leveraging FPGA-based FTA technology and other hardware-optimized packet-processing for highly scalable flow distribution and hardware DDoS protection capabilities.
Don't even think twice about doing it. It's a given in this day and age; you just need to do it. You need to have some form of DDoS mitigation in place. And if you don't, God be with you. It's not a matter of if you will be attacked. A lot of ISPs think, "Oh, I'm too small," and even some enterprise customers think that way: "I'm too small. Nobody's going to attack me." These botnets don't care. They don't even know who you are. They just start sweeping IPs and, if they find some vulnerability or somebody decides that they'd like to attack even a customer of ours, it's going to happen. It's happening whether you know it or not, already. The big thing was to get a lot more visibility into the types of DDoS attacks that we were getting, because now we had full access to the gears. One of the biggest lessons we learned — because we all assumed that non-volumetric attacks were not a problem for the provider — is that they were a problem. We just weren't seeing the problem. Some of our customers may have seen the problem, like a small DDoS attack against their DNS servers. DNS response time might've been delayed by just a fraction of a millisecond per query because of that DDoS attack, but in the grand scheme of things, with thousands of customers hitting that, it ended up being multiple milliseconds. That was something that we learned right off that was a "wow." When we looked at the response times of some of our servers that we never mitigated these attacks on before, it was big, overall. The only automation features we use are the DDoS. We have other systems in place for the detection piece of it. That's the only feature we use. When it gets traffic, it mitigates it and that's pretty much it. We want to keep it extremely simple. We haven't thought about where it has room for improvement because it is working so well right now. Again, we only use it for one very specific feature and that's the DDoS mitigation. It's doing what it's supposed to be doing right now. I don't have any enhancements I'd like to see on the product yet because we've not really used it for many of the features it's capable of. In terms of maintenance, our company has a group that just updates software. That's all they do. They look at different systems in the network, Linux boxes, Windows boxes, appliances like this. They may spend half-an-hour a month if there are any updates to it. All they do is go to the web site and see if there are any updates. If there is an update, they look at what should be applied and they check with the different groups to see if they absolutely should apply it and then they download it. We don't have plans to use any other features, but we do have plans to implement another system that our customer-support folks are looking at, to be able to do DDoS mitigation per customer. Right now my group, the engineering group, uses this system to protect the network as a whole, but we don't look at specific customers and say, "Well, that customer's getting a very small DDoS attack on their SQL server." We won't mitigate that because it doesn't affect the inner network. We would mitigate something that was a couple of hundred meg that we saw was malicious to the entire network, and that customer might benefit from it. Now, we're looking at selling this to customers. So if a customer calls and says, "Can you mitigate this attack against my SQL server?" the new system would be sensitive enough for even a tiny, little attack. Whereas, the system that we have now wouldn't. We'll probably do that in the next six months. I'd give A10 a ten out of ten. I have no reason to subtract any points from it at all.
Do your research to understand your solution options. Then, have a PoC bake-off and task the system. Identify ad-hoc anomalies in your test-bed and look at the time to mitigation. Look at different types of situations to see, if an anomaly comes along, how long it would take you to deploy an ad-hoc solution or redirect the traffic. Research and proof of concept is our biggest thing. We never do anything without doing them thoroughly. The biggest thing I have learned is how many attacks there are and how many different ways the attacks happen, throughout an attack. You can have a DNS attack, you can have an ICMP attack. You can have all these different flavors of attacks. That was probably the biggest eye-opener for me. When you hear the word "DDoS," everything gets put into a container. It's not until you look into the container that you see all the different types of attacks that are summed up by that word. The solution has been rock solid for us. We haven't had any issues. We've had numerous attacks and it's worked perfectly. I don't know that it has an increased network availability notably but it has added to it. Instead of having four-nines of availability, we've got five-nines. It's a solution and a package, so it's not our only tool in our toolbox. We only use the TPS side of it and we're not 100 percent trained up on it, even though we've had two years of deployment on it. We don't know the whole, full-meal deal on what it can do. There's a possibility we'll go to the load balancing and some of those features. Even though we have hosted solutions, we don't have enough because we're a small company. There are other features but we'll explore those as we need. We have just two people who have access for configuration of the solution and its operations, in our engineering operations. I would have to rate A10 TPs as a nine out of ten. We've been very happy with the product. Of course, we don't want to give tens because then get people get cocky about it.
The type of configuration and the type of network you're planning on running really matters. A10 does a good job of letting you know what's available and what works for the company, depending on those needs. For our use, we needed to be full, 100 percent on. Some companies don't require that and they can afford some type of downtime for BGP cut-over and such. My advice would be to really work with the A10 engineering team on what your needs are and what you're looking for in a product, to make sure that is a viable option. We spoke a lot with other gaming companies that were using the solution and asked, "What is your setup? What kind of issues have you had?" We're using it in a different fashion than some of the other gaming companies are using it today, but it works for us and we think it does a great job. The biggest lesson I have learned from using this solution is that it does take time to implement. There always are going to be some software issues that need to be worked through. Having a more versatile environment and versatile network makes it a lot easier, so that if you do have issues you can certainly work around them. That's especially true in a production environment. We really don't have a test environment that we are able to set up to test these in and this was basically done by hanging off our production environment with minimal downtime. In our organization, there are two major teams that use the tools. There are three folks on the networking team and they handle all networking aspects, including BGP, routing, and configuration of the device from a networking perspective. And my team is the SOC team. I currently have nine folks. We work about 95 percent off of the aGalaxy system. We're responsible for responding to alerts, responding to attacks, gathering pcap data, gathering data about zone alerts, etc. Those 12 people are the ones responsible for the A10 devices. That same group of people is responsible for deployment and maintenance of the solution. I'm mainly responsible, on the security side, for any types of updates that get pushed to the devices. That would be any type of software updates or any type of work being done. Whereas on the networking side, it usually just requires one person if we're doing any type of work. It doesn't require the whole team, for the most part. All three people in the network team have knowledge of the system, but it's usually two people required for that work if we do any types of updates. I would rate it at nine out of ten. It does have its issues that are being worked through, but overall it's great.
The solution is not for newbies. You need to know some security stuff. The box is very flexible and capable with a lot of possibilities. We are using A10, not just as a mitigation box. We provide the TPS box and all its mitigation backbone to our customer as a tool. At some point, we are obliged to do some training and do some testing in our lab for them. DDoS attacks are evolving every day. Attackers are getting smarter. You have to continue to learn and experiment.
From our perspective, the technology works well, and it has a low cost to maintain and manage. One of the biggest lessons for me, in using this solution, was that there are so many smaller attacks going on that we were not aware of and which must have had an impact on the satisfaction of our customers, as well as the satisfaction of their customers. Everybody always talks about the huge attacks, the one- or two-terabit attacks that get into the news. But the fact there is such a huge volume of smaller attacks going, script kiddies, etc., to make other people's lives miserable was, to me, a bit of an eye-opener. That was resolved by deploying the A10 solution. Availability is very critical to the success of our business. If you look at the customers that we primarily and proactively target, they are customers in the online gaming market, in the advertising-technology/marketing-technology markets, in the Software-as-a-Service and in the managed service providers market. All these companies are borne on the internet and their internet presence is critical to their success, to their existence. So for us, it's of primary importance that we keep their services up and running at all times, even when they are being attacked by cyber-criminals. As Leaseweb, we have around 18,000 customers using our hosting services. All these customers' services with us are protected by the A10 technology. In terms of increasing our usage of the solution, whenever we deploy new data center locations, we put A10 in right away. We do have some new locations that will be opening up in the next six months, so we will definitely be using more of these systems and protecting more customers. I would rate A10 at eight out of ten. What would take it to a ten is the scalability, the ease of scaling up without replacing a box.
I would rate it a seven out of ten.