We just raised a $30M Series A: Read our story
2018-06-14T07:58:00Z

What needs improvement with Arbor DDoS?

4

Please share with the community what you think needs improvement with Arbor DDoS.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
2323 Answers

author avatar
Top 5LeaderboardReseller

They should improve the reporting section and make it a little bit more detailed. I would like to have much better and more detailed reports.

2021-05-14T21:31:28Z
author avatar
Top 20Real User

On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved. In today's era, attackers are also developing their skills. Daily, new threats are coming into the environment.

2021-02-10T21:19:00Z
author avatar
Top 5LeaderboardReal User

There is always room for improvement for any product or service. If we can bring in more agility when deploying services, that is definitely a scope which we can work towards. Nowadays, everything is being offered as a service model. It is not that we have to deploy the physical hardware, many things move up to the cloud, or even can be delivered as a VNF in the customer's environment as well. So, in that space, if we can add more features to make it more seamless for customers to use and make it available through some marketplace, not only at the hyperscalers, but also for any on-prem deployment, that definitely would be a big plus. If we could decouple the hardware and software, making it more easily available for the customers with the exact robustness of the functionality, then that would be beneficial. At the same time, it would bring in cost efficiencies, which eventually is the end goal of most CXOs within an organization.

2021-01-27T21:55:00Z
author avatar
Top 5LeaderboardReal User

When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives.

2021-01-27T12:36:00Z
author avatar
Top 20Real User

I think Arbor DDoS should be more open to other systems, in the sense of coordination between mitigation centers, like for example the capacity to ask the upstream transit provider for mitigation. Netscout's Arbor allows it, but between Arbor systems only. It should be more open to Third party systems, that's what I mean by "openness" : evolution from Netscout signaling protocol to standardized DOTS protocol (DDOS Open Threat Signaling) Implementation could also be improved regarding distribution of mitigation directly on network elements.

2021-01-19T03:11:00Z
author avatar
Top 20Real User

We would like the ability to decrypt APS traffic. We need a SaaS model for the solution. I opened a ticket with Arbor for the ability to localize numbers of our customers in BGP sessions. This has not been resolved.

2021-01-17T15:30:00Z
author avatar
Top 20Real User

I haven't found anything to complain about or anything that they need to improve on.

2020-12-22T11:30:00Z
author avatar
Top 20Real User

Their RESTful API is still a work-in-progress. They're pushing out different versions of the API with each code upgrade. I would also like more visibility into their bad actor feeds, their fingerprint feeds. We try to be good stewards of the internet, so if there are attacks, or bad actors within our networks, if there were an easier way for us to find them, we could stop them from doing their malicious activity, and at the same time save money.

2020-08-10T07:32:00Z
author avatar
Top 20Real User

The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed. Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process. If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.

2020-08-02T21:08:00Z
author avatar
Top 20MSP

I struggle with where the product could improve because it's pretty great the way it is. I would just say more granular reporting, down to our customer level, would be helpful. If we could somehow import customer information in their networks, it would be able to generate reports. It might actually be able to do that right now, and we have just never used it. I've dealt with other solutions where I said, "I wish it did this," but it didn't. We have tried some other solutions that do what Arbor does and I would often go back to them and say, "Well, I want it to do this," because we already have that now with the Arbor solution. I've dealt with other vendors and I don't see things that they're doing that Arbor doesn't do.

2020-03-15T08:08:00Z
author avatar
Real User

There is definitely room for improvement in third-party intelligence and integrations. I would like to see more threat intelligence and internal traffic monitoring for C & C communications.

2019-04-18T09:59:00Z
author avatar
Real User

On the main page there are alerts that we are unable to clear, even though the issue has been resolved.

2018-12-30T11:29:00Z
author avatar
Real User

Cloud signaling integration with third-party DDoS solution provider. Currently, it supports only its DDoS APS box.

2018-12-24T07:43:00Z
author avatar
Real User

Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful.

2018-12-19T10:49:00Z
author avatar
Consultant

Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning. Self-learning would be an improvement.

2018-12-19T09:19:00Z
author avatar
Real User

The following areas need improvement: * Opening and tracking support tickets * Online support resources * Software upgrades/updates and replacement media * Event management guidelines.

2018-12-19T09:00:00Z
author avatar
Consultant

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control. But otherwise, from a user perspective, it's pretty straightforward.

2018-12-10T08:29:00Z
author avatar
Reseller

Sometimes the PPM module gives you an error. They improved it, they deployed a patch, and fixed it. Generally, if it gives you an error, you need to power it off and back on again.

2018-12-10T08:29:00Z
author avatar
Real User

If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there. It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see.

2018-12-02T07:45:00Z
author avatar
Real User

I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions. Plus, hardware stability is a big issue with Arbor. We have frequent outages with the hardware.

2018-12-02T07:45:00Z
author avatar
Real User

Learning period for managed objects are too short; better to have auto-profiling based on learning.

2018-12-02T07:45:00Z
author avatar
Real User

The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not. The first impression needs to be more mature. It needs to be something that you would be proud to show someone. If you have a visitor to your SOC and you show him your installation, you need something more impressive. The look and feel of other brands is really nice, while Arbor is really simple. It's a good solution but not as spectacular as others. It's a matter of marketing, not performance.

2018-10-29T15:46:00Z
author avatar
Consultant

There is some room for AI to take place.

2018-06-14T07:58:00Z
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,721 professionals have used our research since 2012.