Arbor DDoS Reviews

We are using Radware DDoS. We still use Radware DDoS, and I can confirm we work with this one; however, we are not using Arbor DDoS. We especially use Arbor DDoS for protection against DDoS attacks. Unfortunately, during the last three years, we have seen extremely increased DDoS attacks from the Russian side.

It has a really useful customer interface and good support from the company. Inside this product, there are many different configurations for protection, and we have one of the best experiences with it, specifically with the Atlas product. It has a library of different attacks around the world, which is updated in high quality, approximately once a week or once a month.

We have many updates for the library of different attacks, and they have artificial intelligence that automatically learns the process during different attacks.

The advanced threat intelligence feature is helpful as it helps to identify and mitigate threats. One of the advantages we can mention is the threat intelligence feature.

The integrations in Arbor DDoS with different products are good. It is especially easy to integrate with other products, particularly for some monitoring systems or other systems.

Arbor DDoS has some difficult pricing rules. For many different small features, we have to pay additional fees for every small feature.

If we compare it, it is slightly high and not very affordable. If I compare it to automobiles, when you buy Volkswagen and then consider Skoda, for the cheapest way, you would buy Skoda. But if you want similar features to Volkswagen, you have to pay a little bit more than for Volkswagen.

As I mentioned, a good way would be to buy some package of features at small prices. That is one of my recommendations for the company. I would like to see a roadmap for one or two years, and it is tough to predict what will happen in that timeframe without a clearer description.

I have used this product for around 10 years, especially in my existing company, where I have up to five years of experience.

There are no limitations, just licensing restrictions. When you buy additional licenses, you increase the functionality without much hassle. It is very easy to unlock the functionality and start using the new license, usually within a week of payment.

I am not sure that stability is a crucial problem, but sometimes there could be glitches, and I am uncertain whether it is related to Arbor DDoS or the network side, so I cannot confirm if there are issues specifically with Arbor DDoS.

I would rate the technical support from Arbor DDoS an eight out of ten. There is room for improvement; the first line of support could be improved because sometimes we get limited answers from technical documentation, and we are often forwarded to the second line, where the answer is clearer and specific. It would be better if the first line had more updated knowledge.

Positive

We have a lot of experience with different products, but first of all, I suppose it is really one of the best products right now; it is probably Radware.

It is easy to install Arbor DDoS, and it is really easy to update the software for this product as well.

We are just using it in-house as a customer. We currently do not use Akamai, Akamai App, and API Protector, but we are still looking for different ways to improve the possibility of using it in our network. The situation is difficult to explain: we have a special situation in Ukraine where some products are really used free of charge for many government companies, making it difficult to find commercial experience because it is hard when you compare free-of-charge with additional money.

We are using the product on-premises. We have different approaches, and one of the best ways for this type of product, I mean DDoS protection, is a combination where part of the product is on-premise and another part is in the cloud. This combination is one of the best solutions from my point of view. Currently, we focus on our market share and some requirements from within our company, which is currently only on-premise. However, in the future, we might explore a combination of cloud plus on-premise.

Even though there is some room for improvement, I still believe it deserves a maximum rating of 10 out of 10. I am the CTO of this company. It is possible for Arbor DDoS to reach me via email if they have questions or comments regarding my review. We have a direct connection to Arbor DDoS, and it is unnecessary for any specific additional connection.

I have many customers who have published applications, and they are receiving many requests which can be DDoS attacks, so the use case is to stop the DDoS attacks.

The most valuable feature of Arbor DDoS is that it is based in most of the ISPs all over the world, and Egyptian ISPs are one of them. If a customer who is getting internet connectivity from one of the ISPs has an Arbor at the end, it will be integrated with the ISP Arbor. It's some sort of closing all the cycle with Arbor DDoS, from the ISP sides and from your side as a customer.

Traffic analysis with Arbor DDoS is very good; it is brilliant. They act in a different way compared to others, and the vendor support is very good.

The main benefits Arbor DDoS provides to users include stopping DDoS attacks, which is the biggest nightmare for all customers.

The advanced threat intelligence features Arbor DDoS can provide include the categorization of the attacks, which must be enhanced more.

Regarding what Arbor DDoS can do better for DDoS, the categorization should be enhanced more. They also have limited sizes of the boxes. Different sizes are needed because some customers are very small while others are very big, such as ISPs, so this categorization should be available.

I have been working with Arbor DDoS for two years.

From one to ten, I rate the stability for Arbor DDoS as eight. Arbor DDoS is very stable.

The scalability of Arbor DDoS is very good. I have tried it many times with ISPs, and they request expansion monthly. They need to purchase boxes monthly to expand their bandwidths, and these new boxes can be added to the installed base very easily.

For vendor support, I give them nine out of ten.

Positive

The initial setup for Arbor DDoS is very simple and straightforward. Nothing is complex in Arbor DDoS, neither in connectivity nor in positioning, and the installation itself is straightforward. After the internet router, you put your appliance, which is very simple.

The main competitor for Arbor DDoS that I can compare it to is F5. F5 DDoS is very powerful and is direct competition with a direct feature interface similar to Arbor DDoS.

In my opinion, Arbor DDoS and F5 are equal. F5 may have more features and capabilities, but Arbor DDoS is present within more than 60% of the ISPs all over the world, which is a very powerful added value. However, F5 is not as widely present.

Regarding flexibility in deployment options, Arbor DDoS has all flavors depending on the customer. If they have on-premises data centers, they will buy the Arbor DDoS on-premises solutions. If the customer is hosting applications on the cloud, they will buy Arbor DDoS cloud.

The integration capabilities of Arbor DDoS are simple but not complex because Arbor DDoS doesn't need huge or complex integrations. It is very simple and straightforward.

For my customers, I recommend Arbor DDoS. Arbor DDoS and F5 are my preferred vendors in this technology.

I rate Arbor DDoS eight out of ten.

Arbor DDoS provides automated threat intelligence updates through both Radware and NetScout, which have intelligence centers that operate around the clock. They gather information from around the globe, and updates are typically provided daily. We receive daily updates from the intelligence center, which essentially send a list of IP addresses of botnets and known DDoS attackers.

A very useful feature in Arbor DDoS is its ability to send flow spec announcements to routers. For example, if it is clear that a Layer 3 or Layer 4 attack is occurring and the attack pattern is identified through source and destination IP addresses and ports, you can generate flow spec filters. These filters are transferred through BGP to border routers, which automatically build filters, mitigating the attack even at the network's boundary and preventing it from reaching the TMS. This allows the TMS to focus on other tasks. This is a highly effective feature that can mitigate huge volumetric attacks; for example, we experienced a 32-gigabit attack, and all those 32 gigabits were dropped by our border routers, not by Arbor DDoS itself. The flow spec announcement was generated by Arbor DDoS, and as far as I know, the same technology is used by Radware, but it comes under a different feature and a different license. At the time, we were told that flow spec mitigation was an additional very expensive license to purchase from Radware, while Radware included everything in one package.

I do not have a direct response regarding improvements for Arbor DDoS.

Regarding areas for improvement in security, the only thing that comes to mind is that previously Arbor DDoS had many fingerprints available to be used as filters, but for some reason, they have deprecated this feature. We could not find information explaining the reason behind the depreciation of the fingerprints, which were quite useful. It may be worth considering returning some of those fingerprints again.

I have been working with Arbor DDoS for two years.

I am generally satisfied with Arbor DDoS. It operates with a slightly different model compared to Radware. Radware was supposed to be installed in-line, and in that case, the Radware box saw everything that is going toward the client. Arbor DDoS is a statistical machine that stands aside and collects flow from the network. If it sees a violation of normal behavior in terms of packets per second and bytes per second, it generates an alarm, and only then can the traffic be rerouted through the so-called TMS, Threat Mitigation System. From that point, Arbor DDoS starts seeing application attacks because its data sheet states that it defends against Layer 3, Layer 4, and Layer 7 attacks, but only provided the traffic is rerouted to the Threat Mitigation System. Otherwise, Arbor DDoS does not see application attacks because it collects flow, which is a combination of fields none of which pertain to applications, so it only provides Layer 3 and Layer 4 information. This is a disadvantage of Arbor DDoS, as it operates merely as a flow collector, generating alerts only after a violation occurs.

In terms of Arbor DDoS's reporting and analytics, Arbor DDoS is superior to Radware, especially when comparing it to the Radware model which I used previously. I know that Radware now produces a new family of products called Cyber Controller. When I worked with Radware, the management station was AppVision, and it had many bugs, so it was a terrible product for me. However, as far as I know, they have since switched to a new family of products called Cyber Controller, and Arbor DDoS in this sense is much more superior than Radware. The reporting is excellent, and the mitigation process through the web interface allows you to control the system, making this product superior.

From my experience, neither Radware nor Arbor DDoS can achieve 100% mitigation of attacks. They both work with some compromises. It has dramatically improved the situation, but normally during an attack, some services suffer from degradation.

Regarding the traffic scrubbing feature, it does look a scrubbing feature because if the traffic toward the client is rerouted, it can be said that it is rerouted to a scrubbing center. The only difference is the scale. We have our installation in our company, so we have scrubbing centers within our network. There are also bigger scrubbing centers provided by Radware and NetScout, where they can place an on-premise device at the client's side. This on-premise device starts mitigating the attack, and if it becomes overwhelmed, then there is a special synchronization with Arbor DDoS equipment on Arbor DDoS's side, allowing them to take over this mitigation and act as a scrubbing center for that client.

Regarding the metrics that indicate Arbor DDoS's impact on maintaining my network's performance during a DDoS attack, both systems functioned successfully. We experienced attacks when Radware was our primary equipment and also attacks when we were using Arbor DDoS, so it depends on the type of attack, as every attack is different.

When rating my experience with Arbor DDoS from one to ten, both Arbor DDoS and Radware are leaders, and it is hard to find any other product better than these two. Therefore, it is very difficult to rate. Again, neither of these products can achieve 100% mitigation, so I think an eight would be a decent number for both. My overall review rating for Arbor DDoS is eight out of ten.

I worked on Arbor DDoS for over 10 years. I have been working with Arbor DDoS as a customer, and I support my colleagues at the company. BH Telecom, a customer in Bosnia and Herzegovina, has that platform that protects from DDoS attacks. That is the primary role of the Arbor DDoS appliance.

I use Arbor DDoS to protect against DDoS attacks. BH Telecom utilizes it for DDoS attacks. That is the primary role of the Arbor DDoS platform.

Some mitigation helps protect big companies such as Telecom from DDoS attacks. DDoS attacks are very common in telecommunication companies. That is the main reason I use Arbor DDoS and have used it for over 10 years. It is simple but it is the best. It is simple when I explain it all, but that is a significant role for the telecom operator protecting against DDoS attacks because I have witnessed many DDoS attacks, specifically volumetric attacks. That is an attack over 10 gigabit per second, and if an attack enters the telecommunication network, that will be a disaster for their customer, their services, and so on.

Because I am a lead engineer in the company, my advice is for a product that is the best. Because this Arbor DDoS product is the best, I do not need to spend time supporting it. I want the best product to sell to my customers, and I think in that area, Arbor DDoS is the best in the area they operate. My recommendation is similar to how I propose customers buy Cisco, I also propose they buy Arbor DDoS.

Two primary features of Arbor DDoS are black hole and mitigation. Black hole can block some IP addresses that are under attack or mitigate some host addresses that are under attack. That is the main role that we use for Arbor DDoS.

Traffic analysis in Arbor DDoS uses the NetFlow protocol to collect information for the devices, and that provides statistics about the protocol, what is used of the link throughput, capacity, and so on. That is just for monitoring and the feature that we use, mitigation or black hole.

They protect big companies such as Telecom from DDoS attacks. DDoS attacks are very common in telecommunications companies. That is the main reason I use Arbor DDoS and have used it for over 10 years. It is simple but it is the best. It is simple when I explain it all, but that is a significant role for the telecom operator protecting against DDoS attacks because I have witnessed many DDoS attacks, specifically volumetric attacks. That is an attack over 10 gigabit per second, and if an attack enters the telecommunication network, that will be a disaster for their customer, their services, and so on.

I am not sure if we plan to use additional features because we have many vendors and platforms that we support. We use the main function and that is it.

The prices for Arbor DDoS are expensive. The licensing is subscription-based. From our sales department, they discuss that prices are very high. A potential improvement could be establishing a contract with Cisco to sell via their channel. This could be beneficial because we work extensively with Cisco. If you are a Cisco partner, you can sell Arbor DDoS. That would be good for customers that are Cisco-based because many customers in Bosnia are Cisco-based customers.

BH Telecom, our main customer, sells Arbor DDoS to other customers for protection. They buy Arbor and sell the product services to others via Internet links. They sell add-on DDoS protection via Arbor DDoS.

In Bosnia and Herzegovina, Arbor DDoS is not present in many customers. Some customers try to sell it, but they sell other vendors such as F5. Arbor DDoS is mainly seen in telecom operators but not much in other customers.

I have worked with Arbor DDoS for over 10 years.

I have not faced any problems with Arbor DDoS during this time. Arbor DDoS is the best from my point of view.

It is very stable from what I have observed. In the past 10 years, there have been only two or three software upgrades. There have not been many tickets opened. It is a very stable product.

For stability, I would rate it a 10.

I am not sure how many customers in the company are using Arbor DDoS, but all infrastructure in the Telecom operator is protected via Arbor DDoS. There are three or four boxes installed at locations where Cisco Internet gateway is implemented. At all locations where there is an Internet gateway, there is Arbor TMS that needs to perform that protection role from DDoS attacks.

Support for Arbor DDoS deserves a rating of 10 because when there is a problem with implementation, the people I work with are the best. You get the first line of engineers that help you. You do not need to explain the main reason to other engineers.

I have only used Arbor DDoS as a tool.

It is easy to set up Arbor DDoS if you know what you are doing. If you have experience in that field, it is easy, but you need to know what you do and what you expect from the product. Some knowledge is required.

Arbor DDoS is easy to integrate, but we do not use that feature. We only use mitigation or black hole, using some virtual machine sensors and TMS is used for the mitigation platform. It is a physical device, not virtual.

The prices for Arbor DDoS are expensive. The licensing is subscription-based. From our sales department, they discuss that prices are very high.

The total rating for Arbor DDoS is 9.5 out of 10.

My main use case for Arbor DDoS is DDoS protection, focusing on countermeasures for different attacks.

We are using SightLine, which is a very good feature, and there are TMS, TRA, and AED. We are using different things, but the best one is their brain, SightLine, which we are using.

The analytics part of Arbor DDoS is great. We are satisfied with the reporting and analytics part, especially the new version.

Based on my experience and feedback from colleagues, Arbor can make better use of the product because you have to spend a lot of time finding information in a huge number of papers.

If we are talking about functionality, I am totally satisfied, but I would like to see something new in the product.

I would rate pricing for the product as having a gap for improvement.

I have been working with Arbor DDoS for four years.

I would rate the stability of the product as brilliant.

Regarding scalability, I find it acceptable, knowing its ability to scale and expand.

For technical support, I would give it a brilliant mark.

Positive

We are using different vendors: Cisco, Citrix, and Arbor for my personal use case.

I am using Citrix for Endpoint Management, but I am not handling those as I am in the data center.

I am using Arbor DDoS.

The initial setup process for the product is acceptable. I find it manageable.

There are other solutions that can be considered, but in my opinion, none of them compare to Arbor DDoS as a main competitor.

We are still working with Fortinet right now for our different products.

We are using FortiSOAR but this is a separate department, and I am not handling that one.

We are working with FortiGate, different hardware, FortiAnalyzer, FortiWeb, and FortiEMS.

We are not currently working with FortiSOAR.

Traffic scrubbing works on a backend.

The main benefits Arbor DDoS provides for me are definitely a good point. I give this review a rating of 10.

In my role as a partner of Arbor, I support customers and assist with using Arbor DDoS. I've been involved with it for approximately two years. The primary use cases we encounter include addressing issues related to cloud signaling not connecting and dealing with IP alerts that may indicate malicious activity or false positives.

The feature I find most valuable is the packet capture, which beautifully shows the communication between the client and the server, identifying potential malicious activity. The cloud signaling adjustment is also very valuable as it enables global scrubbing of your links during an attack. Additionally, Arbor DDoS helps scrutinize and filter traffic, improving security measures.

I have observed that the SNMP traps aspect that sends information to third-party solutions needs improvement. Enhancing the handshakes between Arbor DDoS and third-party solutions is essential for obtaining better and real-time data that supports any organization’s support team effectively.

I have used the solution for about two years.

I would rate the scalability of Arbor DDoS a six out of ten. More training for customers and partners through webinars could improve scalability. This would enhance the knowledge about scalability options available for Arbor DDoS, making it more accessible and useful for users.

The technical support for Arbor DDoS is great, though sometimes it can be stalling. I would rate it an eight out of ten.

Positive

Setting up Arbor DDoS is user-friendly, especially when using a guide. Without a guide, it could be difficult to set up. I would rate the ease of setup as a seven out of ten.

Overall, I would rate Arbor DDoS an eight out of ten. Even though there are areas for improvement, it provides significant support in ensuring traffic legitimacy and mitigating attacks.

We are using Arbor DDoS for our DDoS platform at A1 Bulgaria. We provide customers with this service.

The platform offers quick mitigation of attacks because Arbor DDoS uses BGP Flowspec, enabling very quick mitigation. The time between detecting an attack and beginning to mitigate it is very short. Additionally, the ATLAS intelligence feeds provide a reputation for IP addresses participating in botnets, which is a significant feature. We can also conduct in-line mitigation and capture traffic in near-real-time, even when there's no alert for slow-rate attacks. If there is an attack, we can mitigate right away for the customer.

I would like to see an option to decrypt the traffic with Arbor DDoS, as some clients are interested in this, particularly for application layer attacks on port 443. Currently, there is no option to decrypt traffic with Arbor DDoS TMS, although there is an option with Arbor Edge Defense.

We have been working with Arbor DDoS for about two years.

There are no major stability issues. While we have some trouble tickets, the customer service support acts very well.

I find Arbor DDoS to be very scalable.

The technical support team is very effective in resolving issues. I rate the support at ten out of ten.

Positive

Setting up Arbor DDoS is easy. I would rate it ten out of ten for ease of setup.

For some customers, the cost is expensive, but for enterprises looking to protect their services, it is affordable.

I recommend using Arbor DDoS for those wanting to keep their services online. The biggest advantage is the fast mitigation of DDoS attacks. I rate the overall solution a ten out of ten.

Our customers usually come from the financial sector, manufacturing, and energy sectors, such as gasoline companies and solar energy firms. We also work with e-commerce platforms and companies that publish web services. These clients need high availability for their services, so we provide them with the best protection through Arbor DDoS.

We use almost all the features of Arbor DDoS, but it really depends on the customer’s requirements, so I can’t specify exactly which features we use. However, many customers appreciate the basic DDoS protection, especially those without specific protection needs. For example, financial companies benefit from the cloud DDoS protection. It’s a straightforward solution that effectively meets their needs.

I think Arbor DDoS needs improvement in areas where competitors like S5, Redver, or NETSCOUT offer web application firewall functionality or dedicated web application firewall devices. Arbor lacks these features, which is a significant disadvantage. I would like to see these features introduced in Arbor as well.

Regarding real-time detection capabilities, Arbor DDoS works very well. Our customers are very satisfied with its performance. However, it would benefit from adding Web Application Firewall (WAF) capabilities to reach a larger customer base.

I work with NVIDIA ICT Services, LTD, where we provide DDoS protection based on our Internet lines. We’ve been working with hardware technology for about six years, and we also offer cloud technology, including HDFS hardware. Additionally, we provide third-party Internet server provider services.

For stability, I would rate Arbor DDoS as a 9 out of 10. It’s almost perfect, and our customers generally feel the same way. However, it does depend on individual customer requirements and their specific architectures.

For scalability, I think Arbor DDoS is very scalable. It handles both cloud and hardware-based mitigation well. During a recent DDoS attack of about 140 gigabits per second, Arbor DDoS managed it effectively. For lower-end protection, it can handle symmetrical 100 megabits per second.

Our company doesn’t often use Arbor DDoS technical support because we have several Arbor architects with deep knowledge of the vendor. We only reach out to Arbor DDoS for major international tenders.

Regarding pricing, I would rate it as average. Arbor DDoS offers good value for money with our DDoS filter device. For higher protection needs, Arbor’s CloudMeter’s DDoS mitigation or hardware devices might be more expensive, but customers who need them are usually prepared for the cost and the additional resources required.

I don’t have information about whether Arbor DDoS impacts response time to security incidents. However, I know Arbor DDoS uses artificial intelligence to enhance security measures. While I don’t manage this device personally, customer feedback suggests that it works well in filtering harmful and attacking traffic.

Overall, I would rate Arbor DDoS as a nine out of ten. For new users, I would recommend being aware that Arbor DDoS does not include a web application firewall device, which might be required for specific tenders.

The solution was intended for the big clients of Telefonica to clean their internet pipe. We deployed the service to clean the pipe. In some clients' data centers, we implemented a solution that detects and mitigates attacks using Arbor DDoS, our data center solution.

For me, the most valuable feature was the ability to detect attacks within two seconds and gain visibility of all the traffic. Additionally, Arbor DDoS helps with managing the attackers in this area to avoid volumetric attacks, especially when attackers attempt to shut down some clients' sites.

I am not sure how Arbor DDoS can prevent different attack vectors given the dynamic nature of attacks. I am considering this issue, but I do not have a clear answer as every attack is unique.

I have used the solution for several years at Telefonica de Argentina.

Support in Argentina is not so good. Although the team is good, they are not fast, and they lack the skills to manage dynamic attackers. When attack vectors change, the Latin team is not quick to resolve all the attacks.

Neutral

I only used Arbor DDoS and have not seen another product that can do DDoS prevention like Arbor DDoS does.

The initial setup was easy.

Last year in Argentina, the smallest ISP was attacked, and they are searching for a solution. I highly recommend Arbor DDoS to others. On a scale of 1 to 10, I would rate the overall solution a 10.

Arbor DDoS is designed for enterprises and is not suitable for small businesses that have only one to ten public IP addresses. Some next-generation firewalls already include this protection.

It has been cost-effective for operation times. Our telecom and ISP customers were spending a lot of time on investigation and root cause analysis of service disruptions. Arbor helps mitigate and protect their networks from the latest protection perspectives.

The AI capabilities and anomaly detection using machine learning modules like isolation forests and auto-encoders are the most effective in mitigating DDoS attacks.

It could include a lot of enhancements related to AI and automation, even though it is already amazing for me.

We have been dealing with Arbor for approximately three years.

It depends on the size of the environment. If it's a small environment, we are enabling the DDoS protection by next-generation firewalls. However, if it's a big environment like telecom, oil and gas sectors, and banking, we have a pure DDoS provider.

I would give technical support a nine out of ten. It is better for this solution.

Positive

We also deal with other DDoS tools like F5, Fortinet, and Palo Alto, though they are not purely DDoS protection but part of a platform.

It is easy for experienced people, yet might be complex for newcomers.

Arbor helps enterprises do cost-effective operations, especially saving time for telecoms and ISPs in investigation and root cause analysis of service disruptions.

Arbor DDoS isn't suitable for small businesses, partly due to pricing. Some next-generation firewalls already include this protection.

We do deal with other solutions like F5, Fortinet, and Palo Alto, which are not purely DDoS protection but part of a platform.

Generally, I would recommend ArborDDoS to others. Any solution in cybersecurity needs experienced people. It would be a good fit also for non-senior engineers, but not for fresh ones.

I'd rate the solution ten out of ten.