Arbor DDoS OverviewUNIXBusinessApplication

Arbor DDoS is the #2 ranked solution in top Distributed Denial of Service (DDOS) Protection tools. PeerSpot users give Arbor DDoS an average rating of 8.6 out of 10. Arbor DDoS is most commonly compared to Cloudflare: Arbor DDoS vs Cloudflare. Arbor DDoS is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Arbor DDoS Buyer's Guide

Download the Arbor DDoS Buyer's Guide including reviews and more. Updated: January 2023

What is Arbor DDoS?

Arbor Networks, the security division of NETSCOUT, is driven to protect the infrastructure and ecosystem of the internet. It is the principle upon which we were founded in 2000; and remains the common thread that runs through all that we do today. Arbor’s approach is rooted in the study of network traffic. Arbor’s suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through our ATLAS infrastructure. Sourced from more than 300 service provider customers, ATLAS delivers intelligence based on insight into approximately 1/3 of global internet traffic. Supported by Arbor’s Security Engineering & Response Team (ASERT), smart workflows and rich user context, Arbor’s network insights help customers see, understand, and solve the most complex and consequential security challenges facing their organizations.

With Arbor DDoS you can automatically identify and stop all types of DDoS attacks and other cyber threats before they impact the availability of business-critical services.


Arbor DDoS is an intelligently automated combination of in-cloud and on-premises DDoS attack protection that is continuously backed by global threat intelligence and expertise.

Arbor DDoS Features and Benefits:

  • Global DDoS Protection: Arbor DDoS is an all-in-one solution offering carrier-agnostic, global DDoS protection that is backed by world-class security intelligence as well as industry leading DDoS protection products.
  • Worldwide scrubbing centers: Arbor DDoS offers comprehensive protection from the largest DDoS attacks.
  • Cloud Only and/or Hybrid Protection: The solution provides the flexibility to design comprehensive DDoS protection that fits your specific environment. It can be deployed as a cloud-only and/or an intelligent combination of in-cloud and on-premise DDoS protection.
  • Global Threat Intelligence: Arbor DDoS protection is continuously armed with the latest global threat intelligence from Netscout’s response team.
  • Automated DDoS Attack Detection and Mitigation: DDoS attacks can be automatically detected and routed to Arbor Cloud global scrubbing centers for mitigation.
  • Managed Services: To manage and optimize your on-premise DDoS protection, you can rely upon the industry-leading expertise of Arbor Networks.
  • Multi-layered Approach: As part of a layered approach to DDoS protection, Arbor Cloud provides in-cloud protection from advanced and high-volume DDoS attacks, all without interrupting access to your applications or services. Arbor Cloud’s automated or on-demand traffic scrubbing service defends against volumetric DDoS attacks that are too large to be mitigated on premises.

Reviews from Real Users:

Below are some of the many reasons why PeerSpot users are giving Arbor DDoS an 8 out of 10 rating:

"We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs.” - Roman L, Sr. Security Engineer at Rackspace

"We have taken on the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available.” - Assistant General Manager at a comms service provider

“It is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler." - Erik N., Product Manager, MSx Security Services at TPx Communications

Arbor DDoS was previously known as Arbor Networks SP, Arbor Networks TMS, Arbor Cloud for ENT.

Arbor DDoS Customers

Xtel Communications

Arbor DDoS Video

Arbor DDoS Pricing Advice

What users are saying about Arbor DDoS pricing:
  • "There is room for improvement with the pricing. It is an expensive solution. The issue with the pricing is more the way it is built. Right now we're paying per router, and there's a limitation there. I would like to see bundle-pricing where there is an overall solution cost."
  • "We do not use the Arbor Cloud DDoS solution because it is too costly."
  • "You need to find a way to get a good offering from Arbor by negotiating a price. That is the challenge."
  • "The solution's pricing is based on a licensing model that is expensive when compared to other tools."
  • Arbor DDoS Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Assistant General Manager at a comms service provider with 1,001-5,000 employees
    Real User
    Top 5
    The Cloud subscription makes the scalability limitless and you secure yourself for anything beyond your current mitigation capacity
    Pros and Cons
    • "We have taken on the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available."
    • "There is always room for improvement for any product or service. If we can bring in more agility when deploying services, that is definitely a scope which we can work towards. Nowadays, everything is being offered as a service model. It is not that we have to deploy the physical hardware, many things move up to the cloud, or even can be delivered in the VNS form in the customer's environment as well. So, in that space, if we can add more features to make it more seamless for customers to use and make it available through some marketplace, not only at the hyperscalers, but also for any on-prem deployment, that definitely would be a big plus."

    What is our primary use case?

    We are a telecom service provider. We provide services to our enterprise customers in India and compliment these services with security layer as a part of our security services.

    Being a part of the solution design team, I have been interacting with customers and creating solutions for them to fulfill their requirements. One of the products that we have in our offerings portfolio is around security, which is complimenting our connectivity portfolio. We provide this from Arbor platform, which we have deployed in our network. We have taken the hybrid model from Arbor, and there was a physical installation done in two of the gateways of the country. If the mitigation capacity goes beyond the subscribed boxes, then the Arbor Cloud subscription usage hits and mitigation would be done accordingly.

    We have deployed Arbor platform and for our customers, we offer it as a managed service from our network. There are also customers looking for on-premise deployment. 

    We are using Arbor's hybrid approach for our overall product build. We have on-premise deployment, however, beyond that we have taken the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available.

    How has it helped my organization?

    We use Arbor platform to provide DDoS services for our customers. We provide a clean pipeline solution to our customers. We have seen a tremendous response from many customer segments, particularly during the certain period, which is the time period when our customers expect a lot of traffic volumes coming through to their servers. This is where these DDoS services are being requested by the customer. Predominantly, it is DDoS that we offer to our customers, and mostly customers also want protection from the volumetric attacks, but there are certainly cases where application layer attacks are also looked at being mitigated by customers. In more than 75 percent of the cases, it is a volumetric attack protection that customers are looking for.

    We have a vast connectivity portfolio and the Arbor solution complements that. In addition to that, it is also helping us to understand where challenges are coming from, so we can do the mitigation in our own network. We can plan our investments accordingly and help to make the network more secure and robust for ourselves as well as our customers.

    Recently we have faced unprecedented times when people overnight started to operate from their homes. At that time, many applications for most enterprise customers were exposed to the open Internet by allowing remote working, from homes or anywhere, and the users were given access to the applications over the open Internet. That posed a serious threat to attacks. At the same time, that provided a lot of opportunities for security companies. When we look at the way in which applications are being consumed by end users, security becomes very paramount, because it's not only making the application available to end users, but it is also making it available in a more secure manner.

    The moment that we open up these applications to open Internet, we increase the attack surface for the infrastructure/application, and that is where security becomes very critical. We have seen high adoption of security as a service for our customers, because no one wants to invest on day one in the security infrastructure equipment. This is for obvious reasons: 

    1. No budgets being accounted for this
    2. Even if budgets are accounted, it becomes practically impossible to deploy such solutions in such short time frame 

    What we have seen is there has been a huge demand from our customers in providing these security services as managed services where the service can be enabled within a short time span. Going forward, I will still see these demands from the market, from across all customers be it large or small, and we plan to provide these services as a managed service on pay-as-you-go model.

    What is most valuable?

    We are living in a world that is changing at a very fast pace. We have to match the pace of  the world, not only from network security per se, but also from the point of view of the security at a larger level. We are not just protecting the safety of the customer, but protecting the application as such. That is where the real threat comes from, and the challenge is being thrown to all the providers and OEMs to keep our feature set updated and adding to features for minimal costs.

    What needs improvement?

    There is always room for improvement for any product or service. If we can bring in more agility when deploying services, that is definitely a scope which we can work towards. Nowadays, everything is being offered as a service model. It is not that we have to deploy the physical hardware, many things move up to the cloud, or even can be delivered as a VNF in the customer's environment as well. So, in that space, if we can add more features to make it more seamless for customers to use and make it available through some marketplace, not only at the hyperscalers, but also for any on-prem deployment, that definitely would be a big plus. 

    If we could decouple the hardware and software, making it more easily available for the customers with the exact robustness of the functionality, then that would be beneficial. At the same time, it would bring in cost efficiencies, which eventually is the end goal of most CXOs within an organization.

    Buyer's Guide
    Arbor DDoS
    January 2023
    Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
    670,523 professionals have used our research since 2012.

    For how long have I used the solution?

    The relationship with Arbor is quite old, however, from current organization per se it is around 5 years.

    What do I think about the stability of the solution?

    The entire deployment of the hardware that we have done so far is quite stable and robust. As of now, the dependency is more on the hardware itself, which comes along with the Arbor solution. 

    What do I think about the scalability of the solution?

    I am convinced with the kind of scalability Arbor brings in. The Cloud subscription, which is available as one of its features, makes the scalability limitless. This is something which makes Arbor stand out from the others, not only from the perspective of scalability, but also from the overall user experience perspective as well. It is critical to still manage within the limits of the customer and do all the mitigation that is required for them.

    What was our ROI?

    In the world that we are living, there are challenges everywhere at every step. We are able to run our businesses without a glitch and offer DDOS services to our customer within the SLA

    Which other solutions did I evaluate?

    We have evaluated Arbor against other OEMs. It is not only about the feature comparison, it is also based on what kind of skill sets are available in any enterprise and what are they more comfortable with. We are living in a world that is very heterogeneous, and we like to keep it heterogeneous in order to maintain some level of redundancy of the OEM level. This is where from a security perspective Arbor DDoS has the advantage. Customers tend to pick vendors who have a multi-level approach that can protect them from any potential attacks.

    As a product/platform, Arbor is quite focused and offers quite smooth features vis-à-vis its competition. The acceptance that we see for Arbor, from the customer's perspective, is very high. Many customers prefer to go with Arbor solutions rather than any other solution when it comes to DDoS. Abor solution offers service feature, reliability, and a brand that can be trusted. From our perspective, we value it quite highly as far as its standards of security when providing DDoS services.

    What other advice do I have?

    It is not just about the features alone, it is about how smoothly you will be able to deploy the solution, e.g., the availability of the product and how the OEM is maintaining the relationship with its customer. There are multiple factors that need to be considered. "This is not just a one-time sale. It's about how easily the systems are available, and how well your partner is able to support you and provide lifecycle management."

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Product Manager, MSx Security Services at TPx Communications
    MSP
    Forensics enable us to look at logs, to see anomalies, and they give us information we might not have about customers
    Pros and Cons
    • "It is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler."

      What is our primary use case?

      We're a managed service provider as well as an internet service provider. We use it to protect our core network from DDoS attacks, and by protecting our core network we can also protect our end customers.

      We're in the process of migrating to the newest version, currently. We use the solution in our physical environment, but we also take advantage of their cloud offering.

      How has it helped my organization?

      Previously, we were vulnerable to DDoS attacks, and large-scale attacks could potentially take down parts of our network segments. With the Arbor product, that doesn't happen anymore.

      What is most valuable?

      I love the forensics. The forensics give us the ability to look at logs and to look for anomalies and give us traffic information about customers that we might not normally have. We can also use that to assist customers in troubleshooting issues that they might be having. The forensics is what I loved the most.

      What needs improvement?

      I struggle with where the product could improve because it's pretty great the way it is.

      I would just say more granular reporting, down to our customer level, would be helpful. If we could somehow import customer information in their networks, it would be able to generate reports. It might actually be able to do that right now, and we have just never used it.

      I've dealt with other solutions where I said, "I wish it did this," but it didn't. We have tried some other solutions that do what Arbor does and I would often go back to them and say, "Well, I want it to do this," because we already have that now with the Arbor solution. I've dealt with other vendors and I don't see things that they're doing that Arbor doesn't do.

      For how long have I used the solution?

      I've been using Arbor DDoS for eight years.

      What do I think about the stability of the solution?

      It's very stable. Things do happen and we have had to open support tickets, but that touchpoint with Arbor is very low. There is not a lot of trouble that comes up with it. 

      We don't necessarily need to update the firmware versions all the time, although they are available. Sometimes we have stayed with a  version that we were on because it was stable and it was secure. I've dealt with other vendors before where there are constant problems and their solution is, "Well, there's a new firmware version. Upgrade." We don't have those kinds of problems with Arbor.

      What do I think about the scalability of the solution?

      It's easily scalable. We could add on routers if we wanted to; we could add on more devices to handle more mitigations, or go to the cloud if necessary. If there was a large scale attack, we'd just use their scrubbing centers versus ours. It's very scalable.

      It touches a relatively small part of our overall network: It touches our drain points to the internet. But it affects the entire network, which is quite complex. It's protecting our entire network. As our network expands, it can expand with us.

      How are customer service and technical support?

      The technical support is very good. We usually get answers right away. We can submit a ticket online or just give them a call and get a quick response.

      Which solution did I use previously and why did I switch?

      We didn't have a solution before Arbor, but there was a period of time where we tried another solution. We did not find that solution to be adequate.

      With Arbor, when we see DDoS attacks, it is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler.

      How was the initial setup?

      I wasn't involved in the initial setup, but I was involved, mid-stream, when we brought in the mitigation side. We are currently replacing our aged infrastructure of Arbor products with a newer version. I'm tangentially involved with that.

      The updating process is straightforward. They've done a good job of that. And the fact that we've already deployed it before means we can use the template of the previous deployment to set up the new deployment. So it is easy.

      Our implementation strategy is the same, whether for the initial setup or for the updates. We're finding where the drains are on our network and set up the monitoring for those points. Then we create the mitigation side at specific data centers so we can route traffic to those devices and mitigate the traffic.

      What was our ROI?

      We have seen ROI for sure because uptime, as a service provider, is critical and the solution helps us maintain 100 percent uptime.

      What's my experience with pricing, setup cost, and licensing?

      There is room for improvement with the pricing. It is an expensive solution. The issue with the pricing is more the way it is built. Right now we're paying per router, and there's a limitation there. I would like to see bundle-pricing where there is an overall solution cost.

      Which other solutions did I evaluate?

      I will periodically talk with other vendors, just to make sure Arbor is really the best solution for us.

      What other advice do I have?

      Work with Arbor. They have great people to help you make sure it's implemented correctly. And they also have a great training team to help you understand the solution and use it to its fullest advantages.

      The biggest thing I have learned from using the solution is seeing all the different types of denial of service attacks that are out there. I have come to understand that they will come in waves and that certain types of customers are more prone to attack than others.

      It also lets us understand traffic flows on our network, as far as the usual traffic goes. We can understand what our network looks like. What it looks like at 1:00 pm is very different then what it looks like at 3:00 am. The solution helps us understand that.

      The users of Arbor DDoS in our company are only a handful of technicians. Our NOC and some of our security people, engineers, are in there, but it protects tens of thousands of customers for us. For deployment and maintenance of this solution we require two security engineers. They maintain the system and make any configuration changes, if necessary. They handle regular maintenance, if necessary, although it's pretty minimal.

      I would rate this product as an eleven out of 10.

      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      PeerSpot user
      Buyer's Guide
      Arbor DDoS
      January 2023
      Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
      670,523 professionals have used our research since 2012.
      Sr. Manager at a energy/utilities company with 10,001+ employees
      Real User
      Top 20
      Traffic filtering is very precise: When you want to stop some traffic, you precisely stop that traffic
      Pros and Cons
      • "The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic."
      • "On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved."

      What is our primary use case?

      It is our ISP, from where we get our internet traffic. We just send it to them and if anything is suspicious or there is some malicious traffic, we talk to them about what kind of traffic it is. If some machine or some router is being attacked by a malicious user, we try to find out the source IP and why this traffic is coming to us. The Arbor solution is deployed on their premises. We just ask them to control or just stop that traffic. They do the filtration. They provide us all the required details to mitigate an attack on any particular machine.

      How has it helped my organization?

      Arbor DDoS is a quick solution when you have identified some of the originating suspicious IPs from which you are getting traffic in your network. If you have identified that some of the email gateways, or any of your web applications, or any of your routers are being attacked, it is effective. You can ask your ISP to block such queries. If the originating IPs are dynamic, it is a little bit difficult for them to identify and block the traffic, but to a certain extent you can minimize the DDoS attack impact with this solution.

      In application layer DDoS attacks, it suggests the actions that should be taken. But at the network layer, you can simply block the originating traffic IP and block the port instantly. It depends on how proactive you are and how effective your incident response team is. Once traffic has started on any of your machines, it can be very difficult to manage it, but you can minimize the impact of malicious traffic with the Arbor tool.

      What is most valuable?

      The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.

      What needs improvement?

      On the application layer, they could have a better distributed traffic flow. They could improve that a bit. For network data it is very effective, but the application layer can be improved. In today's era, attackers are also developing their skills. Daily, new threats are coming into the environment.

      For how long have I used the solution?

      I've been using Arbor DDoS for almost seven years. I am the cyber security architect in our company and we have a SOC manager. We work together as a team and we are the only two people who use it. 

      We do have a team and they instantly contact the ISP if any malicious source IP has been detected. It has been about six months since we have faced an incident in which we had to reach out to our ISP to block some traffic. We then isolated that machine later on. We instantly blocked that port and signature file. Our SOC team works on the operations part.

      What do I think about the stability of the solution?

      The stability of Arbor DDoS is excellent, whether it is hardware or software stability. Whatever rules are set up inside, it's excellently developed and it excellently manages your good and malicious traffic.

      What do I think about the scalability of the solution?

      In terms of scalability, it's also excellent. DDoS attacks are not very scalable, but compared with other tools, in terms of mitigating those non-scalable DDoS attacks, it is better. In that way, Arbor is scalable. It is very effective when it comes to mitigating or dealing with DDoS attacks.

      We have four SOCs deployed here, and my SOC has one lakh EPS (event per second) capability. It is a big network and we use the biggest telecom operator in India. We just deal enterprise and telecom traffic.

      How are customer service and technical support?

      The support is fine. The ISP team works directly with the Arbor team, so they would have a better idea about that part, but from what I know the support is excellent.

      How was the initial setup?

      We don't have the Arbor solution deployed on-premises. It's with the ISP, so I wasn't involved in the setup or the implementation.

      Which other solutions did I evaluate?

      Arbor is the most effective solution, when compared with other tools. Although I only have experience with Arbor, I have read a lot about other tools. Today, attackers are developing their skills like anything. When some of your workstation IPs are hacked, or some of your application vulnerabilities are exposed, Arbor solutions are very much effective. Although you may have very limited competency or tools to deal with today's DDoS attacks, Arbor is effective.

      Arbor is very precise as far as network layer traffic monitoring and control are concerned, but in my opinion EDR is a better solution when it comes to the application layer and DDoS. Arbor has its modules but EDR is a better solution to mitigate the application layer DDoS attack.

      What other advice do I have?

      Arbor's hybrid approach to DDoS protection is both an advantage and a disadvantage. Sometimes it is not able to filter traffic adequately because of the hybrid approach. It only takes action after a bit of time. It starts acting on malicious traffic a little bit late because of the hybrid approach. On the other hand, after seeing all the aspects, the analysis is sensible and perfect. So it depends on from which side we look at this feature.

      Network layer DDoS attacks are absolutely big. DDoS attacks cannot be mitigated instantly, it takes time. You have to be very aware of your network and about which machine an attack has reached, and what the network architecture is. All those aspects are responsible for the impact of DDoS attacks. Arbor is not absolute but, comparatively, I find it to be an effective solution.

      Overall, it's a great product. It is a very effective product in terms of dealing with DDoS attacks, whether it is network layer attacks or application layer attacks. But it is better in network layer DDoS attacks. It is among the best.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Engineer at a comms service provider with 10,001+ employees
      Real User
      Performs great at protecting our customers against attacks
      Pros and Cons
      • "There were huge attacks in October, around 62 attacks at 30 gigabits per second, at one of our banks. We used Arbor DDoS to mitigate these attacks, and it performed great."
      • "We need a SaaS model for the solution."

      What is our primary use case?

      Our business is to provide a DDoS protection solution for our customers. Our customers are banks, financial groups, etc.

      We might develop some DDoS protection services for our customers under our Internet umbrella. We detect and filter traffic using Arbor DDoS in our network. 

      We use it as a BGP or prompt, as a telecom service provider. We have SP and TMS, and that is all our architecture.

      We resell on-premise the Arbor edition and install at our customers' site, specifically the Availability Protection System (APS) system.

      How has it helped my organization?

      It protects huge attacks on our Internet system over our network. 

      We provide more granular application protection using the APS system, which is located at customer sites.

      Our concern is to provide flexibility. We decided to move to this DDoS solution. We wanted to install some local filtering service in the regions. We wanted to be able to add or remove some mitigation capacity to our regional services, which is vital for us. So, we decided to develop these new features to our DDoS service.

      Every day or month, we have found some new attack, but I don't think that is very important. It is just the evolution of attacks. We fix it and make a description, so we will be aware when some new attacks come. I think that the Arbor DDoS and APS solutions are quite enough at the moment, as they mitigate all attacks that we face.

      What is most valuable?

      The most valuable feature is the ability to work in BGP. It is not important to provide all traffic in a mitigation system every time. We have a lot of customers, and only when a proxy is detected do we use it. This has reduced the cost of our solution. 

      What needs improvement?

      We would like the ability to decrypt APS traffic.

      We need a SaaS model for the solution.

      I opened a ticket with Arbor for the ability to localize numbers of our customers in BGP sessions. This has not been resolved.

      For how long have I used the solution?

      We have been using Arbor DDoS for seven years, since 2013. 

      What do I think about the stability of the solution?

      It is quite stable. There are no major important bugs, though maybe some small ones. 

      There are around five people who maintain it 24 hours a day.

      What do I think about the scalability of the solution?

      It is quite scalable and effective. You can add new integration services quite easily. 

      There are around 60 end users/customers of this solution.

      How are customer service and technical support?

      They have good support. Tickets are resolved efficiently in time with Arbor engineers.

      How was the initial setup?

      It was quite complicated and complex to set up. 

      What about the implementation team?

      Several engineers were required to deploy it.

      What was our ROI?

      There were huge attacks in October, around 62 attacks at 30 gigabits per second, at one of our banks. We used Arbor DDoS to mitigate these attacks, and it performed great.

      What's my experience with pricing, setup cost, and licensing?

      The solution has a huge price, but we are a global company so we receive global pricing, which is why we chose Arbor. We also receive good prices for Russia.

      We also bought the Sentinel feature to use its flow spec because we needed to know how much traffic will be mitigated on our borders. We haven't used it yet, but we are planning on using it in the Spring. We found that the combination of the Sentinel feature with Arbor DDoS going forward is the most important feature.

      We do not use the Arbor Cloud DDoS solution because it is too costly. We decided to make our proprietary cloud solution designed by our company.

      Which other solutions did I evaluate?

      Several solutions were tested, then we chose Arbor DDoS.

      We evaluated several solutions, like NSFOCUS, three months ago, and decided to continue to go with Arbor. Another solution was similar to Arbor because they have a very sophisticated mitigation system. However, they still don't have a system that can analyze traffic by BGP, and their solution was to integrate with Arbor. We decided not to do that. 

      Arbor is the solution for telecom services on the market.

      Arbor is still the leader versus many vendors and products, which is why we decided to integrate with the Arbor solution for another three years. The solution has met our requirements.

      What other advice do I have?

      I would recommend using Arbor DDoS.

      We will buy the next version on virtual machines. We will buy a server separately with the on-premise solution, then install it on our servers where it would be virtual.

      We have been thinking about creating our own DDoS solution using firewalls from other vendors.

      We are looking to buy two distributed servers this year that we will need to test locally.

      I would rate this solution as an eight (out of 10). Arbor DDoS is a stable solution that fulfills our requirements for DDoS protection services.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      PeerSpot user
      Manager IP Core and Transmission Networks at GO PLC
      Real User
      Top 10
      You can be in a better position to mitigate and find alternatives when there is an attack
      Pros and Cons
        • "When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives."

        What is our primary use case?

        My company is a quad-play operator service provider in Malta. We use it for our own internal infrastructure and clients, where we use both always-on and on-demand.

        Our partner has an in-house deployment and can upload it to the cloud as well. This helps to minimize the costs. With in-house deployment, the cost will increase significantly. So, this hybrid approach is advantageous.

        How has it helped my organization?

        When there was an attack, the attack was contained only on the IPs under attack. The rest of the network was not impacted, and that is the most important part.

        The solution has helped consolidate visibility and the actions that we have needed to take. Based on the reports which can be generated, one can be in a better position to mitigate and find alternatives when there is an attack. At the same time, we can limit impact on both the attacked IP ranges and customers as well as other services.

        Arbor DDoS has helped us achieve our network and application uptime requirements. Uptime has improved.

        What is most valuable?

        Arbor provides a full solution. They provide: 

        • The possibility of alarm triggering based on flow packets. 
        • Always-on and on-demand
        • Implementation of BGP Flowspec. 
        • Implementation with their cloud system.
        • Good reporting. 

        What needs improvement?

        When it comes to some false positives, we need to tweak the system from time to time. There is room for improvement when it comes to the actual mitigation because of some false positives.

        For how long have I used the solution?

        I have been using it for more than 10 years now. The solution has changed names over the years. The Arbor suite has evolved a bit over the years, so now we are using Sightline. In the past, it was called Peakflow.

        What do I think about the stability of the solution?

        It is quite stable.

        What do I think about the scalability of the solution?

        The scalability needs to handle going horizontally, apart from the cloud, rather than replacing boxes.

        Initially, the solution was not that mature. It has evolved and scaled better over the years.

        Being a service provider on a small island, our environment is small in scale. Our network is small compared to other operators. We have 20 users internally: our NOC, IP team, and commercial team.

        How was the initial setup?

        It took three months once our agreement was done.

        What about the implementation team?

        Our partner implemented and maintains the system. We use the system to activate mitigation, generate reports, and do some changes. It is self-service, so we are empowered to manage the system.

        We rely on third-party deployment. From this third-party and how they interconnect with us, there will always be some tweaking in relation to understanding which links to use and how to avoid possible loops. 

        We are also looking to implement BGP Flowspec, which is not yet available because we are not exactly interfacing directly with the Arbor platform, but via separate routers that we interface.

        What was our ROI?

        When it comes to DDoS, we are saving by not losing money or clients. Like any insurance, you cannot really quantify it, but you need to have it.

        Attacks are getting bigger and bigger. The cost to have proper DDoS mitigation is once a year insurance. It is getting too large to be sustainable. This is not just related to Arbor. DDoS mitigation is more expensive every year.

        What's my experience with pricing, setup cost, and licensing?

        You need to find a way to get a good offering from Arbor by negotiating a price. That is the challenge. 

        See if it is possible to scale using the cloud service.

        Which other solutions did I evaluate?

        With respect to the competition, I think that Arbor Sightline reporting is cutting-edge. It is significantly more robust than what the other competitors have, such as, Corero, Radware, and Voxility.

        When it comes to the other suppliers, like Corero, Voxility, and Radware, they have automatic mitigation. This will auto-tune to attack changes. With Arbor DDoS, it needs manual intervention. To be fair, I am not sure if that is just our implementation, but that is our understanding for now. 

        Another point is how to handle HTTPS encrypted traffic. On that front, there are some options from other vendors to handle HTTPS without the need to install the certificate, where Arbor might need to do some further development there.

        With other vendors, you might need third-party software for NetFlow or reporting. In my experience, this is what differentiates Arbor DDoS from the rest.

        What other advice do I have?

        Overall, I would rate this solution as an eight (out of 10), the reporting as a 10 (out of 10), and the mitigation as a five to eight (out of 10).

        Which deployment model are you using for this solution?

        Hybrid Cloud
        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        DejanBlagojevic - PeerSpot reviewer
        Presales Engineer at Exclusive-networks
        Reseller
        Top 5Leaderboard
        Best DDoS protection and offers affordable boxes for all types of clients
        Pros and Cons
        • "Companies that live from their presence on the internet will get a very high return on investment from Arbor."
        • "Arbor's SSL decryption is confusing and needs external cards to be installed in the devices. This is not the best solution from an architectural point of view for protecting HTTPS and every other protocol that is SSL encrypted."

        What is our primary use case?

        Our primary use case for Arbor is dose protection. 

        What is most valuable?

        Arbor's performance is its most valuable feature. The boxes are able to process huge amounts of traffic. One rec unit box can forward 20 gigabytes of traffic without any issue or without any latency towards the network. It's impressive really.

        What needs improvement?

        Arbor's SSL decryption is confusing and needs external cards to be installed in the devices. This is not the best solution from an architectural point of view for protecting HTTPS and every other protocol that is SSL encrypted.

        Their mitigation rate could be higher. No matter how good Arbor is in DDoS protection, they do not get a 100% mitigation rate.

        Arbor has the longest tradition in DDoS protection. They have way more expertise in DDoS than anyone else. However, the price of support and licensing is a bit high. They are not affordable but they do their job perfectly.

        For how long have I used the solution?

        I have been using Arbor DDoS for the last five years. 

        What do I think about the stability of the solution?

        On a scale of one to five, with one being not stable at all and five being very stable, I would give Arbor a five for stability. 

        What do I think about the scalability of the solution?

        If you do a good job planning and selecting a good Arbor box for your organization, you can scale at a fairly high level. For scalability, I give Arbor a four out of five, with one being unscalable and five being highly scalable.

        How are customer service and support?

        Arbor's tech support staff knows what it is doing. 

        How would you rate customer service and support?

        Positive

        How was the initial setup?

        On a scale of one to five, one being difficult and five being easy, I would rate Arbor's initial setup as a three. It is easy, but you need to plan it well. You need to think about what you are protecting. There are a lot of different small fine tuning elements that you need to consider during the deployment.

        A common implementation strategy for Arbor DDoS takes about two to three weeks. That is the optimal time frame for delivering the whole solution and getting it as a fully functional protection. 

        We usually start the implementation process by placing the device in the customer's data center. We put it into a transparent mode and then observe some peaks, packet rates, and traffic flows. When that learning period is over, we will start to enforce the protection. That is about it; nothing more to it than that. There may be some fine tuning as a last step, but that rarely happens.

        The deployment usually includes myself and one more engineer. Bigger teams of up to seven or eight engineers do get formed for enterprise customers and internal service providers.

        What was our ROI?

        Companies that live from their presence on the internet will get a very high return on investment from Arbor. 

        What's my experience with pricing, setup cost, and licensing?

        Arbor services are paid annually. A good option is that cloud mitigations can be licensed annually, but you can also buy a single mitigation. That's the lowest quote that you can get. You can activate a cloud mitigation and 24 hours after the mitigation ends, you can buy one more and so on without a contract. They are flexible with the licensing for these additional services, which is nice.

        What other advice do I have?

        Arbor and other Netscout products are almost like Cisco. You configure them once and you can leave them in the data center forever and never do anything on them again. Issues with stability and other unexpected things barely happen ever.

        Regardless of how big your organization is, if you provide some sort of services towards the internet or towards clients, you will benefit from DDoS protection and Arbor especially. They have boxes that are really affordable. 

        Arbor can be deployed as hybrid solution, but the company's main business model is deploying their appliances on premises.

        The good thing about Arbor and Netscout is that they are able to incorporate taxi and streaks external feeds into their devices. That makes them really flexible not towards their own IP intelligence, but you can streamline the additional information from multiple different open source or paid sources. They are well rounded in terms of features. Their portfolio covers network visibility, pocket brokers, and similar stuff. 

        Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
        Flag as inappropriate
        PeerSpot user
        Product Manager at a comms service provider with 10,001+ employees
        Real User
        Top 20
        A stable solution with good protection against volumetric DDoS attacks
        Pros and Cons
        • "The solution provides good protection against volumetric DDoS attacks."
        • "The solution could be more granular to include logs per second and enhanced pipeline monitoring for router licenses."

        What is our primary use case?

        Our company uses a platform to render the solution to our customers and ensure quality service. We build the solution based on our data centers and infrastructure and then deliver an ID appliance to the customer that communicates with our routers and network. The solution provides flow spec protection and prevents volumetric DDoS attacks. 

        What is most valuable?

        The solution provides good protection against volumetric DDoS attacks. 

        What needs improvement?

        The solution could be more granular to include logs per second and enhanced pipeline monitoring for router licenses. 

        We would like the solution to offer secure, bug-free portals that could be installed in our data center and be accessible to our customers. Portals built on their own are expensive and time consuming because they have to be aligned with the solution's operational systems. 

        New versions are sometimes released before the bugs are worked out. 

        For how long have I used the solution?

        I have been using the solution for six years. 

        What do I think about the stability of the solution?

        The solution provides good quality stability and I rate it a nine out of ten. 

        What do I think about the scalability of the solution?

        The scalability could be improved with a more granular approach. I rate it a six out of ten. 

        How was the initial setup?

        The initial setup requires knowledge and is not easy. Setup involves many things including security, technology, alerts, and incidents. From a security operation standpoint, it is detailed and hard. 

        What about the implementation team?

        We have 10-12 technicians who implement the solution and service thousands of users.

        What was our ROI?

        There is a push from the solution's vendor to achieve profitability. It is currently profitable and I see it growing in the Polish market. I strongly believe in the solution and its impact on the profitability of our services. 

        What's my experience with pricing, setup cost, and licensing?

        The solution could be a bit less expensive given its market share. Other solutions that only offer DDoS protection are less expensive. Pressure from new companies will be visible in the future and affect pricing. 

        I'd also like botnet protection to be included in the package with volumetric DDoS attack prevention. Since licenses are required for routers, a method for tracking them in the pipeline would make the pricing model more attractive. 

        Given the limited scope of functionality, I rate the solution's pricing model a six out of ten. 

        Which other solutions did I evaluate?

        Our company also uses Radware as a solution. We build our portfolio based on the appliance software and professional services that could be added to create value for customers.

        The battle between NETSCOUT and Radware will continue until the end of time. There are periods of time when NETSCOUT is better and then it switches to Radware. We look beyond the technology when choosing a solution for customers. 

        Radware offers more functionality because they include volumetric DDoS attack and botnet protection in their package. The network behavior analysis in Radware's DefensePro includes intrusion, malware protection, and anti-botnet solutions that are more comprehensive than NETSCOUT. Radware puts an emphasis on cloud service using the OPEX model, which allows a startup purchase for a lower investment that we can enhance for our customers over time. This gives us the flexibility to add licenses at any point.

        Fortinet also has a good model where you can choose to buy segments of virtual machines instead of whole machines. You buy and accrue points that give you access to segments of these virtual machines. 

        What other advice do I have?

        I rate the solution an eight out of ten. 

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        Flag as inappropriate
        PeerSpot user
        Network Security Engineer at a tech vendor with 11-50 employees
        Reseller
        Top 20
        Very strong for attack prevention but lacks SSL inspection and a behavioral traffic analyzer
        Pros and Cons
        • "The stateless device format means that the box is very strong for preventing DDoS attacks."
        • "The solution needs to enhance its features to compete with other tools."

        What is our primary use case?

        Our company uses the solution to protect applications such as web DNS and file servers from DDoS attacks coming through the Internet's application layer. 

        We also protect our devices and components such as firewalls, IPSS, and WAFs. 

        What is most valuable?

        The stateless device format means that the box is very strong for preventing DDoS attacks.

        The solution is user friendly and the graphical user interface can be used for everything without logging into the CLI.

        The box includes embedded bypass modules so bypasses can be performed without outages.

        Hardware modules do not need to be changed when upgrading licenses for additional capacity.

        What needs improvement?

        A behavioral traffic analyzer and SSL inspection tool need to be added. 

        The solution needs to enhance its features to compete with other tools. Lately, Arbor has made some improvements but they are not ones that are expected or ones that would better align the solution with competitors. 

        For example, the solution announced it was releasing SSL inspection in 2020. After a while, they realized the feature was failing so they stopped mentioning it and instead provided another solution which required purchase of a different box. This created a complex topology that is not cost efficient. I have to set aside extra budget so this is not an improvement or a solution for me. Competitors handle the same feature within their own single box.

        For how long have I used the solution?

        I have been using the solution for five years.

        What do I think about the stability of the solution?

        The solution is really stable. It is the most stable device in our topology. 

        How are customer service and support?

        Technical support is very good and responds quickly. If I get any box faults, one phone call gets me to an engineer for troubleshooting. 

        I rate support an eight out of ten. 

        How would you rate customer service and support?

        Positive

        Which solution did I use previously and why did I switch?

        I did not use other solutions. 

        How was the initial setup?

        The setup not complex and a simple configuration takes about one hour. 

        An advanced configuration takes up to twenty days because I run simulations and check results. It is not constant work but provides useful results. 

        What about the implementation team?

        Our team of one system architect and three system engineers implemented the solution in-house. 

        What's my experience with pricing, setup cost, and licensing?

        The solution's pricing is based on a licensing model that is expensive when compared to other tools. 

        The first option is a DDoS or throughput license that never expires after purchase. You can use the box until its end of life. 

        The second option is a subscription license that is purchased for one, three, or five years. It includes some additional features and services that are optional. 

        Product or technical support is a separate license that must be renewed every one or three years. 

        Which other solutions did I evaluate?

        I have evaluated other solutions in a demo environment. 

        Radware is the leading DDoS solution right now and a strong competitor. I found that its graphical interface is complex and hard to handle. It takes time to configure properly, is hard to read, and is poor for reporting. 

        What other advice do I have?

        I recommend the solution and rate it a seven out of ten.

        If the solution adds a behavioral traffic analyzer and SSL inspection tool, then I rate it a nine out of ten. 

        Which deployment model are you using for this solution?

        On-premises
        Disclosure: My company has a business relationship with this vendor other than being a customer:
        Flag as inappropriate
        PeerSpot user
        Buyer's Guide
        Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.
        Updated: January 2023
        Buyer's Guide
        Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.