Arbor DDoS Reviews

Our company uses the solution to protect applications such as web DNS and file servers from DDoS attacks coming through the Internet's application layer. 

We also protect our devices and components such as firewalls, IPSS, and WAFs. 

The stateless device format means that the box is very strong for preventing DDoS attacks.

The solution is user friendly and the graphical user interface can be used for everything without logging into the CLI.

The box includes embedded bypass modules so bypasses can be performed without outages.

Hardware modules do not need to be changed when upgrading licenses for additional capacity.

A behavioral traffic analyzer and SSL inspection tool need to be added. 

The solution needs to enhance its features to compete with other tools. Lately, Arbor has made some improvements but they are not ones that are expected or ones that would better align the solution with competitors. 

For example, the solution announced it was releasing SSL inspection in 2020. After a while, they realized the feature was failing so they stopped mentioning it and instead provided another solution which required purchase of a different box. This created a complex topology that is not cost efficient. I have to set aside extra budget so this is not an improvement or a solution for me. Competitors handle the same feature within their own single box.

I have been using the solution for five years.

The solution is really stable. It is the most stable device in our topology. 

Technical support is very good and responds quickly. If I get any box faults, one phone call gets me to an engineer for troubleshooting. 

I rate support an eight out of ten. 

Positive

I did not use other solutions. 

The setup not complex and a simple configuration takes about one hour. 

An advanced configuration takes up to twenty days because I run simulations and check results. It is not constant work but provides useful results. 

Our team of one system architect and three system engineers implemented the solution in-house. 

The solution's pricing is based on a licensing model that is expensive when compared to other tools. 

The first option is a DDoS or throughput license that never expires after purchase. You can use the box until its end of life. 

The second option is a subscription license that is purchased for one, three, or five years. It includes some additional features and services that are optional. 

Product or technical support is a separate license that must be renewed every one or three years. 

I have evaluated other solutions in a demo environment. 

Radware is the leading DDoS solution right now and a strong competitor. I found that its graphical interface is complex and hard to handle. It takes time to configure properly, is hard to read, and is poor for reporting. 

I recommend the solution and rate it a seven out of ten.

If the solution adds a behavioral traffic analyzer and SSL inspection tool, then I rate it a nine out of ten. 

Arbor DDoS is used for network protection if you have a DDoS attack, it keeps the session or information moving.

Arbor DDoS is a combination of a physical appliance and the cloud, and it's combined in their subscription.

Arbor DDoS could improve out-of-the-box reporting, it could be better.

I have used Arbor DDoS within the last 12 months.

Arbor DDoS is highly stable.

Arbor DDoS is able to increase your bandwidth. You can scale less than 50 percent, but if you are scaling above 100 percent it will not be flexible. You have to get a bigger appliance, which will be at a discount rate. It is scalability in the technical and commercial sense.

The technical support of Arbor DDoS is good.

The initial setup of Arbor DDoS is straightforward, and it took approximately five days to implement.

The price of Arbor DDoS depends on many parameters. It depends on the physical capacity of the environment, and it is not a straight-line price. It's fairly competitive in the market on the price.

I would recommend this solution to others.

I rate Arbor DDoS a nine out of ten.

We are using it for application availability, for its perimeter protection against DDoS and such service-exhausting attacks. Our goal is service availability and protecting our infrastructure against reputational damage and other penalties that could be incurred as a result of outages and malicious activities.

In terms of availability, we have never suffered any service exhaustion or services unavailability. Credit goes to the solution in that we have probably suffered a number of attacks, but they were mitigated by the tech solution without any notable impact - automation. We have benefited a lot from it.

It gives us visibility into what's going on with our externally exposed services. The better the visibility it means we are able to take better informed actions to improve our infrastructure, both inside and outside the LAN.

And it has definitely helped us to achieve our network and application uptime requirements for our business and its external stakeholders. We have always maintained a very high service availability. Previously, the work involved was so intense to ensure we could support that availability. The uptime was the same then as it is now, almost 99.99 percent availability. But back then, threats were not as evolved and sophisticated as they are now. In the seven years we have been using the tool, we have continued with availability of services as before. But today, without the Arbor solution, I believe we would have suffered quite a number of service availability issues.

The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me.

They are putting quite a good amount of effort into their research to make their products stand out from the rest.

Day by day, the solution is actually getting smarter and more useful.

I haven't found anything to complain about or anything that they need to improve on.

I have been using Arbor DDoS for close to seven years now.

It's a very well-developed tool. I'm quite impressed. I'm happy with its performance. Stability-wise, it's a good tool. Support is also very impressive.

For my environment, there is no need for growing the platform. We currently have about 5,000 endpoints. But from what I've seen, and the way we deployed it, it looks quite scalable.

I've used NETSCOUT's technical support a number of times. I would rate it at 8 out of 10.  They are doing well, there is always room for improvement. Their technical knowledge is on point, and their turnaround time is on point.

We did not have a previous solution.

The decision to use Arbor was based on their track record and capabilities - they stood out very well.

It's not complex. If you know what you want to use the tool for, the placement, and you know what you want to protect, the setup is very straightforward. It requires minimal downtime to deploy the solution. I found it quite easy.

Deployment took about two hours, but that time includes internal delays. From the moment you start setting it up, it takes no more than 30 minutes. The longest part, before you deploy the technology, is learning your network by monitoring it. That could take a long time, depending on the timeframe that you want to benchmark on. It could take, say, a month, just to get an idea of how your network behaves. But in terms of setting up the device, it should take an hour, tops.

We had three people involved in the initial setup. All are network engineers.

Post-deployment maintenance on our side consists of just the regular updates of the software. 

Implementation was both inhouse and vendor supported - vendor support was great, very knowledgeable resources.

ROI comes from the fact that we've never suffered any outages. In the absence of Arbor, if we were to be compromised, the cost would be way more than the cost of the solution.

The solution is a bit costly if you're on a tight budget, but it's worth the price that they are charging - the ROI is notable in a long run.

I've only used the Arbor solution, so I haven't had any hands-on exposure to other technologies. But from the bit that I've read, and based on the ratings of the other solutions, nothing compares closed to what Arbor anti-DDoS offers. I've tried to compare it with the F5 Silverline solution, but the way that solution does threat mitigation is not as advanced or as comprehensive as what Arbor does.

My advice is "Go for it." It's a great tool. If you're concerned about the availability of your services, I highly recommend it, without any hesitation. If you regard your brand or organization as valuable, then Arbor is the tool for you.

We are an internet service provider. We are using Arbor in our networks and it mitigates all attacks on our network. We are using BGP for traffic diversion.

When we implement Arbor in an organization it is protected against DDoS attacks. We also protect our services, our customers and their networks with it. We need Arbor or a similar solution in our organization.

It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated. I like the features.

Sometimes the PPM module gives you an error. They improved it, they deployed a patch, and fixed it. Generally, if it gives you an error, you need to power it off and back on again.

It's more stable than its competitors. We haven't had any stability issues with it.

It's scalable.

Technical support is pretty good. Sometimes first-level engineers take too much time, but when they escalate to the engineers they solve our problems. So the first level of support, I am not sure about them, but the other levels are good.

They respond to our tickets.

We used Cisco Guard but Cisco no longer sells that solution. It was a very complex solution and our customer satisfaction was very low. We searched for a new solution and we liked Arbor.

It is easy to deploy. You can easily configure the interface, connect your network, and easily do the BGP configuration from the menu.

If you're deploying the TMS product, it takes about one hour for the physical deployment and configuration requirements. The Collector is easily done in TMS. Their inline solution, APS devices, is also easily done. It takes about a half an hour for an APS device.

We don't have a specific deployment strategy. For deployment, the minimum staff required is one security guy and one network guy.

We generally get support from Arbor engineers while we deploy.

We have gained from this product, and our customers are also satisfied with this solution. It helps with our profit. It's a good investment.

Arbor's products are very expensive. Their competitors are cheap when compared with Arbor. Now we are using Arbor, but in the future, if the price remains expensive, we might PoC the competitors. If we have the budget, we want to use Arbor, but in the future, if we have budget problems we may try other products.

I would recommend Arbor's solution. I like it.

In terms of increasing the usage of Arbor, when we expand our networks, we open new sites or data centers, we always use Arbor. In the future, if expand out, we will use it again.

I rate it a nine out of ten because I have been using it for about eight years and it's very user-friendly, troubleshooting is good, and the reporting side is also good. It's easy to deploy and our customer feedback has been good. It's just that the pricing is very expensive, so I give it a nine.

We have captured a profile for every production group which has a server-type configuration. We also enable signaling. If there is a huge amount of traffic, it will indicate that to us. Accordingly, we will inform them to take action or whatever. We will determine whether it is legitimate or not based on the requirements.

There is a given bandwidth for any organization, an expected amount of traffic at a given point of time. If it sees more than the traffic which we are expecting at a given point of time, it could be an anomaly. We will then check internally whether a download or upload is happening, etc. Normally, if it sees a huge amount of traffic at the same time, then automated cloud signaling will be enabled and, automatically, the traffic will be dropped.

There are multiple malicious IPs which are present everywhere. So, wherever the traffic comes from, it comes directly to the internet firewall, which utilizes the firewall's bandwidth, latency, etc. We block such traffic directly at the Arbor level only. 

Also, with network-level signatures, we can block things like malicious packets at the Arbor level only.

It's very user-friendly. Everything is done through a GUI. It doesn't take much time to learn how to use it. Once you see it a few times you understand it.

It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken.

With Arbor, every six or 12 months, we can do DDoS testing.

Also, there are HTTP connections. We can tell it there are multiple production categories which are present in a server-type configuration and we can use that. 

In very rare situations we use it to capture traffic. If there is any malicious traffic we can capture the packet where we can see the HTTP request.

On the main page there are alerts that we are unable to clear, even though the issue has been resolved.

The stability is very good. We have never faced an issue with it.

The scalability depends on the box but we have never had any issues with that.

We use technical support when there is some issue with the box or traffic and we are unable to resolve it. Our interaction with them is good. They check the issues. It usually takes them one or two days to respond. They're knowledgeable and helpful.

The last issue we contacted them on was during implementation. We connected to one of two management ports but it was not working. They told us to change the management port and when we did everything was fine.

I did the initial setup. It's not complex. We have a default admin and password where we need to set a management IP. Once management IP is set, if we connect it through a comm port, we need to set our system IP tools in the same subnet so that we can connect to Arbor. After that, we can set up usernames, passwords, and an IP access list. We can even change the group password.

If you have some knowledge, the implementation will only take between a half-hour and an hour. The only scenario where it takes time is when we put it into inline mode; when we mount the devices into the network.

One person is enough for deployment, if they have knowledge of how to implement it. There is no need for two or three. The number of people required to maintain it depends on the automation. One person is often enough. 

We have seven people who directly access Arbor DDoS, mostly project engineers.

We are using Arbor as a DDoS protection infrastructure. It protects our both our company's infrastructure and also our customers' infrastructure. We are not using it to protect one website, we are protecting a lot of websites and a lot of customers' infrastructures including their websites, their web services, etc.

It protects our infrastructure. We are in a particular geography so we face a lot of cyber attacks, especially DDoS attacks. It's very beneficial for our infrastructure. It's a vital component for every provider network.

We are using it mainly for DDoS protection. Reporting functions provide good visibility. Also, API's helps us to improve our service. We are also using it by serving cloud signaling service to our customers for their on-premise APS devices.

Learning period for managed objects are too short; better to have auto-profiling based on learning.

As long as you don't touch it, it's very stable. But if you try to configure new features or some new deployment, sometimes that can be a problem. A few weeks ago we had an appliance that went down. 

It's very scalable. It has a central management platform that manages all appliances, so if you have a few sites, you can scale it to other sites with new devices and you can manage them from the central management platform.

Arbor has an engineer in our country and we try to solve our cases or our problems or our new feature configurations with him. Also we are able to do that by contacting tech directly. The guys in our country help us contact the tech team. They also have another contact in the tech team so they can speed up the resolution of our cases by communicating with him.

When issues arise, they're helpful, they're knowledgeable and responsive.

The last ticket we submitted was when one of our appliances went down while we were configuring it one night. They solved it within four or five hours after we opened the case. They sent the solution within that time. The appliance went back up and has continued to work properly.

The setup is very straightforward, not too complex. Their tech team is very helpful.

As far as I know, they are very successful in DDoS protection. Because they know it, their service prices are too high. They provide cloud DDoS protection for ISPs, but that is also too expensive. 

We are evaluating other options. We may apply one if we find an appropriate solution. As I mentioned before, Arbor DDoS prices are too high, it's very expensive. It would be better to have more than one vendor in our infrastructure, because there is no competition when you have one vendor or one solution.

Arbor is very good at what it does. If you have enough budget you can apply it to your infrastructure and use its flexibility and reporting features very well. But if you don't have the budget and you don't expand the budget for the coming next years, I suggest not getting in touch with Arbor.

Five or six engineers can log in to devices, but in our company two people are managing infrastructure. There are always ways to optimize it, but we have been working for two years to optimize it and it's in a good situation compared to two years ago.

I would rate it a seven out of ten. My rating is based on the general problems that we had and the solutions for them, as well as the daily stability of these devices.

We are using nearly all the features of Arbor. Currently, they are enough for us, but in the future, if there are different kinds of DDoS attacks I believe that Arbor DDoS will also take action against them.

We use Arbor DDoS in the Asia Pacific region for a couple of government clients and Financial sector. The primary use case is for different types of problems that we do not see with other solutions, such as IPS, IDS, and FireEye. It has that type of detection and it blocks things.

It detect and protect DDOS effectively.

We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly. Many times an attack is with hundreds of GBs on our devices. We're able to filter that out.

Also, it is able to find new, different IPs. Arbor keeps them for one or two days, but it will release them after some time. That enables us to blacklist them permanently so that we don't get that IP's traffic.

It also denies fragmented packets.

If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there.  It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see.

It's a stable solution. We haven't had any issues up until now, except for one or two times. On those occasions, we found attacks were getting through but then we realized we needed to update the signature database. Since then, it has been working fine. It is blocking as it should.

There haven't been any bugs.

We haven't had any issues with the scalability.

Technical support is good. They respond swiftly.

We found what we wanted in Arbor DDoS. It met our expectations, as IT users of different types of complex environments. It fit our needs. After we did the PoC, we found that this product is good. It was scalable and stable.

The initial setup is complex.

Deployment took about four months. After getting vendor support for installation, we then configured IP ranges for different clients. Then we set up the bandwidth and enabled logins.

There has not been much to deploy and maintain since then.

Arbor directly helped with the deployment.

DDoS is a major problem. If it infiltrates one device, it can move laterally, compromising much more. Up until now, we haven't lost any confidential data. The DDoS protection solution is a valuable tool to our organization.

We did look at competitors but I don't remember which ones now.

We have two teams that work with it. There is the maintenance team and we are the team that takes action.

I would rate Arbor DDoS at eight out of ten. It's stable, it's scalable, and it can handle complex environments. 

I was working in the ISP environment and the Arbor DDoS solution is integrated in there.

We have certain gaming server data centers having some big or small LAN protectors. All protectors have been added to Arbor for mitigation and protection and the IPs with frequent attacks are separately added for more focus monitoring. Usually when gaming users go online they experience this type of high volume attack. We pick those IPs and separately define an Arbor for mitigation and the whether those are positive.

Specifically in the ISP infrastructure where I was working, Arbor DDoS is integrated to detect the threats and mitigation. Basically, the peak flow TMS solution and peak flow SP solution has been procured by my company. We are providing services to customers and protecting our own infrastructure as well.

When you work in an ISP or enterprise environment, the main priority is to protect your services or your customers services, like bandwidth. There must be no high volume breach towards any customer, such as a DDoS attack or application level attack. The purpose of procuring a peak flow TMS solution is to mitigate the high volume attacks towards our customers and to protect our internal infrastructure as well. This is our priority in this aspect.

I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions. Plus, hardware stability is a big issue with Arbor. We have frequent outages with the hardware.

Arbor is good for expansions or forecasts, and helps us as well. Their pre-sales team is very dedicated and focused and they just nominate the POC, who then provides the capability, descriptions and presentations to us.

They are helpful. Their response time is good. 

No, we were just manually blackholing at level three, an upper level. We were not using any specific DDoS solutions like Arbor.

Initial setup is a bit complex because it is a Linux based working environment for configuration. A bit of expertise is required to configure the setup. It requires an expert level assistance from Arbor to complete the configuration or to apply any new system.

Deployment took around 3-4 months because we had two sites nationwide on which peak flow was deployed.

Yes. They were just handling the physical connectivity, the mounting, placement and insertion of the cords. By law, integration is pushed by the Arbor expert.

Licensing is good and they are very helpful to us. Without licensing you cannot get the complete features of the product, as well as the complete level of support, so licensing is obviously a good option.

Actually there is a different planning team which takes care of the projects, so I don't know if they were considering any other vendor or not, but right now Arbor is the first choice and we are working with it.

Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment. So, Arbor is very helpful to have inside of the most recent attacks and their backgrounds.

Arbor has a global ranking and global recognition. Whenever you do a search on Google, you can find Arbor on the top three or top five DDoS protection vendors. Obviously, Arbor is very reliable.