Arbor DDoS Reviews

We receive work orders and implement them for the client. This we do in respects of MMSP solutions. 

We do not help to integrate Arbor in other companies.

An issue which needs to be addressed concerns information I received of attacks on the radar and Arbor, allegedly, not taking any action. I wish to compare this with Fortinet DDoS, with which I am more familiar. This solution places more of an emphasis on the behavior of the traffic and provides a response in respects of the volume. But, it also learns the traffic behavior of the customer as concerns its response to other attacks.

I would like to see a feature concerning the response or one which addresses the need for behavior learning of the customer's traffic. I am sure Arbor is working on it. 

We've been using Arbor DDoS for three years.

The stability is okay and we have not encountered problems with the solution. 

As I mentioned, we only provide support in the role of technical operators, so the question about plans for increased usage should be directed towards the operator. He is in a position to say whether he has plans to sell more equipment to his customers. While the desire to desire to sell is not at issue, the willingness of people in this country to pay for the security is. 

We received from the customer, who is an operator, all of the technical knowledge needed to support NETSCOUT.

The initial setup was okay and did not take long. 

The licensing of a complete Arbor solution, including fire-walling and unified site management, can get expensive. This is a cost-benefit scenario in which the risk of losing everything must be weighed against the increased expense of the solution. This decision lies with the end customer and it depends on his protection policy. Apparently, taking protective measures is not prevalent in our culture, as people have a tendency to think that they will not be the target of an attack, even though this may be the ultimate result. 

I believe we have 10 or 15 users who are working with the solution. 

I rate Arbor DDoS as a ten out of ten. 

We're a managed service provider as well as an internet service provider. We use it to protect our core network from DDoS attacks, and by protecting our core network we can also protect our end customers.

We're in the process of migrating to the newest version, currently. We use the solution in our physical environment, but we also take advantage of their cloud offering.

Previously, we were vulnerable to DDoS attacks, and large-scale attacks could potentially take down parts of our network segments. With the Arbor product, that doesn't happen anymore.

I love the forensics. The forensics give us the ability to look at logs and to look for anomalies and give us traffic information about customers that we might not normally have. We can also use that to assist customers in troubleshooting issues that they might be having. The forensics is what I loved the most.

I struggle with where the product could improve because it's pretty great the way it is.

I would just say more granular reporting, down to our customer level, would be helpful. If we could somehow import customer information in their networks, it would be able to generate reports. It might actually be able to do that right now, and we have just never used it.

I've dealt with other solutions where I said, "I wish it did this," but it didn't. We have tried some other solutions that do what Arbor does and I would often go back to them and say, "Well, I want it to do this," because we already have that now with the Arbor solution. I've dealt with other vendors and I don't see things that they're doing that Arbor doesn't do.

I've been using Arbor DDoS for eight years.

It's very stable. Things do happen and we have had to open support tickets, but that touchpoint with Arbor is very low. There is not a lot of trouble that comes up with it. 

We don't necessarily need to update the firmware versions all the time, although they are available. Sometimes we have stayed with a  version that we were on because it was stable and it was secure. I've dealt with other vendors before where there are constant problems and their solution is, "Well, there's a new firmware version. Upgrade." We don't have those kinds of problems with Arbor.

It's easily scalable. We could add on routers if we wanted to; we could add on more devices to handle more mitigations, or go to the cloud if necessary. If there was a large scale attack, we'd just use their scrubbing centers versus ours. It's very scalable.

It touches a relatively small part of our overall network: It touches our drain points to the internet. But it affects the entire network, which is quite complex. It's protecting our entire network. As our network expands, it can expand with us.

The technical support is very good. We usually get answers right away. We can submit a ticket online or just give them a call and get a quick response.

We didn't have a solution before Arbor, but there was a period of time where we tried another solution. We did not find that solution to be adequate.

With Arbor, when we see DDoS attacks, it is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler.

I wasn't involved in the initial setup, but I was involved, mid-stream, when we brought in the mitigation side. We are currently replacing our aged infrastructure of Arbor products with a newer version. I'm tangentially involved with that.

The updating process is straightforward. They've done a good job of that. And the fact that we've already deployed it before means we can use the template of the previous deployment to set up the new deployment. So it is easy.

Our implementation strategy is the same, whether for the initial setup or for the updates. We're finding where the drains are on our network and set up the monitoring for those points. Then we create the mitigation side at specific data centers so we can route traffic to those devices and mitigate the traffic.

We have seen ROI for sure because uptime, as a service provider, is critical and the solution helps us maintain 100 percent uptime.

There is room for improvement with the pricing. It is an expensive solution. The issue with the pricing is more the way it is built. Right now we're paying per router, and there's a limitation there. I would like to see bundle-pricing where there is an overall solution cost.

I will periodically talk with other vendors, just to make sure Arbor is really the best solution for us.

Work with Arbor. They have great people to help you make sure it's implemented correctly. And they also have a great training team to help you understand the solution and use it to its fullest advantages.

The biggest thing I have learned from using the solution is seeing all the different types of denial of service attacks that are out there. I have come to understand that they will come in waves and that certain types of customers are more prone to attack than others.

It also lets us understand traffic flows on our network, as far as the usual traffic goes. We can understand what our network looks like. What it looks like at 1:00 pm is very different then what it looks like at 3:00 am. The solution helps us understand that.

The users of Arbor DDoS in our company are only a handful of technicians. Our NOC and some of our security people, engineers, are in there, but it protects tens of thousands of customers for us. For deployment and maintenance of this solution we require two security engineers. They maintain the system and make any configuration changes, if necessary. They handle regular maintenance, if necessary, although it's pretty minimal.

I would rate this product as an eleven out of 10.

Using the Arbor SP Insight allows the detection of DDoS attacks coming in from upstream internet providers. The system provides a central analysis to detect DDoS attacks and allow reporting on internet traffic. This along with the TMS physical off-ramp mitigation platform allows us to redirect the inbound attack traffic via BGP. The offramp TMS effectively separates attack traffic from the main path used during normal operation. The system provides attack mitigation for both internal infrastructure and downstream customer services.

Prior to deploying the Arbor solution, DDoS mitigation involved creating ad hoc packet filters to block the malicious traffic during event. These were difficult to apply because getting the detailed match information during an event was problematic. The traffic monitoring systems we had in place did not always have the necessary detail, nor was the attack traffic patterns readily identifiable as malicious. And then the nature of the attacks did not always allow for blocking filters to apply only to malicious traffic. Arbor has made the whole process simpler. 

The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.

Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.

Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.

The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed.

Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process.  If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.

I have been using Arbor DDoS protection for over 8 years across two employers one a large scale enterprise network with dual data centers and 4 ISP upstreams and the second a regional service provider with multiple tier-one upstreams and internet exchange connections.

Arbor technical support is painless. Support requests at any hour are serviced quickly with an engineer that is very familiar with the platform details. The one RMA from hardware failure that I had to process went through immediately for our next business day delivery.

We use Arbor DDoS in the Asia Pacific region for a couple of government clients and Financial sector. The primary use case is for different types of problems that we do not see with other solutions, such as IPS, IDS, and FireEye. It has that type of detection and it blocks things.

It detect and protect DDOS effectively.

We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly. Many times an attack is with hundreds of GBs on our devices. We're able to filter that out.

Also, it is able to find new, different IPs. Arbor keeps them for one or two days, but it will release them after some time. That enables us to blacklist them permanently so that we don't get that IP's traffic.

It also denies fragmented packets.

If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there.  It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see.

It's a stable solution. We haven't had any issues up until now, except for one or two times. On those occasions, we found attacks were getting through but then we realized we needed to update the signature database. Since then, it has been working fine. It is blocking as it should.

There haven't been any bugs.

We haven't had any issues with the scalability.

Technical support is good. They respond swiftly.

We found what we wanted in Arbor DDoS. It met our expectations, as IT users of different types of complex environments. It fit our needs. After we did the PoC, we found that this product is good. It was scalable and stable.

The initial setup is complex.

Deployment took about four months. After getting vendor support for installation, we then configured IP ranges for different clients. Then we set up the bandwidth and enabled logins.

There has not been much to deploy and maintain since then.

Arbor directly helped with the deployment.

DDoS is a major problem. If it infiltrates one device, it can move laterally, compromising much more. Up until now, we haven't lost any confidential data. The DDoS protection solution is a valuable tool to our organization.

We did look at competitors but I don't remember which ones now.

We have two teams that work with it. There is the maintenance team and we are the team that takes action.

I would rate Arbor DDoS at eight out of ten. It's stable, it's scalable, and it can handle complex environments. 

We observed traffic over six months to create a benchmark. We created alerts to trigger and be sent to our SOC once the traffic exceeds the benchmark.

The introduction of IP-intelligence helps in determining IPs with a bad reputation. We recently upgraded to the latest version and that functionality is enabled now. They've come up with centralized intelligence based on their own cloud, and they feed the data, the intelligence.

In the GUI, the packet capture is a very good option, as is the option to block an IP address. These help in analyzing traffic and blocking unwanted IP addresses as a preliminary troubleshooting step.

Also, they have a customer program where, if we find a blacklisted or bad-reputation IP, we can submit it to Arbor directly.

There is definitely room for improvement in third-party intelligence and integrations. I would like to see more threat intelligence and internal traffic monitoring for C & C communications.

The product is very stable.

We have not faced any scalability issues since we have a very confined environment.

Tech support is good. They have really good expertise from the appliance point of view.

We did not have a previous solution.

Although I was not involved in the initial setup, I understand that it is easy. In terms of the specifics of our implementation, it's sensitive information so it can not be made public. Because of the criticality, I cannot comment on configuration or how is it implemented.

Regarding the simple setup, it is because of the out-of-the-box configurations which Arbor provides you with. I don't think there is another way to implement it as such. It was per Arbor's standards, so there was nothing that was done differently.

Pricing is average.

Go for the latest appliances.

We do have plans to increase our usage of this type of solution, but now there are a lot of other services coming up so we are looking in parallel at other stuff, for other functionalities and features from Arbor itself.

I rate Arbor DDoS at eight out of ten. They have done a considerable amount of development in the last few years when it comes to features. However, there is a restriction when the environment is hosted in the cloud and it is on-prem, so there a challenge there: The full-fledged features don't comply with certain requirements. There are always challenges.

We have captured a profile for every production group which has a server-type configuration. We also enable signaling. If there is a huge amount of traffic, it will indicate that to us. Accordingly, we will inform them to take action or whatever. We will determine whether it is legitimate or not based on the requirements.

There is a given bandwidth for any organization, an expected amount of traffic at a given point of time. If it sees more than the traffic which we are expecting at a given point of time, it could be an anomaly. We will then check internally whether a download or upload is happening, etc. Normally, if it sees a huge amount of traffic at the same time, then automated cloud signaling will be enabled and, automatically, the traffic will be dropped.

There are multiple malicious IPs which are present everywhere. So, wherever the traffic comes from, it comes directly to the internet firewall, which utilizes the firewall's bandwidth, latency, etc. We block such traffic directly at the Arbor level only. 

Also, with network-level signatures, we can block things like malicious packets at the Arbor level only.

It's very user-friendly. Everything is done through a GUI. It doesn't take much time to learn how to use it. Once you see it a few times you understand it.

It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken.

With Arbor, every six or 12 months, we can do DDoS testing.

Also, there are HTTP connections. We can tell it there are multiple production categories which are present in a server-type configuration and we can use that. 

In very rare situations we use it to capture traffic. If there is any malicious traffic we can capture the packet where we can see the HTTP request.

On the main page there are alerts that we are unable to clear, even though the issue has been resolved.

The stability is very good. We have never faced an issue with it.

The scalability depends on the box but we have never had any issues with that.

We use technical support when there is some issue with the box or traffic and we are unable to resolve it. Our interaction with them is good. They check the issues. It usually takes them one or two days to respond. They're knowledgeable and helpful.

The last issue we contacted them on was during implementation. We connected to one of two management ports but it was not working. They told us to change the management port and when we did everything was fine.

I did the initial setup. It's not complex. We have a default admin and password where we need to set a management IP. Once management IP is set, if we connect it through a comm port, we need to set our system IP tools in the same subnet so that we can connect to Arbor. After that, we can set up usernames, passwords, and an IP access list. We can even change the group password.

If you have some knowledge, the implementation will only take between a half-hour and an hour. The only scenario where it takes time is when we put it into inline mode; when we mount the devices into the network.

One person is enough for deployment, if they have knowledge of how to implement it. There is no need for two or three. The number of people required to maintain it depends on the automation. One person is often enough. 

We have seven people who directly access Arbor DDoS, mostly project engineers.

Mitigating network level volumetric attacks, complete network visibility and complete control on applying countermeasures.

• DDoS amplification
• Flow specs
• Blackhole mitigation, and
• IP location policy to control traffic based on geolocation.

Cloud signaling integration with third-party DDoS solution provider. Currently, it supports only its DDoS APS box.

We use these products because of the increase in frequency and sophistication of Denial of Service and Distributed Denial of Service attacks. As a service provider, we need to control and mitigate these attacks.

Valuable features include:

• Simple and centralized management of user access and capabilities
• Viewing and/or configuring of status, history, account, user, AAA, DNS, and NTP settings
• Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control
  

The following areas need improvement:

• Opening and tracking support tickets 
• Online support resources
• Software upgrades/updates and replacement media
• Event management guidelines.
  

The initial implementation phase was a bit tricky but after that, it worked like a charm.

Provides increased performance, scalability, and availability for Peakflow SP-based managed services.

It enables 25 simultaneous users/API per non-leader device. It scales up to ten PI devices and a maximum of 125 simultaneous logins, deployment-wide.

The setup follows a project plan based on a PIP (Performance Improvement Plan) document and the LLD. A process is created to cover site preparation, hardware staging, hardware installation, and link activation and needs the involvement of the Operations team. Deployment takes three to four months.

Our implementation strategy is as follows:

• Assign a project manager to be onsite when needed during the implementation until signoff
• Understand customer’s policies, requirements, and procedures
• Discuss and agree on the general prerequisites for the proposed solutions
• Conduct site survey
• Site preparation for the proposed solutions
• Design the proposed solutions
• Provide detailed project plan for the entire assignment
• Provide Low-Level Design
• Delivering the proposed SW and HW to the site
• Configure the solutions based on best practices
• Complete integration, fine-tuning, testing, and knowledge transfer to provide templates and guidance on use of templates to team members
• Finalize the deliverables along with the client
  

We did include an SI for the deployment. Our experience with that team was excellent as they knew what they were doing.

Pricing is slightly on the higher side.

It's an excellent product DDoS protection against attacks.

We have more than 7,000 users at all levels of access.