Arbor DDoS Reviews

The deployment methods are really important as are the mitigation templates for volumetric and application-level attacks.

We do not have this product in our organization. We are service providers for Arbor.

This product improves the application's availability; we have mitigated targeted attacks for some clients.

I believe that the Arbor Cloud should be available, even if the customer does not have any Arbor appliance on-premise.

I have been using Arbor technologies for about two years.

In the two years I have been using the product, I haven't encountered any stability issues. The solution is pretty robust and stable.

Both solutions, Arbor Networks SP/TMS and APS, are very scalable.

The important point about Arbor Networks APS is that it is usually deployed inline, so you have to be aware of the number of switch ports available for each model.

I have a lot of experience with the technical support for multiple vendors (HPE, Cisco, Palo Alto Networks, Imperva, etc.) and the Arbor support is really good; usually, they respond with the workaround for your issue.

I really recommend the technical support from Arbor.

Setup complexity depends on the appliance:

• Arbor Networks APS: The setup is really straightforward; deployment and tuning are not that hard.
• Arbor Networks SP/TMS: This a complex solution and usually deployed in Diversion/Reinjection mode. Customers have to know the concepts and configuration about BGP, routing etc.

Arbor Networks APS licensing usually depends on the throughput of the enterprise.

Arbor Networks SP/TMS licensing usually depends on the throughput and the number of managed routers.

Note: It is not a cheap solution, but this is the most deployed anti-DDoS solution worldwide.

This is the first enterprise anti-DDoS product that we acquired. It later became Imperva.

You have to be clear as to what do you want to protect, i.e., the applications, networks, etc.

The most complex appliances are for the Arbor Networks SP/TMS solutions, so you have to know the BGP, peering, diversion, and reinjection concepts.

I primarily use Arbor DDoS for scrubbing.

Arbor DDoS's best feature is that we can put the certificates in, and it will look at layer seven and the encrypted traffic and do the required signaling.

An improvement to Arbor DDoS would be to make evaluation licenses and virtual machines available. This would allow us to learn the system and to spread word about the product to others.

I've been using Arbor DDoS for almost five years.

Arbor DDoS is very stable.

Arbor DDoS is scalable.

The complexity of the setup depends on the user's experience, but it's very quick to deploy.

Arbor DDoS has given us a very good ROI - I would rate it five out of five.

I would rate Arbor DDoS ten out of ten.

Our primary use case is developing threshold values for all groups. We use it to analyze packets to build a use-case for when a server group hits the limit of incoming traffic. In such a case we suspect traffic.

We use it to build use-case scenarios, based on the server input and a client's requirements. Some clients have a number of users accessing a given server which affects the bandwidth. In each case, we need to tell DDoS what is considered legitimate traffic.

It prevents all unwanted or malicious traffic, using the Threat Intelligence feeds.

There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds.

There are two modes in the product: The first is a learning mode and the other is a production mode. First, we learn the traffic using the learning mode. We use it to fine-tune what is suspicious data and what is legitimate traffic.

Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning. Self-learning would be an improvement.

The stability of Arbor DDoS is good. It's not that complex as a product and stability is not an issue.

The scalability is good. Configuration-wise, an administrator could create issues. But the product itself is good.

I have implemented it multiple times in industries like oil and gas, banking, and insurance.

The response from Arbor's technical support is good. They respond within two days.

The initial setup is straightforward. It's very simple. I have deployed the product for multiple clients. Implementation takes less than three to four hours, but the fine-tuning takes some time, based on the organization's needs. That can take more than a month.

Our implementation strategy is based on how many servers and groups there are and what kind of traffic is coming to/from the internet. These are the factors that affect how we deploy it. Deployment requires two to three consultants who are security architects. For maintenance, one administrator is fine.

Licensing is based on features, I believe.

Implementation is very easy but making the product work optimally is more difficult.

It's the best product. I would rate it at eight out of ten. There are some minor issues with blocking legitimate traffic and that's why it's not a ten.

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.

The DDoS mitigation. There is no other feature.

It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.

But otherwise, from a user perspective, it's pretty straightforward.

It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.

Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.

There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.

Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.

I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.

When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.

The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.

The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.

The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.

When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.

In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.

I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.

To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.

I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.

• As an ISP, it is important to know from where the traffic comes so as to neutralize any attacks.

• The Arbor Networks SP device provided great visualization of the network traffic.

• Arbor Networks TMS is for cleaning the DDoS traffic, which is used sparsely.

The Arbor Networks SP device allowed us to optimize the network traffic. For example, it helped us to find the best IP network route to reach certain countries with low latency.

My opinion is that these Arbor devices should be scalable, in terms of the hardware.

Network bandwidth is rapidly increasing. Therefore, it is not practical to predict the network traffic as what it will be in five years time and also, to accordingly plan the required hardware specifications.

I have been using this solution since 2009.

We have been using the Arbor Peakflow SP CP-5000 and Arbor Peakflow TMS 2700.

Both the devices were very stable at the operation.

Unfortunately, these devices are not scalable and we have to upgrade to the next model in order to increase the threat mitigation capabilities.

We’ve received technical support mainly from Thailand. The guy who supported us was very competent with the products.

We were not using any other solution before.

The initial IP configuration has to be done in a command line, but the rest you can do via the web interface.

As a comparatively medium-scale ISP, we struggled with the license restrictions. By default, the Arbor SP device has only five licenses, which means only five routers can be integrated.

At that time (2008-09), when we checked the other options, there was not even a single product vendor that had the ability to do both network traffic analysis and DDoS traffic cleansing.

There were other proposals such as Radware and Cisco Guard for DDOS protection.

It is vital to identify the number of routers that are going to be integrated and the scrubbing capacity required for the expected lifetime of the product, as it is not scalable once you have purchased it.

For others who expect to implement Arbor, the key prerequisite is to identify the network devices that are going to integrate, since it will dictate the licensing. Since it is not scalable, so users should have to get this right before purchasing the product.

The main focus was DDoS protection.

Some months ago, in Mexico, we had presidential elections. At that time it was very important to deny DDoS attacks, especially on the platform for counting votes in the election. This solution was good for our customers.

• AIF
• Cloud Signalling - In my previous environment, we worked with Arbor as a carrier but in my current company some of our customers have the solution on-premise and we have to synchronize the solution with the Arbor solution that our customers have in their enterprises. The ability to work with the Arbor solution on the carrier side and on-premise provides solutions for both types of customers.

The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not.

The first impression needs to be more mature. It needs to be something that you would be proud to show someone. If you have a visitor to your SOC and you show him your installation, you need something more impressive. The look and feel of other brands is really nice, while Arbor is really simple. It's a good solution but not as spectacular as others. It's a matter of marketing, not performance.

The product is very stable. 

The scalability is really amazing. That was part of the equation for one particular customer. When they understood how the bandwidth can be shared between different branches of their backbone, that they could really grow by correctly re-routing traffic, they were really happy with the solution.

My interaction with tech support was really nice. I used to be part of HPE some time ago and I understand how those kinds of companies work. You have to have all the requirements before you make an appointment with the engineers. When we followed up with all the requirements that Arbor needed, the process was very straightforward.

In terms of submitting a ticket, they are responsive and knowledgeable. They are very experienced people.

My former company didn't have a previous solution. The company was new in Mexico and there were many considerations regarding government involvement in the industry, so security considerations were not there at that time.

Arbor is the official solution for my former company, worldwide. Also, Arbor was sold as OEM as part of Cisco, and Cisco has a very strong position in that company. Both of those facts helped push the Arbor solution there.

The setup is very straightforward, once the final architecture is decided. 

However, the decision regarding the final architecture was not very simple because the carrier environment is very complex. In addition, at the time, the carrier I was working for bought another small carrier and was doing the integration between both their installations and backbones. That was very complex. But once all those details were decided, the placement of the Arbor solution was very straightforward.

The setup work and testing of the Arbor solution took about three to four weeks, not including all the pre-planning and architecture discussions.

I played a part, but Arbor engineers do the whole installation process. I helped as much as I could but Arbor wants the implementation done by Arbor techs. I helped with some minor activities.

For the deployment, there was one senior engineer and one junior engineer. On our side, there were a number of people, me and a couple of other engineers. And when we tested the mitigation between different branches, there were three Arbor engineers with us.

Because the solutions from competitors are very different, it's not easy to compare. However, the licensing from Arbor is clear and understandable and the pricing is reasonable when looking at the market, in general.

Don't worry that it is complex because, out-of-the-box, it protects you from the basics. Just open it and connect, that's all you have to do. But if you are making an investment of this type because you have to be protected against all scenarios, you have two options: close support from Arbor or a specialized engineer. If you have those resources, all the rest is very straightforward. It becomes a simple solution that can give you good results.

I give the solution a nine out of ten. I try to put myself in the shoes of our company's owner. If a solution is simple to operate and gives good results, it's good for me. The solution needs to do what it's supposed to do and be simple to manage.

• Very user-friendly GUI
• Simplest way of mitigation
• Predefined filters/techniques to easily stop the attacks and start mitigation.

My last project was with the biggest banks of India (almost all of them) and MNC, so it helped us to protect their network from present DoS/DDoS attacks.

Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,

E.g., if we have enabled monitoring of internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also creates looping in the network for any misconfiguration, which can impact the ISP’s internal network and the customer's link utilization.

Two years.

No issues.

No issues.

No issues.

A seven out of 10, because response times from Arbor TAC are little higher.

An eight out of 10. Very good.

Not applicable.

Not applicable.

The implementation was done by Arbor itself. They were excellent.

Not applicable.

Not applicable.

Not applicable.

Be in direct contact with Arbor TAC rather than choosing a vendor in-between.

• It is user-friendly and has a very easy GUI.

• It provides the simplest method of mitigation.

• It provides predefined filters/techniques to easily stop attacks.

My last project was with (almost all of) the biggest banks and MNCs in India. It helped us to protect their network from the present DDoS attacks.

The auto-mitigation feature is provided when DDoS is observed on any of the links/customers (configured under auto-mitigation). It automatically starts mitigation with the default filters. In the default filter mode, there could be an impact on a customer’s link.

For example, if we have enabled monitoring of the internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also create looping in the network for any misconfiguration. This can impact the ISP's internal network and the customer's link utilization.

I have used this solution for two years.

We did not have stability issues.

We did not have scalability issues.

I would rate the technical support a 7/10.

We were using black-hole mitigation. We switched from that technique because we were dropping all the traffic of the attacked link, rather than vulnerable traffic; there were many more loopholes.

The setup is a little complex regarding the methods of configuration with the customers, as we need to provide them with a clean pipe path during mitigation. Also, it is mostly used on ISPs so the configuration on gateways is a little hectic.

They offer good prices.

I did not evaluate other options.

Be in direct contact with Arbor, rather than choosing a vendor in between.