Arbor DDoS Valuable Features
SZ
Sanjin Zuhric
Team Lead Network Engineer at Artco Group d.o.o Sarajevo
Two primary features of Arbor DDoS are black hole and mitigation. Black hole can block some IP addresses that are under attack or mitigate some host addresses that are under attack. That is the main role that we use for Arbor DDoS.
Traffic analysis in Arbor DDoS uses the NetFlow protocol to collect information for the devices, and that provides statistics about the protocol, what is used of the link throughput, capacity, and so on. That is just for monitoring and the feature that we use, mitigation or black hole.
They protect big companies such as Telecom from DDoS attacks. DDoS attacks are very common in telecommunications companies. That is the main reason I use Arbor DDoS and have used it for over 10 years. It is simple but it is the best. It is simple when I explain it all, but that is a significant role for the telecom operator protecting against DDoS attacks because I have witnessed many DDoS attacks, specifically volumetric attacks. That is an attack over 10 gigabit per second, and if an attack enters the telecommunication network, that will be a disaster for their customer, their services, and so on.
View full review »The most valuable feature of Arbor DDoS is that it is based in most of the ISPs all over the world, and Egyptian ISPs are one of them. If a customer who is getting internet connectivity from one of the ISPs has an Arbor at the end, it will be integrated with the ISP Arbor. It's some sort of closing all the cycle with Arbor DDoS, from the ISP sides and from your side as a customer.
Traffic analysis with Arbor DDoS is very good; it is brilliant. They act in a different way compared to others, and the vendor support is very good.
The main benefits Arbor DDoS provides to users include stopping DDoS attacks, which is the biggest nightmare for all customers.
View full review »DO
Dmytro Okhrushchak
CTO at UkrNet
It has a really useful customer interface and good support from the company. Inside this product, there are many different configurations for protection, and we have one of the best experiences with it, specifically with the Atlas product. It has a library of different attacks around the world, which is updated in high quality, approximately once a week or once a month.
We have many updates for the library of different attacks, and they have artificial intelligence that automatically learns the process during different attacks.
The advanced threat intelligence feature is helpful as it helps to identify and mitigate threats. One of the advantages we can mention is the threat intelligence feature.
The integrations in Arbor DDoS with different products are good. It is especially easy to integrate with other products, particularly for some monitoring systems or other systems.
View full review »Buyer's Guide
Arbor DDoS
July 2025

Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,170 professionals have used our research since 2012.
NP
Nikolay Panayotov
Network Engineer at A1 Bulgaria
The platform offers quick mitigation of attacks because Arbor DDoS uses BGP Flowspec, enabling very quick mitigation. The time between detecting an attack and beginning to mitigate it is very short. Additionally, the ATLAS intelligence feeds provide a reputation for IP addresses participating in botnets, which is a significant feature. We can also conduct in-line mitigation and capture traffic in near-real-time, even when there's no alert for slow-rate attacks. If there is an attack, we can mitigate right away for the customer.
View full review »For me, the most valuable feature was the ability to detect attacks within two seconds and gain visibility of all the traffic. Additionally, Arbor DDoS helps with managing the attackers in this area to avoid volumetric attacks, especially when attackers attempt to shut down some clients' sites.
View full review »CO
ClementOlaosebikan
System Engineer at TIGER LOGIC
The feature I find most valuable is the packet capture, which beautifully shows the communication between the client and the server, identifying potential malicious activity. The cloud signaling adjustment is also very valuable as it enables global scrubbing of your links during an attack. Additionally, Arbor DDoS helps scrutinize and filter traffic, improving security measures.
View full review »MH
Mohammed Hassan
Regional Director at iSecureMind
The AI capabilities and anomaly detection using machine learning modules like isolation forests and auto-encoders are the most effective in mitigating DDoS attacks.
View full review »We use almost all the features of Arbor DDoS, but it really depends on the customer’s requirements, so I can’t specify exactly which features we use. However, many customers appreciate the basic DDoS protection, especially those without specific protection needs. For example, financial companies benefit from the cloud DDoS protection. It’s a straightforward solution that effectively meets their needs.
View full review »The most valuable feature of the solution is that it serves as a tool for DDoS mitigation. The product is also useful when it comes to integrating the on-prem solutions with the cloud scrubbing center of Arbor DDoS.
Arbor DDoS offers security features that automatically detect and prevent DDoS attacks. When a DDoS attack is detected targeting a specific IP, the Arbor device immediately becomes in line with the traffic and actively works to prevent the attack. This auto feature is one of the best aspects of Arbor DDoS, as it ensures timely and effective protection against such attacks.
View full review »The solution provides good protection against volumetric DDoS attacks.
View full review »Arbor's performance is its most valuable feature. The boxes are able to process huge amounts of traffic. One rec unit box can forward 20 gigabytes of traffic without any issue or without any latency towards the network. It's impressive really.
View full review »Reporting is quite good. There are several pages of reporting on DDoS attacks, and you can find all the details that you need.
It's quite good out-of-path equipment. It works fine automatically for out-of-path.
View full review »RL
Roman Lara
Sr. Security Engineer at Rackspace
I'm a network engineer by trade. We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs, as we get charged for outbound traffic. But the biggest use right now is for DDoS.
I like Arbor's hybrid approach to DDoS protection. It's a really good setup. We have the on-premise devices and we can monitor and protect our own infrastructure and that gives us a good handle on that traffic. Since we offer it as a service to our customers, those customers really don't want their traffic leaving the data center. Since we're global, when we get to Europe, there are places where that's not possible. So having a hybrid approach, and especially now with the new features that they're installing, we can kick up to Arbor, if needed, to protect our infrastructure and still have visibility within our own deployment to see how traffic looks without having to go to the third-party portal to log in and see traffic.
Its ability to incorporate DDoS with visibility and protection from the network layer up to the application layer, through the use of the Smart Data feature, works really well. You get a lot more visibility than you would with just NetFlow, especially when we get into the situations where we're in the DDoS and seeing every single package that's coming through. In that situation, a wider scope of information is available not only to us but to other security teams as well. We coordinate with our other security teams, further down the stack, and are able to mitigate at different levels using the information that we're pulling from Arbor. We call it the "security onion." We mitigate at different layers.
View full review »The solution is stable and scalable.
View full review »TP
Tanveer Pandit
General Manager at Vodafone Idea Ltd.
We are living in a world that is changing at a very fast pace. We have to match the pace of the world, not only from network security per se, but also from the point of view of the security at a larger level. We are not just protecting the safety of the customer, but protecting the application as such. That is where the real threat comes from, and the challenge is being thrown to all the providers and OEMs to keep our feature set updated and adding to features for minimal costs.
View full review »WF
Wilhelm Farrugia
Manager IP Core and Transmission Networks at GO PLC
Arbor provides a full solution. They provide:
- The possibility of alarm triggering based on flow packets.
- Always-on and on-demand
- Implementation of BGP Flowspec.
- Implementation with their cloud system.
- Good reporting.
I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.
What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.
View full review »The most valuable feature is mitigation, which can blackhole the IP.
View full review »The artificial intelligence feature is most appreciated. This solution can lower the throughput and clear the traffic, which is something really important for us. It also provides good protection.
It is user-friendly, and its integration has also been really fast. We have many critical applications, and it was easy to integrate Arbor DDoS with our website, mobile application, and web banking.
EN
Erik Nordquist
Product Manager, MSx Security Services at TPx Communications
I love the forensics. The forensics give us the ability to look at logs and to look for anomalies and give us traffic information about customers that we might not normally have. We can also use that to assist customers in troubleshooting issues that they might be having. The forensics is what I loved the most.
View full review »MR
Manohar Rajoria
Sr. Manager at a energy/utilities company with 10,001+ employees
The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.
The most valuable feature is the ability to work in BGP. It is not important to provide all traffic in a mitigation system every time. We have a lot of customers, and only when a proxy is detected do we use it. This has reduced the cost of our solution.
The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me.
They are putting quite a good amount of effort into their research to make their products stand out from the rest.
Day by day, the solution is actually getting smarter and more useful.
View full review »SP
Steve Puluka
Network Architect at DQE Communications
The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.
Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.
Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.
View full review »The product allows us to check real-time progress, including latency and network activities.
View full review »The solution is flexible, easy to implement and has an efficient technical support team.
Analytics and its attack mitigation capabilities are valuable features of the solution.
View full review »The stateless device format means that the box is very strong for preventing DDoS attacks.
The solution is user friendly and the graphical user interface can be used for everything without logging into the CLI.
The box includes embedded bypass modules so bypasses can be performed without outages.
Hardware modules do not need to be changed when upgrading licenses for additional capacity.
View full review »YI
Yassine-Ibnoucheikh
Regional Technical Manager at HTBS
Arbor DDoS is easy to use, provides effective blocking of DDoS attacks, and can be used for DNS, web, and main servers. Additionally, this solution is far easier to operate than others solutions, such as Fortinet DDoS.
AM
Ashutosh
Technical Lead - DEVSECOPS with 1,001-5,000 employees
We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly. Many times an attack is with hundreds of GBs on our devices. We're able to filter that out.
Also, it is able to find new, different IPs. Arbor keeps them for one or two days, but it will release them after some time. That enables us to blacklist them permanently so that we don't get that IP's traffic.
It also denies fragmented packets.
View full review »In the GUI, the packet capture is a very good option, as is the option to block an IP address. These help in analyzing traffic and blocking unwanted IP addresses as a preliminary troubleshooting step.
Also, they have a customer program where, if we find a blacklisted or bad-reputation IP, we can submit it to Arbor directly.
View full review »HR
SnrProjEng081
Senior Project Engineer at a tech services company with 10,001+ employees
It's very user-friendly. Everything is done through a GUI. It doesn't take much time to learn how to use it. Once you see it a few times you understand it.
It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken.
With Arbor, every six or 12 months, we can do DDoS testing.
Also, there are HTTP connections. We can tell it there are multiple production categories which are present in a server-type configuration and we can use that.
In very rare situations we use it to capture traffic. If there is any malicious traffic we can capture the packet where we can see the HTTP request.
VJ
Vikas Jain
Engineer at railtel corporation of india
- DDoS amplification
- Flow specs
- Blackhole mitigation, and
- IP location policy to control traffic based on geolocation.
TB
TabbrezBalbbale
Security Advisor at a comms service provider with 10,001+ employees
Valuable features include:
- Simple and centralized management of user access and capabilities
- Viewing and/or configuring of status, history, account, user, AAA, DNS, and NTP settings
- Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control
UK
Usman Khan
Team Lead for DDoS Protection at a comms service provider with 10,001+ employees
Our customers are very happy when we provide them with the interface. We give them read-only privileges and they can review the results by themselves. They can check how many attacks they have faced and how many attacks have been blocked. That is a very valuable feature offered by Arbor DDoS.
We can also give them more privileges. They can do some tweaking according to their own systems. If they have a database running or if they have a website, they can tweak the features themselves.
AF
AbuFaizal
Security Consultant at a tech services company with 10,001+ employees
There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds.
There are two modes in the product: The first is a learning mode and the other is a production mode. First, we learn the traffic using the learning mode. We use it to fine-tune what is suspicious data and what is legitimate traffic.
View full review »Specifically in the ISP infrastructure where I was working, Arbor DDoS is integrated to detect the threats and mitigation. Basically, the peak flow TMS solution and peak flow SP solution has been procured by my company. We are providing services to customers and protecting our own infrastructure as well.
When you work in an ISP or enterprise environment, the main priority is to protect your services or your customers services, like bandwidth. There must be no high volume breach towards any customer, such as a DDoS attack or application level attack. The purpose of procuring a peak flow TMS solution is to mitigate the high volume attacks towards our customers and to protect our internal infrastructure as well. This is our priority in this aspect.
View full review »The DDoS mitigation. There is no other feature.
It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.
View full review »It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated. I like the features.
View full review »We are using it mainly for DDoS protection. Reporting functions provide good visibility. Also, API's helps us to improve our service. We are also using it by serving cloud signaling service to our customers for their on-premise APS devices.
View full review »- AIF
- Cloud Signalling - In my previous environment, we worked with Arbor as a carrier but in my current company some of our customers have the solution on-premise and we have to synchronize the solution with the Arbor solution that our customers have in their enterprises. The ability to work with the Arbor solution on the carrier side and on-premise provides solutions for both types of customers.
HV
NetCon37561
Network Consultant at a comms service provider with 51-200 employees
We are able to respond quickly and prevent DDoS attacks.
View full review »Arbor Pravail APS products provide high visibility. With real-time packet capture features, you can easily and quickly response.
View full review »- Very user-friendly GUI
- Simplest way of mitigation
- Predefined filters/techniques to easily stop the attacks and start mitigation.
Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.
View full review »- As an ISP, it is important to know from where the traffic comes so as to neutralize any attacks.
- The Arbor Networks SP device provided great visualization of the network traffic.
- Arbor Networks TMS is for cleaning the DDoS traffic, which is used sparsely.
The deployment methods are really important as are the mitigation templates for volumetric and application-level attacks.
View full review »- It is user-friendly and has a very easy GUI.
- It provides the simplest method of mitigation.
- It provides predefined filters/techniques to easily stop attacks.
Arbor DDoS's best feature is that we can put the certificates in, and it will look at layer seven and the encrypted traffic and do the required signaling.
View full review »The solution looks into volumetric attacks and gets them resolved.
View full review »The solution is easy to use. The user interface is also easy to use. The documentation provided by the product is good.
View full review »Buyer's Guide
Arbor DDoS
July 2025

Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,170 professionals have used our research since 2012.