I'm a network engineer by trade. We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs, as we get charged for outbound traffic. But the biggest use right now is for DDoS.

I like Arbor's hybrid approach to DDoS protection. It's a really good setup. We have the on-premise devices and we can monitor and protect our own infrastructure and that gives us a good handle on that traffic. Since we offer it as a service to our customers, those customers really don't want their traffic leaving the data center. Since we're global, when we get to Europe, there are places where that's not possible. So having a hybrid approach, and especially now with the new features that they're installing, we can kick up to Arbor, if needed, to protect our infrastructure and still have visibility within our own deployment to see how traffic looks without having to go to the third-party portal to log in and see traffic.

Its ability to incorporate DDoS with visibility and protection from the network layer up to the application layer, through the use of the Smart Data feature, works really well. You get a lot more visibility than you would with just NetFlow, especially when we get into the situations where we're in the DDoS and seeing every single package that's coming through. In that situation, a wider scope of information is available not only to us but to other security teams as well. We coordinate with our other security teams, further down the stack, and are able to mitigate at different levels using the information that we're pulling from Arbor. We call it the "security onion." We mitigate at different layers.

We are living in a world that is changing at a very fast pace. We have to match the pace of  the world, not only from network security per se, but also from the point of view of the security at a larger level. We are not just protecting the safety of the customer, but protecting the application as such. That is where the real threat comes from, and the challenge is being thrown to all the providers and OEMs to keep our feature set updated and adding to features for minimal costs.

I love the forensics. The forensics give us the ability to look at logs and to look for anomalies and give us traffic information about customers that we might not normally have. We can also use that to assist customers in troubleshooting issues that they might be having. The forensics is what I loved the most.

The most valuable features include the traffic categorization and control of the traffic. The filtering of the traffic is very precise. When you want to stop some traffic, you precisely stop that traffic.

The auto-mitigation and upstream signaling are awesome. With the upstream signaling, this is where the application automatically raises an alarm that the data-line is over-utilized (potentially resulting in service unavailability) or is under attack (volumetric attack). The upstream service provider will then start scrubbing and black-holing malicious connections as a means to clean up the line and relieving the load. The fact that it's automated means I don't have to sit the entire time and always be looking out for threats coming through. It does it almost automatically, without any intervention by me.

They are putting quite a good amount of effort into their research to make their products stand out from the rest.

Day by day, the solution is actually getting smarter and more useful.

The most valuable feature is the ability to work in BGP. It is not important to provide all traffic in a mitigation system every time. We have a lot of customers, and only when a proxy is detected do we use it. This has reduced the cost of our solution. 

Arbor provides a full solution. They provide: 

• The possibility of alarm triggering based on flow packets. 
• Always-on and on-demand
• Implementation of BGP Flowspec. 
• Implementation with their cloud system.
• Good reporting. 

I like all the features together as a whole. It's a global solution that fits our needs. Detection is really important for us—the ability to trigger mitigation with TMS and the quality of mitigation.

What is also really important is to directly engage in mitigation on network elements, such as routers or switches, in addition to TMS mitigation. The capacity of the mitigation and the capacity to distribute mitigation on the routers are important. Using this solution as a hybrid approach to DDoS protection is an advantage. It's an important tool for managing the natural quality of service. We're quite confident about the solution and the evolution.

The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.

Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.

Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.

The artificial intelligence feature is most appreciated. This solution can lower the throughput and clear the traffic, which is something really important for us. It also provides good protection.

It is user-friendly, and its integration has also been really fast. We have many critical applications, and it was easy to integrate Arbor DDoS with our website, mobile application, and web banking.

Arbor DDoS is easy to use, provides effective blocking of DDoS attacks, and can be used for DNS, web, and main servers. Additionally, this solution is far easier to operate than others solutions, such as Fortinet DDoS.