Arbor DDoS OverviewUNIXBusinessApplication

Arbor DDoS is the #1 ranked solution in top Distributed Denial of Service (DDOS) Protection tools. PeerSpot users give Arbor DDoS an average rating of 8.6 out of 10. Arbor DDoS is most commonly compared to Cloudflare: Arbor DDoS vs Cloudflare. Arbor DDoS is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Arbor DDoS Buyer's Guide

Download the Arbor DDoS Buyer's Guide including reviews and more. Updated: December 2022

What is Arbor DDoS?

Arbor Networks, the security division of NETSCOUT, is driven to protect the infrastructure and ecosystem of the internet. It is the principle upon which we were founded in 2000; and remains the common thread that runs through all that we do today. Arbor’s approach is rooted in the study of network traffic. Arbor’s suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through our ATLAS infrastructure. Sourced from more than 300 service provider customers, ATLAS delivers intelligence based on insight into approximately 1/3 of global internet traffic. Supported by Arbor’s Security Engineering & Response Team (ASERT), smart workflows and rich user context, Arbor’s network insights help customers see, understand, and solve the most complex and consequential security challenges facing their organizations.

With Arbor DDoS you can automatically identify and stop all types of DDoS attacks and other cyber threats before they impact the availability of business-critical services.


Arbor DDoS is an intelligently automated combination of in-cloud and on-premises DDoS attack protection that is continuously backed by global threat intelligence and expertise.

Arbor DDoS Features and Benefits:

  • Global DDoS Protection: Arbor DDoS is an all-in-one solution offering carrier-agnostic, global DDoS protection that is backed by world-class security intelligence as well as industry leading DDoS protection products.
  • Worldwide scrubbing centers: Arbor DDoS offers comprehensive protection from the largest DDoS attacks.
  • Cloud Only and/or Hybrid Protection: The solution provides the flexibility to design comprehensive DDoS protection that fits your specific environment. It can be deployed as a cloud-only and/or an intelligent combination of in-cloud and on-premise DDoS protection.
  • Global Threat Intelligence: Arbor DDoS protection is continuously armed with the latest global threat intelligence from Netscout’s response team.
  • Automated DDoS Attack Detection and Mitigation: DDoS attacks can be automatically detected and routed to Arbor Cloud global scrubbing centers for mitigation.
  • Managed Services: To manage and optimize your on-premise DDoS protection, you can rely upon the industry-leading expertise of Arbor Networks.
  • Multi-layered Approach: As part of a layered approach to DDoS protection, Arbor Cloud provides in-cloud protection from advanced and high-volume DDoS attacks, all without interrupting access to your applications or services. Arbor Cloud’s automated or on-demand traffic scrubbing service defends against volumetric DDoS attacks that are too large to be mitigated on premises.

Reviews from Real Users:

Below are some of the many reasons why PeerSpot users are giving Arbor DDoS an 8 out of 10 rating:

"We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs.” - Roman L, Sr. Security Engineer at Rackspace

"We have taken on the Arbor Cloud subscription, which is really useful because you secure yourself for anything beyond your current mitigation capacity. This is a really good feature of Arbor that is available.” - Assistant General Manager at a comms service provider

“It is fully mitigating the attacks. We've dealt with other ones where we didn't necessarily see that. The detection is very good. It's also very simple to use. Arbor is a single pane of glass, whereas with other solutions you might have a detection pane of glass and then have to go to a separate interface to deal with the mitigation. That single pane of glass makes it much simpler." - Erik N., Product Manager, MSx Security Services at TPx Communications

Arbor DDoS was previously known as Arbor Networks SP, Arbor Networks TMS, Arbor Cloud for ENT.

Arbor DDoS Customers

Xtel Communications

Arbor DDoS Video

Archived Arbor DDoS Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Roman Lara - PeerSpot reviewer
Sr. Security Engineer at Rackspace
Real User
With automatic flow specs we're able to drop that traffic before it even enters into our network
Pros and Cons
  • "We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs..."
  • "I would also like more visibility into their bad actor feeds, their fingerprint feeds. We try to be good stewards of the internet, so if there are attacks, or bad actors within our networks, if there were an easier way for us to find them, we could stop them from doing their malicious activity, and at the same time save money."

What is our primary use case?

We're a hosting company and, in this industry, it's inevitable that you're going to be attacked. We originally purchased the product back in early 2000 for the SQL monitoring. Over the years, DDoS has become a nuisance for other companies we're hosting as well. We had originally purchased it just for internal use, and to predict our own internal infrastructure. But we found an avenue to offer it to our customers as well. It has just grown from there.

It's on-prem to protect our own infrastructure, as well as in the product that we sell to our customers to protect their services. We have a hybrid as well, as we use Arbor Cloud to protect our company's major assets if needed, as a type of over-capacity swing-over.

How has it helped my organization?

In terms of the visibility it provides into traffic to the application layer with the Sightline with Sentinel product, it's really good for what it's getting. If you're sampling traffic at the network edge, you don't get the grand scope that you would if you were seeing every single packet. But you're also getting a wide view of information, and at my level, working on the backbone, I need to see the grand scheme of things. If one customer is being scanned or penetrated in one way, it's not as important to me on the network layer as it is to somebody further down the stack. But if I'm seeing all the different scans coming in at a network layer, or bad actors that we have already identified as trying to hit our infrastructure, then that gives me a better idea of what's going on in my network, which is extremely important to me at that point. I can rally the troops to where I need them at that time.

We've gotten to the point where we have worked with this for so long that the protection provided by Sightline with Sentinel, across the different layers of our architecture from the network to the application, is automatic for us. There are very few adjustments that we need to do for customers, even with the wide range of customers that we have. We've been able to configure and to templatize different aspects of the system to fit about 80 percent of our customers, without having to go in there and fine tune. And now, with the addition of the passive protection, we're able to go in and tune a template further, so that it matches the customer even better with what we're doing.

Another way it helps the way our organization functions is because it does have a GUI. I'm able to present information and walk different parts of our leadership through different aspects of attacks, and how we're blocking them. One of the biggest examples of that was my ability to show them, by deploying flow specs, how much traffic I was dropping at the network edge, compared to how much traffic was actually coming into our networks. I showed them how it was saving us from having to upgrade capacity within the data center. It's been our backbone to different aspects of our environment.

In addition, other security groups that may not be at the network level, have the ability to go in and pull NetFlow from Arbor, and start looking for defined signatures of known bad actors out there or known signatures of tools that they may have. 

We're averaging about 1,900 attacks a day. And we're only looking at attacks that could affect our infrastructure. We don't offer this service to everybody within our data centers. Arbor was deployed to protect the infrastructure. There are still a lot of attacks that are getting through that we're not really worried about. We're only looking at the larger types of attacks and engaging them more.

And because this is pretty much automated, we are able to catch attacks now within five to 30 seconds. And in the world of hosting, every single millisecond counts. We offer 99 percent uptime. Without Arbor, we'd probably be around 75 to 80 percent uptime. Attacks are cheap nowadays. People can create a lot of bandwidth for a couple of dollars.

Arbor DDoS also consolidates visibility and the actions we need to take, at the backbone level. Because we have 10 data centers spread out across the globe, and more coming in the future, it gives us better visibility not only into bad actors and traffic coming in, but also the ability to see how traffic is moving from one data center to another. Peer evaluation helps us to see if a peer at a given location is a better use than at another location. Also, point-to-point, from data center to data center, for VPN services that we offer, it has opened up a lot of different aspects of traffic analysis that we weren't really utilizing. Now, we're able to see where we need to adjust our bandwidth, and save money, and other places where we need to raise bandwidth before it costs us money.

It's also helped us get a better idea for future capacity planning, not only for current data centers, but data centers that are going to be in different regions where our company is located. 

And the biggest benefit, for us as A company, are savings from peer evaluations; seeing where we can better utilize the relationship with different providers and if there is the potential for mutual benefit across multiple data centers, globally.

What is most valuable?

I'm a network engineer by trade. We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs, as we get charged for outbound traffic. But the biggest use right now is for DDoS.

I like Arbor's hybrid approach to DDoS protection. It's a really good setup. We have the on-premise devices and we can monitor and protect our own infrastructure and that gives us a good handle on that traffic. Since we offer it as a service to our customers, those customers really don't want their traffic leaving the data center. Since we're global, when we get to Europe, there are places where that's not possible. So having a hybrid approach, and especially now with the new features that they're installing, we can kick up to Arbor, if needed, to protect our infrastructure and still have visibility within our own deployment to see how traffic looks without having to go to the third-party portal to log in and see traffic.

Its ability to incorporate DDoS with visibility and protection from the network layer up to the application layer, through the use of the Smart Data feature, works really well. You get a lot more visibility than you would with just NetFlow, especially when we get into the situations where we're in the DDoS and seeing every single package that's coming through. In that situation, a wider scope of information is available not only to us but to other security teams as well. We coordinate with our other security teams, further down the stack, and are able to mitigate at different levels using the information that we're pulling from Arbor. We call it the "security onion." We mitigate at different layers.

What needs improvement?

Their RESTful API is still a work-in-progress. They're pushing out different versions of the API with each code upgrade.

I would also like more visibility into their bad actor feeds, their fingerprint feeds. We try to be good stewards of the internet, so if there are attacks, or bad actors within our networks, if there were an easier way for us to find them, we could stop them from doing their malicious activity, and at the same time save money.

Buyer's Guide
Arbor DDoS
December 2022
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,711 professionals have used our research since 2012.

For how long have I used the solution?

The company has been using Arbor DDoS for 20 years now. I have been using it for 11 years.

What do I think about the stability of the solution?

The overall stability is great. In the 11 years that I've worked with it, I've had to replace three devices because of an issue with the actual hardware or software. And in my line of business, that's beyond awesome. We have replaced more backbone devices in that time, in one data center, than Arbor devices.

What do I think about the scalability of the solution?

Scalability is great, at least at the hosting level. Tier-1s may have bigger issues with scalability as far as actual filtering devices go. But they've gone to virtual machines now as well, where they're able to deploy these virtual devices in a way that they couldn't with hardware devices, and at a better cost.

If we can find another use for increasing visibility, we're always glad to help. One of the things that we've found in the past, from security incidents, was that different groups were seeing different issues at different times and nobody knew about it until everybody together came afterwards to discuss the problems or the issues that happened. So we're coordinating with other departments within our organization, not only to provide our feeds, but other feeds from other security tools.

How are customer service and support?

Their technical support is excellent. One of the biggest things about Arbor is their knowledge. We're usually about a step behind when it comes to their code — that's just engineering caution — so by the time we run into an issue, they have already seen it, most of the time, and are able to fix the issue for us before it becomes a bigger issue. There have been times when they practically contact us about possible patching that we may need, just to circumvent any future problems.

I'm in a position where I've been affiliated with Arbor for such a long time, that I know a lot of their top engineers, and any kind of features that we request are usually fast-tracked.

Which solution did I use previously and why did I switch?

We had Cisco products. We switched because the usability was just too complex. With Cisco, we were able to adjust many things, but there were way too many buttons to push, to help you out. Arbor gives you a great balance between simplicity and surgical precision that I haven't been able to find in other products.

I do test other DDoS products. And one of the things that I have found is that there's a lot of what I call "black magic" software, where you click on a button or switch and it automatically does what you want it to do, but you really have no understanding of what it's doing on the back-end. With Arbor, and being in engineering, you have a great idea of what's going on and how it's being utilized, which makes troubleshooting issues during mitigations a lot easier. If you know exactly what a countermeasure is doing, then you're able to precisely say if it's an issue with your system or if it's further down the stream on another device, a firewall or a load balancer, etc.

How was the initial setup?

The setup depends on the network, but from start to finish, they're really good at helping you set this up. Their sales engineers are very hands-on people. It's pretty much straightforward for a mid-level engineer to set up, without any real help.

We redeploy new hardware every five years, and we can redeploy 48 devices within three days with no network interruption. And we can deploy a single data center for DDoS within four hours, max.

We have a standard implementation strategy. We have them on standby. We have them deliver all their devices with any code that we're going to be upgrading to or running. For the most part, they will stage any type of code or patches that we may need. From there, it's pretty much unplug it and plug it back in.

We have a team of three for deployment. At any given time, one way or another, I would say close to 150 people are using it. Their roles include peer coordinators. We also have our design and build engineers looking at capacity. There are people on my team that deal with nothing but DDoS attacks. I have network operations dealing with network visibility. I have internal SOCs that are looking for any kind of malware or bad actors trying to invade our corporate network. We also have our customer SOC desk looking at the internal data center backbone for customers.

What was our ROI?

We have definitely seen ROI. DDoS is something that was not supposed to stay around, but it has been around for quite a long time now. If you're going to be in the internet business, the chances of your being attacked are great. We've been able to incorporate it into our service where it pays for itself very quickly.

Our deployment can pay for itself within a year, and we're protecting close to $80 million of monthly revenue of customers that are using the service. 

And that's just a portion of what it's being used for. The capacity planning and being able to block outbound DoS attacks, saving us bandwidth, adds up as well. The last metrics we had there, we were sitting at close to $375,000 per data center by reducing outbound attacks. That also makes our facility less attractive to bad actors to use as a jumping off point or as a reflection point.

What's my experience with pricing, setup cost, and licensing?

You pay for what you get. Like any other consumer product, there are things out there that are extremely cheaper than Arbor, but you're also not going to get the type of information that you do with Arbor. And there are some other companies out there that are a little pricier than Arbor, that are not going to mitigate and give you the type of information that you want. Arbor is striking a good balance between pricing and what they deliver.

In  terms of costs in addition to their standard licensing fees, it depends. There are other feeds that you can subscribe to. There are different services that they're starting to bundle up with NETSCOUT, that you'll be able to subscribe to. There are some feeds on proactive alerting. Because they have such a big visibility into the global internet network, they're able to see botnets discussing or targeting potential customers of yours, and they can actually make you aware of such. They have different feeds that they get from their security team that help you mitigate DoS attacks without any kind of intrusion on your part. You don't have to make any kind of adjustment to countermeasure. These are pre-configured signatures that they see in the wild and that feed is delivered straight to your mitigation device and can mitigate DoS attacks that common users wouldn't be able to do by themselves. That is great for those who are first taking on the product and getting into taking on DDoS attacks.

Which other solutions did I evaluate?

We've looked at Radware among others. Some of the other ones are really GUI-heavy. They have pretty pictures and you can click around, but that's the extent of what you can do. You can't go in and fine tune some of these systems. They're either very network-mitigation-type heavy, or they're more on the application. They're not a really good balance of both, which I've been able to find with Arbor. Another thing I have found is that a lot of these competitors have feeds. And once you start diving into their feeds and seeing where their sources are, a lot of them have Arbor as one of their feeds.

One of the reasons that we stay with Arbor is its evolution to meet growing concerns around DDoS attacks. My job is to find the best product out there to protect our infrastructure. I've looked for years and years, and continue to look, and Arbor has been able to give us the best results overall, as well as the best equipment, with the least number of headaches. We get a great bang for our buck. Requests that we put in for features are met with either a great explanation of why they can't fit it in, or are deployed months after we've requested them. Arbor's biggest feature is not their equipment, rather it's their knowledge, because they get such great visibility into the global network. They're able to see things that are months ahead of hitting the rest of the industry and are usually one step ahead of what's about to hit.

The new feature that stands out compared to their competition is their automatic flow specs. Flow specs are nothing more than dynamic ACLs on the network edge, using PGP. What this does is it surgically reduces the amount of capacity we need to use from their TMS (threat mitigation system) and now use the network edges, the routers, to drop the traffic that's not wanted. There are a lot of what we call "dumb attacks," reflection amplification attacks, that can decimate a data center. With flow specs, we're able to drop that traffic before it even enters into our network. That's exactly what you want. You want to be able to stop and drop traffic further up the stack, as much as possible.

Another feature that they're working on, that I'm excited to see, is the ability to share these flow specs, these rules, with your provider. So if we have an attack, and we have AT&T or another of the big Tier-1s, we can send them our rules, and they can block the traffic at their network at that time, which reduces the liability to our network as well.

They're also starting to put out reporting features. It's often hard to take what you see at the technical level and push that up to your C-level type of executives. They like pretty graphs and you can't really do that with the information from NetFlow. But using the new executive reporting makes it a lot easier for us to justify it for next year's budget. And if there are budget cuts somewhere, we can always show to our leadership how useful this deployment is, to get the additional capital or OpEx, if need be.

These features are available in competing products, but not to the extent that Arbor has in its reporting. Reporting is available in a lot of products, but the information they provide is something you have to go in and actually create. And you're limited to what you're able to create. With Arbor, and its REST API, we can now create all kinds of reports that suit the person or the audience that we're trying to get to.

There's no other competitor that I'm aware of, right now, that's working with the providers to be able to share flow specs between them. That's one of the advantages that Arbor has in working with something like 95 percent of the Tier-1 providers. Arbor has a little more insight into the bigger providers that we rely on. Other competitors have not gone to that level yet.

What other advice do I have?

Talk with their sales engineers and understand the different uses of Arbor. If you're just looking just for a pure DDoS product, there may be other solutions within Arbor that are better to use, or different feeds that may be beneficial. Maybe you're more into capacity planning or peering analysis, and there are other things in addition to those that you can do with Arbor. If you're buying it for DDoS, you still do capacity planning and peer evaluation for the same cost using the same license. But what I've found with other people that use the product is they're single-use. Some buy it for DDoS and only use it for DDoS. They don't take into account the other information that they could be pulling from it.

The sheer amount of traffic that's out there in the network is one of the biggest things I've learned from using the solution. Looking at north-south traffic, traffic coming into our data centers and out of our data centers, it's a lot higher than what we had thought we would see when we first started using Arbor. It helped us to provide an infrastructure that was future-proof. Before we started understanding the different uses of Arbor, we would upgrade our routers on the edge, only to have to upgrade two or three years later when the actual router was still viable but it just wasn't able to control or handle the capacity. Now, we're able to put devices in place that are future-proof and that reduces our costs by not having to replace those devices every so often because they ran out of bandwidth.

Another thing we found was the number of bad actors that were living within our environment. When cloud first started popping up, everybody rushed to get their own clouds up and running. What wasn't taken into account was that there was a lot of malicious traffic that was being generated by these types of environments. They gave us a better understanding of cloud computing and the security issues that we would be facing as we tried to expand that environment.

Sightline with Sentinel does not yet communicate information upstream to our service provider around attacks, so that they can stop the attack closer to the attacker. It's something that we've been working on with Arbor for many years. There are some programs out there that Arbor is working on where we can communicate with other deployments that have Arbor. From the engineering perspective, we're all for it, not only at my company but even at the major Tier-1s. It's when you get up to higher management that we hit the roadblocks. Everybody in security wants to share information, but nobody wants to say anything either.

More and more people are coming around to the idea that they need some type of DDoS protection as part of their security posture. We tell customers that there's no one silver bullet out there that's going to do it all. Arbor does a great job of mitigating DoS attacks but we don't want to do all the blocking with Arbor devices, so further down the stack you want load balancers and firewalls to help you out.

The fact that Arbor has been in DDoS visibility and protection for more than 10 years definitely affects our confidence in it. I've been with other providers that use Arbor as well and that's one of the things that is always brought up, the confidence level. Deploying this on my network and the visibility it's going to give me is hands-down better, compared to an up and coming cheaper product that may claim to have better abilities to mitigate DDoS attacks. But they don't have the visibility that you really need. That's the key asset that Arbor has because they've been in the business for so long and have these great relationships with these big Tier-1 providers. They're not only able to provide the necessary equipment but, more importantly, the knowledge that comes with it. At the root of things, all DDoS vendors basically do the same thing, they drop traffic. It's the knowledge of what type of traffic to drop that is extremely important, to me and others who are in the same business. When you have visibility into one-third of the global internet, you have great visibility into what's going to happen in the future as well.

I would give Arbor DDoS a nine out of 10. There's always room for improvement. With DDoS products, there's always an evolving merry-go-round of different attacks. For me, giving it a 10 would be that silver bullet where it is going to handle all your attacks. Arbor will be straightforward with you and let you know that it's not that silver bullet and that there are times when its system is not the best system for the use that you have. One of the downfalls, at least on our site, has been that its visibility into the application layer in the monitoring mode is not the best, and that's because it's sampling traffic. Once it's in a mitigation and seeing packet-for-packet, it's devastating to see the amount of information you can pull. That's why we've gone ahead and implemented different Arbor devices lower down, closer to the application, to give us even more visibility.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Steve Puluka - PeerSpot reviewer
Network Architect at DQE Communications
Real User
Comprehensive DDoS mitigation options from targeted off-ramp to BGP flow spec or Remote triggered blackhole
Pros and Cons
  • "Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends."
  • "The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underling OS to the application version can be easily missed."

What is our primary use case?

Using the Arbor SP Insight allows the detection of DDoS attacks coming in from upstream internet providers. The system provides a central analysis to detect DDoS attacks and allow reporting on internet traffic. This along with the TMS physical off-ramp mitigation platform allows us to redirect the inbound attack traffic via BGP. The offramp TMS effectively separates attack traffic from the main path used during normal operation. The system provides attack mitigation for both internal infrastructure and downstream customer services.

How has it helped my organization?

Prior to deploying the Arbor solution, DDoS mitigation involved creating ad hoc packet filters to block the malicious traffic during event. These were difficult to apply because getting the detailed match information during an event was problematic. The traffic monitoring systems we had in place did not always have the necessary detail, nor was the attack traffic patterns readily identifiable as malicious. And then the nature of the attacks did not always allow for blocking filters to apply only to malicious traffic. Arbor has made the whole process simpler. 

What is most valuable?

The ability to correlate Arbor managed objects with internet services deployed accurately profiles traffic and makes coordinating appropriate mitigation response simple. The reporting on both alerts and mitigations provides both detailed and visually pleasing reports.

Using standard BGP, NetFlow and SNMP ensure wide compatibility. There are also peering traffic reports that can help identify upstream peering opportunities. The ATLAS aggregation service allows us to contribute to the global DDoS data and benefit from overall trends.

Arbor also allows us to create upstream remote triggered blackhole requests via BGP communities assigned from our upstream carriers. We can have the flexibility to trigger an individual or all carriers for each /32 advertisements. The system also allows us to use BGP flow spec to apply blocking filters at our routing edge nodes.

What needs improvement?

The upgrade process is mildly complex requiring treatment of the custom embedded OS separately from the application. The correlation of the underlying OS to the application version can be easily missed.

Linking the white list designation on managed objects into the alert detection mechanism would be a welcome improvement. Currently, white lists to prevent dropping any traffic on important resources only apply to the mitigation process.  If the white list could be used during alert detection this would prevent some false positive alerts that are coming from these known good sources.

For how long have I used the solution?

I have been using Arbor DDoS protection for over 8 years across two employers one a large scale enterprise network with dual data centers and 4 ISP upstreams and the second a regional service provider with multiple tier-one upstreams and internet exchange connections.

How are customer service and technical support?

Arbor technical support is painless. Support requests at any hour are serviced quickly with an engineer that is very familiar with the platform details. The one RMA from hardware failure that I had to process went through immediately for our next business day delivery.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Arbor DDoS
December 2022
Learn what your peers think about Arbor DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,711 professionals have used our research since 2012.
Technical Lead - DEVSECOPS with 1,001-5,000 employees
Real User
Stable, scalable, and handles complex environments
Pros and Cons
  • "We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly."
  • "If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there. It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see."

What is our primary use case?

We use Arbor DDoS in the Asia Pacific region for a couple of government clients and Financial sector. The primary use case is for different types of problems that we do not see with other solutions, such as IPS, IDS, and FireEye. It has that type of detection and it blocks things.

How has it helped my organization?

It detect and protect DDOS effectively.

What is most valuable?

We can reduce the bandwidth to minimize the attack level. If we see more than 2.5 GBs we drop it directly. Many times an attack is with hundreds of GBs on our devices. We're able to filter that out.

Also, it is able to find new, different IPs. Arbor keeps them for one or two days, but it will release them after some time. That enables us to blacklist them permanently so that we don't get that IP's traffic.

It also denies fragmented packets.

What needs improvement?

If we want to see live traffic, we can see do so. But once an attack that lasts for five minutes is done, the data is no longer there.  It would be an improvement if we could see recent traffic in the dashboard. We can check and download live traffic, but a past attack, with all the details, such as why it happened and how to mitigate and prevent such future attacks, would be helpful to see.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It's a stable solution. We haven't had any issues up until now, except for one or two times. On those occasions, we found attacks were getting through but then we realized we needed to update the signature database. Since then, it has been working fine. It is blocking as it should.

There haven't been any bugs.

What do I think about the scalability of the solution?

We haven't had any issues with the scalability.

How are customer service and technical support?

Technical support is good. They respond swiftly.

Which solution did I use previously and why did I switch?

We found what we wanted in Arbor DDoS. It met our expectations, as IT users of different types of complex environments. It fit our needs. After we did the PoC, we found that this product is good. It was scalable and stable.

How was the initial setup?

The initial setup is complex.

Deployment took about four months. After getting vendor support for installation, we then configured IP ranges for different clients. Then we set up the bandwidth and enabled logins.

There has not been much to deploy and maintain since then.

What about the implementation team?

Arbor directly helped with the deployment.

What was our ROI?

DDoS is a major problem. If it infiltrates one device, it can move laterally, compromising much more. Up until now, we haven't lost any confidential data. The DDoS protection solution is a valuable tool to our organization.

Which other solutions did I evaluate?

We did look at competitors but I don't remember which ones now.

What other advice do I have?

We have two teams that work with it. There is the maintenance team and we are the team that takes action.

I would rate Arbor DDoS at eight out of ten. It's stable, it's scalable, and it can handle complex environments. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
The introduction of IP-intelligence helps in determining IPs with a bad reputation
Pros and Cons
  • "In the GUI, the packet capture is a very good option, as is the option to block an IP address."
  • "There is definitely room for improvement in third-party intelligence and integrations."

What is our primary use case?

We observed traffic over six months to create a benchmark. We created alerts to trigger and be sent to our SOC once the traffic exceeds the benchmark.

How has it helped my organization?

The introduction of IP-intelligence helps in determining IPs with a bad reputation. We recently upgraded to the latest version and that functionality is enabled now. They've come up with centralized intelligence based on their own cloud, and they feed the data, the intelligence.

What is most valuable?

In the GUI, the packet capture is a very good option, as is the option to block an IP address. These help in analyzing traffic and blocking unwanted IP addresses as a preliminary troubleshooting step.

Also, they have a customer program where, if we find a blacklisted or bad-reputation IP, we can submit it to Arbor directly.

What needs improvement?

There is definitely room for improvement in third-party intelligence and integrations. I would like to see more threat intelligence and internal traffic monitoring for C & C communications.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

We have not faced any scalability issues since we have a very confined environment.

How are customer service and technical support?

Tech support is good. They have really good expertise from the appliance point of view.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

Although I was not involved in the initial setup, I understand that it is easy. In terms of the specifics of our implementation, it's sensitive information so it can not be made public. Because of the criticality, I cannot comment on configuration or how is it implemented.

Regarding the simple setup, it is because of the out-of-the-box configurations which Arbor provides you with. I don't think there is another way to implement it as such. It was per Arbor's standards, so there was nothing that was done differently.

What's my experience with pricing, setup cost, and licensing?

Pricing is average.

What other advice do I have?

Go for the latest appliances.

We do have plans to increase our usage of this type of solution, but now there are a lot of other services coming up so we are looking in parallel at other stuff, for other functionalities and features from Arbor itself.

I rate Arbor DDoS at eight out of ten. They have done a considerable amount of development in the last few years when it comes to features. However, there is a restriction when the environment is hosted in the cloud and it is on-prem, so there a challenge there: The full-fledged features don't comply with certain requirements. There are always challenges.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Project Engineer at a tech services company with 10,001+ employees
Real User
We're able to block traffic before it gets to the firewall, but alerts on the main page can't be cleared when resolved
Pros and Cons
  • "It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken."
  • "On the main page there are alerts that we are unable to clear, even though the issue has been resolved."

What is our primary use case?

We have captured a profile for every production group which has a server-type configuration. We also enable signaling. If there is a huge amount of traffic, it will indicate that to us. Accordingly, we will inform them to take action or whatever. We will determine whether it is legitimate or not based on the requirements.

There is a given bandwidth for any organization, an expected amount of traffic at a given point of time. If it sees more than the traffic which we are expecting at a given point of time, it could be an anomaly. We will then check internally whether a download or upload is happening, etc. Normally, if it sees a huge amount of traffic at the same time, then automated cloud signaling will be enabled and, automatically, the traffic will be dropped.

How has it helped my organization?

There are multiple malicious IPs which are present everywhere. So, wherever the traffic comes from, it comes directly to the internet firewall, which utilizes the firewall's bandwidth, latency, etc. We block such traffic directly at the Arbor level only. 

Also, with network-level signatures, we can block things like malicious packets at the Arbor level only.

What is most valuable?

It's very user-friendly. Everything is done through a GUI. It doesn't take much time to learn how to use it. Once you see it a few times you understand it.

It provides packet capture and we can block or whitelist whichever IPs we need to. Whatever traffic we want to block - and we get IPs from internal teams and from national teams - we block at the Arbor level only, because if it gets to the firewall then firewall bandwidth will be taken.

With Arbor, every six or 12 months, we can do DDoS testing.

Also, there are HTTP connections. We can tell it there are multiple production categories which are present in a server-type configuration and we can use that. 

In very rare situations we use it to capture traffic. If there is any malicious traffic we can capture the packet where we can see the HTTP request.

What needs improvement?

On the main page there are alerts that we are unable to clear, even though the issue has been resolved.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is very good. We have never faced an issue with it.

What do I think about the scalability of the solution?

The scalability depends on the box but we have never had any issues with that.

How is customer service and technical support?

We use technical support when there is some issue with the box or traffic and we are unable to resolve it. Our interaction with them is good. They check the issues. It usually takes them one or two days to respond. They're knowledgeable and helpful.

The last issue we contacted them on was during implementation. We connected to one of two management ports but it was not working. They told us to change the management port and when we did everything was fine.

How was the initial setup?

I did the initial setup. It's not complex. We have a default admin and password where we need to set a management IP. Once management IP is set, if we connect it through a comm port, we need to set our system IP tools in the same subnet so that we can connect to Arbor. After that, we can set up usernames, passwords, and an IP access list. We can even change the group password.

If you have some knowledge, the implementation will only take between a half-hour and an hour. The only scenario where it takes time is when we put it into inline mode; when we mount the devices into the network.

One person is enough for deployment, if they have knowledge of how to implement it. There is no need for two or three. The number of people required to maintain it depends on the automation. One person is often enough. 

What other advice do I have?

We have seven people who directly access Arbor DDoS, mostly project engineers.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Engineer at RailTel Corporation of India Ltd
Real User
I like the IP location policy to control traffic based on geolocation.

What is our primary use case?

Mitigating network level volumetric attacks, complete network visibility and complete control on applying countermeasures.

What is most valuable?

  • DDoS amplification
  • Flow specs
  • Blackhole mitigation, and
  • IP location policy to control traffic based on geolocation.

What needs improvement?

Cloud signaling integration with third-party DDoS solution provider. Currently, it supports only its DDoS APS box.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
TabbrezBalbbale - PeerSpot reviewer
Security Advisor at a comms service provider with 10,001+ employees
Real User
Key features include Web 2.0 interactive attack alerting and traffic visualization
Pros and Cons
  • "Valuable features include simple and centralized management of user access and capabilities, as well as Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control."
  • "The following areas need improvement: opening and tracking support tickets, online support resources, software upgrades/updates and replacement media, and event management guidelines."

What is our primary use case?

We use these products because of the increase in frequency and sophistication of Denial of Service and Distributed Denial of Service attacks. As a service provider, we need to control and mitigate these attacks.

What is most valuable?

Valuable features include:

  • Simple and centralized management of user access and capabilities
  • Viewing and/or configuring of status, history, account, user, AAA, DNS, and NTP settings
  • Web 2.0 interactive attack alerting, traffic visualization, and mitigation service control

What needs improvement?

The following areas need improvement:

  • Opening and tracking support tickets 
  • Online support resources
  • Software upgrades/updates and replacement media
  • Event management guidelines.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The initial implementation phase was a bit tricky but after that, it worked like a charm.

What do I think about the scalability of the solution?

Provides increased performance, scalability, and availability for Peakflow SP-based managed services.

It enables 25 simultaneous users/API per non-leader device. It scales up to ten PI devices and a maximum of 125 simultaneous logins, deployment-wide.

How was the initial setup?

The setup follows a project plan based on a PIP (Performance Improvement Plan) document and the LLD. A process is created to cover site preparation, hardware staging, hardware installation, and link activation and needs the involvement of the Operations team. Deployment takes three to four months.

Our implementation strategy is as follows:

  • Assign a project manager to be onsite when needed during the implementation until signoff
  • Understand customer’s policies, requirements, and procedures
  • Discuss and agree on the general prerequisites for the proposed solutions
  • Conduct site survey
  • Site preparation for the proposed solutions
  • Design the proposed solutions
  • Provide detailed project plan for the entire assignment
  • Provide Low-Level Design
  • Delivering the proposed SW and HW to the site
  • Configure the solutions based on best practices
  • Complete integration, fine-tuning, testing, and knowledge transfer to provide templates and guidance on use of templates to team members
  • Finalize the deliverables along with the client

What about the implementation team?

We did include an SI for the deployment. Our experience with that team was excellent as they knew what they were doing.

What's my experience with pricing, setup cost, and licensing?

Pricing is slightly on the higher side.

What other advice do I have?

It's an excellent product DDoS protection against attacks.

We have more than 7,000 users at all levels of access.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Usman Khan - PeerSpot reviewer
Team Lead for DDoS Protection at a comms service provider with 10,001+ employees
Real User
Our customers can check how many attacks they have faced and how many have been blocked
Pros and Cons
  • "Our customers are very happy when we provide them with the interface... They can check how many attacks they have faced and how many attacks have been blocked."
  • "Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful."

What is our primary use case?

We use it to protect websites, usually. But it's hosted in our network, our infrastructure, and the company websites as well. We are an ISP company and we provide internet services and other services to companies, like banks, etc. Part of our services is DDoS protection.

How has it helped my organization?

We are the ISP for government websites here in Saudi Arabia. We had a lot of attacks on those sites. The way we mitigated those attacks was by asking the people who are hosting the website about the features they were using for the websites. They specified two of the ports, and they said we're not going to allow any other port, any other service apart from these two services. We allowed the websites to be accessible through those two ports only. We blocked everything else. This was four years ago and everything has been smooth ever since.

We have a monitoring team here, which is on watch 24/7. The monitoring part is very easy with this solution.

What is most valuable?

Our customers are very happy when we provide them with the interface. We give them read-only privileges and they can review the results by themselves. They can check how many attacks they have faced and how many attacks have been blocked. That is a very valuable feature offered by Arbor DDoS.

We can also give them more privileges. They can do some tweaking according to their own systems. If they have a database running or if they have a website, they can tweak the features themselves.

What needs improvement?

Because we had some routers that were somewhat old, they were not integrated with Arbor. They did not support the NetFlow version that Arbor was running. That was a challenge. We had to upgrade the routers. Some backward-compatibility would be helpful.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The deployment is okay, stable. But when you are manipulating the countermeasures, that is the difficult part. You have to be very careful, and you have to be sure that these countermeasures will kick in when needed, that they're going to work.

We have to customize the countermeasures for each customer. That is a real challenge. We should be reviewing them every month. They might be changing their services, they might be using different ports. We have to keep asking our customers, "Okay what are you running now? What are you using now? Which port are you running now?" so that we know what to expect. We need to know which traffic would be legit and which traffic is illegitimate so that we can block the illegitimate traffic without mistakes. We don't want to block the real traffic. There is a feature in Arbor called auto-learning. We can run that and it will help us. But at the end of the day, it's for us to decide what to allow.

You cannot rely on auto because, for example, if you're running auto-learning, and the services have been running on 80, and all of a sudden it switches to 443, it will keep on blocking. You have to expect what's coming. You cannot rely on auto. Human involvement is always necessary.

What do I think about the scalability of the solution?

If the network is expanding, of course, we would expect to need to add more equipment. We would need to expand our solution.

We had two customers from the government which came in, and they are super-important. Their services cannot go down. We had another solution from Arbor called Pravail. We had that installed for those two customers specifically. Their expected traffic is almost 8 MB, and their throughput is 12 MB. Any noise or malformed packets or out-of-sequence packets get filtered by the Pravail Solution. The bigger attacks will be handled by the TMS, the Threat Mitigation System.

Scalability is not a problem for Arbor.

How are customer service and technical support?

Technical support is really good. ATAC has been good with us. We haven't had any problem contacting them or getting them engaged in our activities. For example, sometimes we need to customize the portal banner. For that, they have been helpful.

Which solution did I use previously and why did I switch?

This is our first DDoS solution.

How was the initial setup?

The initial setup is kind of complex because it requires peering. We have to design it from scratch, which makes it a little bit complex. It depends on whether we want to get it inline or if we want to apply offloading, and whether the company can afford a TMS of its own or we need to send traffic to a remote TMS, hosted by Arbor itself.

The last deployment I was involved in took almost a month-and-a-half, with another 15 days for documentation.

It took about eight to 12 people to get the deployment operational. We had people from the core who were engaged with us for the integration and bringing up the systems. After that, we had to hire some fresh resources, because, honestly, it's a new product and it's not very common. We can't really find experienced people for DDoS.

It was not much of a challenge when we were developing it and when we were deploying it because we had a resident engineer who was planning everything, who was leading everything. But after that, when we were mitigating the attacks, there were challenges because we didn't have experienced people over here and the attacks were coming day and night, 24 /7. I had to come to the office after midnight and at midday. 

But now, the system stable and the people that I'm managing are more experienced. They know stuff and it's pretty smooth now.

What about the implementation team?

We engaged Arbor itself. We had a resident engineer from Arbor who came here and deployed the system. He was here for a month more for support and for any types of issues that we faced.

What other advice do I have?

Go for it. It's one of the best solutions you can get for DDoS. It doesn't matter what services you're going to use. As long as you have the whole solution, the TMS and everything in-house, it's the best solution.

We have a team of 12 to deploy and monitor the solution; we have three shifts running around the clock. They monitor the system alerts. They monitor the websites using the controls that we have to protect the clients. If one of them catches an attack, there is a high-alert flag and we focus on the attack to see if it has been mitigated or not. If it needs anything, if it needs some tweaking, we have two resources on each watch, a senior resource and a junior. The junior one keeps on monitoring. The senior one comes in whenever there is something to correct or if something needs to be changed in the system.

For ISPs, Arbor DDoS would be the best solution. For smaller organizations, we can buy the services from Amazon for DDoS protection, and there's Cloudflare. But for ISPs, it's better to have Arbor DDoS because we have everything in-house. ISPs like ours have almost 120 gig bandwidth. For throughput, it's the best one.

We don't have plans to increase usage currently because when we brought the solution four years ago, we measured it a lot. We bought more than what we needed. The plan is to improve the human operability on the system itself. Things look smooth, but you cannot rely on two or three people. We have to have redundancy in the human workforce. We're planning to expand the team so that we don't need to hire any fresh resources and train them from the start. These services are very expensive and our customers are expecting a perfect solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
AbuFaizal - PeerSpot reviewer
Security Consultant at a tech services company with 10,001+ employees
Consultant
We're able to develop threshold values for clients' servers to help flag suspicious traffic
Pros and Cons
  • "There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds."
  • "Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning."

What is our primary use case?

Our primary use case is developing threshold values for all groups. We use it to analyze packets to build a use-case for when a server group hits the limit of incoming traffic. In such a case we suspect traffic.

We use it to build use-case scenarios, based on the server input and a client's requirements. Some clients have a number of users accessing a given server which affects the bandwidth. In each case, we need to tell DDoS what is considered legitimate traffic.

How has it helped my organization?

It prevents all unwanted or malicious traffic, using the Threat Intelligence feeds.

What is most valuable?

There are a number of valuable features in this product, like Cloud Signaling and Threat Intelligence feeds.

There are two modes in the product: The first is a learning mode and the other is a production mode. First, we learn the traffic using the learning mode. We use it to fine-tune what is suspicious data and what is legitimate traffic.

What needs improvement?

Sometimes it blocks legitimate traffic. If a legitimate user is trying to access the server continuously, the product suspects that this is a DoS traffic file. That is a case where it needs to improve. It needs machine-learning. Self-learning would be an improvement.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of Arbor DDoS is good. It's not that complex as a product and stability is not an issue.

What do I think about the scalability of the solution?

The scalability is good. Configuration-wise, an administrator could create issues. But the product itself is good.

I have implemented it multiple times in industries like oil and gas, banking, and insurance.

How is customer service and technical support?

The response from Arbor's technical support is good. They respond within two days.

How was the initial setup?

The initial setup is straightforward. It's very simple. I have deployed the product for multiple clients. Implementation takes less than three to four hours, but the fine-tuning takes some time, based on the organization's needs. That can take more than a month.

Our implementation strategy is based on how many servers and groups there are and what kind of traffic is coming to/from the internet. These are the factors that affect how we deploy it. Deployment requires two to three consultants who are security architects. For maintenance, one administrator is fine.

What's my experience with pricing, setup cost, and licensing?

Licensing is based on features, I believe.

What other advice do I have?

Implementation is very easy but making the product work optimally is more difficult.

It's the best product. I would rate it at eight out of ten. There are some minor issues with blocking legitimate traffic and that's why it's not a ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Manager IP Services at a tech company with 10,001+ employees
Real User
Has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment.
Pros and Cons
  • "Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment."
  • "I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions."

What is our primary use case?

I was working in the ISP environment and the Arbor DDoS solution is integrated in there.

How has it helped my organization?

We have certain gaming server data centers having some big or small LAN protectors. All protectors have been added to Arbor for mitigation and protection and the IPs with frequent attacks are separately added for more focus monitoring. Usually when gaming users go online they experience this type of high volume attack. We pick those IPs and separately define an Arbor for mitigation and the whether those are positive.

What is most valuable?

Specifically in the ISP infrastructure where I was working, Arbor DDoS is integrated to detect the threats and mitigation. Basically, the peak flow TMS solution and peak flow SP solution has been procured by my company. We are providing services to customers and protecting our own infrastructure as well.

When you work in an ISP or enterprise environment, the main priority is to protect your services or your customers services, like bandwidth. There must be no high volume breach towards any customer, such as a DDoS attack or application level attack. The purpose of procuring a peak flow TMS solution is to mitigate the high volume attacks towards our customers and to protect our internal infrastructure as well. This is our priority in this aspect.

What needs improvement?

I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions. Plus, hardware stability is a big issue with Arbor. We have frequent outages with the hardware.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

Arbor is good for expansions or forecasts, and helps us as well. Their pre-sales team is very dedicated and focused and they just nominate the POC, who then provides the capability, descriptions and presentations to us.

How are customer service and technical support?

They are helpful. Their response time is good. 

Which solution did I use previously and why did I switch?

No, we were just manually blackholing at level three, an upper level. We were not using any specific DDoS solutions like Arbor.

How was the initial setup?

Initial setup is a bit complex because it is a Linux based working environment for configuration. A bit of expertise is required to configure the setup. It requires an expert level assistance from Arbor to complete the configuration or to apply any new system.

Deployment took around 3-4 months because we had two sites nationwide on which peak flow was deployed.

What about the implementation team?

Yes. They were just handling the physical connectivity, the mounting, placement and insertion of the cords. By law, integration is pushed by the Arbor expert.

What's my experience with pricing, setup cost, and licensing?

Licensing is good and they are very helpful to us. Without licensing you cannot get the complete features of the product, as well as the complete level of support, so licensing is obviously a good option.

Which other solutions did I evaluate?

Actually there is a different planning team which takes care of the projects, so I don't know if they were considering any other vendor or not, but right now Arbor is the first choice and we are working with it.

Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment. So, Arbor is very helpful to have inside of the most recent attacks and their backgrounds.

What other advice do I have?

Arbor has a global ranking and global recognition. Whenever you do a search on Google, you can find Arbor on the top three or top five DDoS protection vendors. Obviously, Arbor is very reliable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Consultant with 51-200 employees
Consultant
Operating the solution is easy, it's just one dashboard with mitigation
Pros and Cons
  • "It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy."
  • "For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit... In F5 I have full control of everything."

What is our primary use case?

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

How has it helped my organization?

I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.

What is most valuable?

The DDoS mitigation. There is no other feature.

It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.

What needs improvement?

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.

But otherwise, from a user perspective, it's pretty straightforward.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.

What do I think about the scalability of the solution?

Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.

There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.

How are customer service and technical support?

Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.

Which solution did I use previously and why did I switch?

I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.

When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.

How was the initial setup?

The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.

The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.

The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.

When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.

In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.

What was our ROI?

I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.

What's my experience with pricing, setup cost, and licensing?

To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.

What other advice do I have?

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.

I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Security Architect with 1,001-5,000 employees
Reseller
Easy to deploy and user-friendly, we can use the web interface or CLI to troubleshoot
Pros and Cons
  • "It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated."

    What is our primary use case?

    We are an internet service provider. We are using Arbor in our networks and it mitigates all attacks on our network. We are using BGP for traffic diversion.

    How has it helped my organization?

    When we implement Arbor in an organization it is protected against DDoS attacks. We also protect our services, our customers and their networks with it. We need Arbor or a similar solution in our organization.

    What is most valuable?

    It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated. I like the features.

    What needs improvement?

    Sometimes the PPM module gives you an error. They improved it, they deployed a patch, and fixed it. Generally, if it gives you an error, you need to power it off and back on again.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It's more stable than its competitors. We haven't had any stability issues with it.

    What do I think about the scalability of the solution?

    It's scalable.

    How are customer service and technical support?

    Technical support is pretty good. Sometimes first-level engineers take too much time, but when they escalate to the engineers they solve our problems. So the first level of support, I am not sure about them, but the other levels are good.

    They respond to our tickets.

    Which solution did I use previously and why did I switch?

    We used Cisco Guard but Cisco no longer sells that solution. It was a very complex solution and our customer satisfaction was very low. We searched for a new solution and we liked Arbor.

    How was the initial setup?

    It is easy to deploy. You can easily configure the interface, connect your network, and easily do the BGP configuration from the menu.

    If you're deploying the TMS product, it takes about one hour for the physical deployment and configuration requirements. The Collector is easily done in TMS. Their inline solution, APS devices, is also easily done. It takes about a half an hour for an APS device.

    We don't have a specific deployment strategy. For deployment, the minimum staff required is one security guy and one network guy.

    What about the implementation team?

    We generally get support from Arbor engineers while we deploy.

    What was our ROI?

    We have gained from this product, and our customers are also satisfied with this solution. It helps with our profit. It's a good investment.

    What's my experience with pricing, setup cost, and licensing?

    Arbor's products are very expensive. Their competitors are cheap when compared with Arbor. Now we are using Arbor, but in the future, if the price remains expensive, we might PoC the competitors. If we have the budget, we want to use Arbor, but in the future, if we have budget problems we may try other products.

    What other advice do I have?

    I would recommend Arbor's solution. I like it.

    In terms of increasing the usage of Arbor, when we expand our networks, we open new sites or data centers, we always use Arbor. In the future, if expand out, we will use it again.

    I rate it a nine out of ten because I have been using it for about eight years and it's very user-friendly, troubleshooting is good, and the reporting side is also good. It's easy to deploy and our customer feedback has been good. It's just that the pricing is very expensive, so I give it a nine.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    it_user969444 - PeerSpot reviewer
    Security Expert at a comms service provider with 10,001+ employees
    Real User
    Protects both our company's and customers' infrastructures, but pricing is expensive
    Pros and Cons
    • "We also use it by serving our customers' cloud signaling services with on-premise APS devices."

      What is our primary use case?

      We are using Arbor as a DDoS protection infrastructure. It protects our both our company's infrastructure and also our customers' infrastructure. We are not using it to protect one website, we are protecting a lot of websites and a lot of customers' infrastructures including their websites, their web services, etc.

      How has it helped my organization?

      It protects our infrastructure. We are in a particular geography so we face a lot of cyber attacks, especially DDoS attacks. It's very beneficial for our infrastructure. It's a vital component for every provider network.

      What is most valuable?

      We are using it mainly for DDoS protection. Reporting functions provide good visibility. Also, API's helps us to improve our service. We are also using it by serving cloud signaling service to our customers for their on-premise APS devices.

      What needs improvement?

      Learning period for managed objects are too short; better to have auto-profiling based on learning.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      As long as you don't touch it, it's very stable. But if you try to configure new features or some new deployment, sometimes that can be a problem. A few weeks ago we had an appliance that went down. 

      What do I think about the scalability of the solution?

      It's very scalable. It has a central management platform that manages all appliances, so if you have a few sites, you can scale it to other sites with new devices and you can manage them from the central management platform.

      How is customer service and technical support?

      Arbor has an engineer in our country and we try to solve our cases or our problems or our new feature configurations with him. Also we are able to do that by contacting tech directly. The guys in our country help us contact the tech team. They also have another contact in the tech team so they can speed up the resolution of our cases by communicating with him.

      When issues arise, they're helpful, they're knowledgeable and responsive.

      The last ticket we submitted was when one of our appliances went down while we were configuring it one night. They solved it within four or five hours after we opened the case. They sent the solution within that time. The appliance went back up and has continued to work properly.

      How was the initial setup?

      The setup is very straightforward, not too complex. Their tech team is very helpful.

      What's my experience with pricing, setup cost, and licensing?

      As far as I know, they are very successful in DDoS protection. Because they know it, their service prices are too high. They provide cloud DDoS protection for ISPs, but that is also too expensive. 

      Which other solutions did I evaluate?

      We are evaluating other options. We may apply one if we find an appropriate solution. As I mentioned before, Arbor DDoS prices are too high, it's very expensive. It would be better to have more than one vendor in our infrastructure, because there is no competition when you have one vendor or one solution.

      What other advice do I have?

      Arbor is very good at what it does. If you have enough budget you can apply it to your infrastructure and use its flexibility and reporting features very well. But if you don't have the budget and you don't expand the budget for the coming next years, I suggest not getting in touch with Arbor.

      Five or six engineers can log in to devices, but in our company two people are managing infrastructure. There are always ways to optimize it, but we have been working for two years to optimize it and it's in a good situation compared to two years ago.

      I would rate it a seven out of ten. My rating is based on the general problems that we had and the solutions for them, as well as the daily stability of these devices.

      We are using nearly all the features of Arbor. Currently, they are enough for us, but in the future, if there are different kinds of DDoS attacks I believe that Arbor DDoS will also take action against them.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Cloud Security Specialist at a tech services company with 11-50 employees
      Real User
      Cloud Signalling enables us to synchronize with on-premise solutions
      Pros and Cons
        • "The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not."

        What is our primary use case?

        The main focus was DDoS protection.

        How has it helped my organization?

        Some months ago, in Mexico, we had presidential elections. At that time it was very important to deny DDoS attacks, especially on the platform for counting votes in the election. This solution was good for our customers.

        What is most valuable?

        • AIF
        • Cloud Signalling - In my previous environment, we worked with Arbor as a carrier but in my current company some of our customers have the solution on-premise and we have to synchronize the solution with the Arbor solution that our customers have in their enterprises. The ability to work with the Arbor solution on the carrier side and on-premise provides solutions for both types of customers.

        What needs improvement?

        The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not.

        The first impression needs to be more mature. It needs to be something that you would be proud to show someone. If you have a visitor to your SOC and you show him your installation, you need something more impressive. The look and feel of other brands is really nice, while Arbor is really simple. It's a good solution but not as spectacular as others. It's a matter of marketing, not performance.

        For how long have I used the solution?

        Three to five years.

        What do I think about the stability of the solution?

        The product is very stable. 

        What do I think about the scalability of the solution?

        The scalability is really amazing. That was part of the equation for one particular customer. When they understood how the bandwidth can be shared between different branches of their backbone, that they could really grow by correctly re-routing traffic, they were really happy with the solution.

        How are customer service and technical support?

        My interaction with tech support was really nice. I used to be part of HPE some time ago and I understand how those kinds of companies work. You have to have all the requirements before you make an appointment with the engineers. When we followed up with all the requirements that Arbor needed, the process was very straightforward.

        In terms of submitting a ticket, they are responsive and knowledgeable. They are very experienced people.

        Which solution did I use previously and why did I switch?

        My former company didn't have a previous solution. The company was new in Mexico and there were many considerations regarding government involvement in the industry, so security considerations were not there at that time.

        Arbor is the official solution for my former company, worldwide. Also, Arbor was sold as OEM as part of Cisco, and Cisco has a very strong position in that company. Both of those facts helped push the Arbor solution there.

        How was the initial setup?

        The setup is very straightforward, once the final architecture is decided. 

        However, the decision regarding the final architecture was not very simple because the carrier environment is very complex. In addition, at the time, the carrier I was working for bought another small carrier and was doing the integration between both their installations and backbones. That was very complex. But once all those details were decided, the placement of the Arbor solution was very straightforward.

        The setup work and testing of the Arbor solution took about three to four weeks, not including all the pre-planning and architecture discussions.

        What about the implementation team?

        I played a part, but Arbor engineers do the whole installation process. I helped as much as I could but Arbor wants the implementation done by Arbor techs. I helped with some minor activities.

        For the deployment, there was one senior engineer and one junior engineer. On our side, there were a number of people, me and a couple of other engineers. And when we tested the mitigation between different branches, there were three Arbor engineers with us.

        What's my experience with pricing, setup cost, and licensing?

        Because the solutions from competitors are very different, it's not easy to compare. However, the licensing from Arbor is clear and understandable and the pricing is reasonable when looking at the market, in general.

        What other advice do I have?

        Don't worry that it is complex because, out-of-the-box, it protects you from the basics. Just open it and connect, that's all you have to do. But if you are making an investment of this type because you have to be protected against all scenarios, you have two options: close support from Arbor or a specialized engineer. If you have those resources, all the rest is very straightforward. It becomes a simple solution that can give you good results.

        I give the solution a nine out of ten. I try to put myself in the shoes of our company's owner. If a solution is simple to operate and gives good results, it's good for me. The solution needs to do what it's supposed to do and be simple to manage.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Network Consultant at a comms service provider with 51-200 employees
        Consultant
        We are able to respond quickly and prevent DDoS attacks

        What is our primary use case?

        It is mostly for Internet Service Providers (ISPs). It is for operations on the service provider and network security operations. It is a good solution.

        How has it helped my organization?

        It improves our organization by preventing attacks and improving the availability of the network on services, which provides a better service to customers.

        What is most valuable?

        We are able to respond quickly and prevent DDoS attacks.

        What needs improvement?

        There is some room for AI to take place.

        For how long have I used the solution?

        More than five years.

        What do I think about the stability of the solution?

        Stability is perfectly good. I have not seen an issue in years.

        What do I think about the scalability of the solution?

        Its scalability is big. It is for large deployments of big organizations and service providers.

        How is customer service and technical support?

        Technical support is good. They provide quite good support. They have different levels depending on the pockets that you have bought, so you get the relative support. They have a lot of levels for support and good SLAs.

        How was the initial setup?

        The initial setup is complex, but experts are involved. Even with experts from both the vendor and the operator side, the initial set up can take some time, though it is essential.

        What's my experience with pricing, setup cost, and licensing?

        We work with different vendors from different industries.

        What other advice do I have?

        Most important important criteria when selecting a vendor:

        • How the offering covers the business needs.
        • The reputation of the vendor.
        Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
        PeerSpot user
        PeerSpot user
        Security Consultant at a tech services company with 11-50 employees
        Reseller
        Provides easy management, high visibility, and quick response capabilities

        What is our primary use case?

        Arbor Pravail APS devices are using for protecting availability of services. DDOS, rating, and behavior analyses are the base of this product. 

        How has it helped my organization?

        Arbor Pravail APS devices provides easy management, high visibility, and quick response capabilities. Therefore, we can quickly complete the POV PoC demo process.

        What is most valuable?

        Arbor Pravail APS products provide high visibility. With real-time packet capture features, you can easily and quickly response. 

        What needs improvement?

        Arbor Pravail APS devices do not sync features or config the backup enough. This needs to be improved.

        For how long have I used the solution?

        More than five years.
        Disclosure: My company has a business relationship with this vendor other than being a customer: Value-added reseller
        PeerSpot user
        PeerSpot user
        Cyber Security Analyst at a tech services company with 10,001+ employees
        Real User
        The implementation was done by a vendor team, and they were excellent
        Pros and Cons
        • "Predefined filters/techniques to easily stop the attacks and start mitigation."
        • "Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,"

        What is most valuable?

        • Very user-friendly GUI
        • Simplest way of mitigation
        • Predefined filters/techniques to easily stop the attacks and start mitigation.

        How has it helped my organization?

        My last project was with the biggest banks of India (almost all of them) and MNC, so it helped us to protect their network from present DoS/DDoS attacks.

        What needs improvement?

        Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,

        E.g., if we have enabled monitoring of internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also creates looping in the network for any misconfiguration, which can impact the ISP’s internal network and the customer's link utilization.

        For how long have I used the solution?

        Two years.

        What was my experience with deployment of the solution?

        No issues.

        What do I think about the stability of the solution?

        No issues.

        What do I think about the scalability of the solution?

        No issues.

        How are customer service and technical support?

        Customer Service:

        A seven out of 10, because response times from Arbor TAC are little higher.

        Technical Support:

        An eight out of 10. Very good.

        Which solution did I use previously and why did I switch?

        Not applicable.

        How was the initial setup?

        Not applicable.

        What about the implementation team?

        The implementation was done by Arbor itself. They were excellent.

        What was our ROI?

        Not applicable.

        What's my experience with pricing, setup cost, and licensing?

        Not applicable.

        Which other solutions did I evaluate?

        Not applicable.

        What other advice do I have?

        Be in direct contact with Arbor TAC rather than choosing a vendor in-between.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We protect our internal network as well as customers.
        PeerSpot user
        it_user700122 - PeerSpot reviewer
        Information Security Officer at a comms service provider
        Real User
        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        What is most valuable?

        Arbor has the ability to learn and self-create the appropriate profile for each customer. This ensures that false positives are kept to a minimum.

        How has it helped my organization?

        It provides a much more efficient protection of our customers.

        What needs improvement?

        A small improvement could be a better reporting system.

        For how long have I used the solution?

        I've used this solution for two years.

        What do I think about the stability of the solution?

        No. Since day one, the product works without any issues.

        What do I think about the scalability of the solution?

        I didn't encounter issues with scalability.

        How are customer service and technical support?

        Very Good. The technical support team was there each time we needed them, offering valuable help and advice.

        Which solution did I use previously and why did I switch?

        I did not use a different solution prior to Arbor DDoS.

        How was the initial setup?

        No, the initial setup was easy. The excellent interface makes it easy to configure.

        What about the implementation team?

        Check if you can combine the product’s Cloud Signaling capabilities with your upstream provider. This will enhance your DDOS protection even further

        What's my experience with pricing, setup cost, and licensing?

        Start with a small license. Measure your bandwidth requirements.

        Which other solutions did I evaluate?

        Yes. Checkpoint.

        Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        PeerSpot user
        it_user667689 - PeerSpot reviewer
        IT Security Manager at a comms service provider with 501-1,000 employees
        Real User
        It helped us to find the best IP network route to reach countries with low latency.

        What is most valuable?

        • As an ISP, it is important to know from where the traffic comes so as to neutralize any attacks.

        • The Arbor Networks SP device provided great visualization of the network traffic.

        • Arbor Networks TMS is for cleaning the DDoS traffic, which is used sparsely.

        How has it helped my organization?

        The Arbor Networks SP device allowed us to optimize the network traffic. For example, it helped us to find the best IP network route to reach certain countries with low latency.

        What needs improvement?

        My opinion is that these Arbor devices should be scalable, in terms of the hardware.

        Network bandwidth is rapidly increasing. Therefore, it is not practical to predict the network traffic as what it will be in five years time and also, to accordingly plan the required hardware specifications.

        For how long have I used the solution?

        I have been using this solution since 2009.

        We have been using the Arbor Peakflow SP CP-5000 and Arbor Peakflow TMS 2700.

        What do I think about the stability of the solution?

        Both the devices were very stable at the operation.

        What do I think about the scalability of the solution?

        Unfortunately, these devices are not scalable and we have to upgrade to the next model in order to increase the threat mitigation capabilities.

        How are customer service and technical support?

        We’ve received technical support mainly from Thailand. The guy who supported us was very competent with the products.

        Which solution did I use previously and why did I switch?

        We were not using any other solution before.

        How was the initial setup?

        The initial IP configuration has to be done in a command line, but the rest you can do via the web interface.

        What's my experience with pricing, setup cost, and licensing?

        As a comparatively medium-scale ISP, we struggled with the license restrictions. By default, the Arbor SP device has only five licenses, which means only five routers can be integrated.

        Which other solutions did I evaluate?

        At that time (2008-09), when we checked the other options, there was not even a single product vendor that had the ability to do both network traffic analysis and DDoS traffic cleansing.

        There were other proposals such as Radware and Cisco Guard for DDOS protection.

        What other advice do I have?

        It is vital to identify the number of routers that are going to be integrated and the scrubbing capacity required for the expected lifetime of the product, as it is not scalable once you have purchased it.

        For others who expect to implement Arbor, the key prerequisite is to identify the network devices that are going to integrate, since it will dictate the licensing. Since it is not scalable, so users should have to get this right before purchasing the product.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        it_user710730 - PeerSpot reviewer
        it_user710730Cloud Services Architect EMEA at a tech vendor with 501-1,000 employees
        Real User

        I am an Arbor employee.
        Licensing has been made much more flexible in recent years, and price-per-gigabit of mitigation capacity has gone down consistently. New models, both hardware- and software-based have been added to improve scalability.

        it_user626721 - PeerSpot reviewer
        Security Consultant & IT Professional at Sistemas Aplicativos, SISAP
        Consultant
        It provides mitigation templates for volumetric and application-level attacks.

        What is most valuable?

        The deployment methods are really important as are the mitigation templates for volumetric and application-level attacks.

        How has it helped my organization?

        We do not have this product in our organization. We are service providers for Arbor.

        This product improves the application's availability; we have mitigated targeted attacks for some clients.

        What needs improvement?

        I believe that the Arbor Cloud should be available, even if the customer does not have any Arbor appliance on-premise.

        For how long have I used the solution?

        I have been using Arbor technologies for about two years.

        What do I think about the stability of the solution?

        In the two years I have been using the product, I haven't encountered any stability issues. The solution is pretty robust and stable.

        What do I think about the scalability of the solution?

        Both solutions, Arbor Networks SP/TMS and APS, are very scalable.

        The important point about Arbor Networks APS is that it is usually deployed inline, so you have to be aware of the number of switch ports available for each model.

        How is customer service and technical support?

        I have a lot of experience with the technical support for multiple vendors (HPE, Cisco, Palo Alto Networks, Imperva, etc.) and the Arbor support is really good; usually, they respond with the workaround for your issue.

        I really recommend the technical support from Arbor.

        How was the initial setup?

        Setup complexity depends on the appliance:

        • Arbor Networks APS: The setup is really straightforward; deployment and tuning are not that hard.
        • Arbor Networks SP/TMS: This a complex solution and usually deployed in Diversion/Reinjection mode. Customers have to know the concepts and configuration about BGP, routing etc.

        What's my experience with pricing, setup cost, and licensing?

        Arbor Networks APS licensing usually depends on the throughput of the enterprise.

        Arbor Networks SP/TMS licensing usually depends on the throughput and the number of managed routers.

        Note: It is not a cheap solution, but this is the most deployed anti-DDoS solution worldwide.

        Which other solutions did I evaluate?

        This is the first enterprise anti-DDoS product that we acquired. It later became Imperva.

        What other advice do I have?

        You have to be clear as to what do you want to protect, i.e., the applications, networks, etc.

        The most complex appliances are for the Arbor Networks SP/TMS solutions, so you have to know the BGP, peering, diversion, and reinjection concepts.

        Disclosure: My company has a business relationship with this vendor other than being a customer: We are partners.
        PeerSpot user
        it_user710730 - PeerSpot reviewer
        it_user710730Cloud Services Architect EMEA at a tech vendor with 501-1,000 employees
        Real User


        Arbor Cloud is now available "cloud only" too, although we still think that a hybrid, multi layer solution provides the most comprehensive protection.

        it_user664614 - PeerSpot reviewer
        Cyber Security Analyst at a tech services company with 10,001+ employees
        Real User
        It provides predefined filters/techniques to easily stop attacks. The auto-mitigation feature starts with the default filters, which could impact a customer’s link.

        What is most valuable?

        • It is user-friendly and has a very easy GUI.

        • It provides the simplest method of mitigation.

        • It provides predefined filters/techniques to easily stop attacks.

        How has it helped my organization?

        My last project was with (almost all of) the biggest banks and MNCs in India. It helped us to protect their network from the present DDoS attacks.

        What needs improvement?

        The auto-mitigation feature is provided when DDoS is observed on any of the links/customers (configured under auto-mitigation). It automatically starts mitigation with the default filters. In the default filter mode, there could be an impact on a customer’s link.

        For example, if we have enabled monitoring of the internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also create looping in the network for any misconfiguration. This can impact the ISP's internal network and the customer's link utilization.

        For how long have I used the solution?

        I have used this solution for two years.

        What do I think about the stability of the solution?

        We did not have stability issues.

        What do I think about the scalability of the solution?

        We did not have scalability issues.

        How are customer service and technical support?

        I would rate the technical support a 7/10.

        Which solution did I use previously and why did I switch?

        We were using black-hole mitigation. We switched from that technique because we were dropping all the traffic of the attacked link, rather than vulnerable traffic; there were many more loopholes.

        How was the initial setup?

        The setup is a little complex regarding the methods of configuration with the customers, as we need to provide them with a clean pipe path during mitigation. Also, it is mostly used on ISPs so the configuration on gateways is a little hectic.

        What's my experience with pricing, setup cost, and licensing?

        They offer good prices.

        Which other solutions did I evaluate?

        I did not evaluate other options.

        What other advice do I have?

        Be in direct contact with Arbor, rather than choosing a vendor in between.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        PeerSpot user
        Buyer's Guide
        Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.
        Updated: December 2022
        Buyer's Guide
        Download our free Arbor DDoS Report and get advice and tips from experienced pros sharing their opinions.