Arbor DDoS Reviews

In my company, we use Arbor DDoS for the DDoS protection it provides.

The most valuable feature of the solution is that it serves as a tool for DDoS mitigation. The product is also useful when it comes to integrating the on-prem solutions with the cloud scrubbing center of Arbor DDoS.

My company is okay with Arbor DDoS. I don't know how improvements can be made in the technology used by Arbor DDoS. I can see that Arbor DDoS is the best in the market when it comes to DDoS protection, as they have very rich features while offering seamless integration between on-prem solutions and its cloud scrubbing centers. My company likes the support offered by Arbor DDoS. My company also likes the scalability capacity offered by Arbor DDoS.

When you use Arbor DDoS, sometimes you may face some integration issues with other technologies or other vendors' technologies, which is normal to an extent when it comes to the competition between vendors as they lock the integration capabilities of their products. With Arbor DDoS, its integration issues with other technologies or other vendors' technologies is an area of concern that could be improved.

I operate more on the commercial side of the business as I am a product manager in my organization. When speaking about technology from a technical perspective, I am not the right person to comment on what additional features are required in Arbor DDoS.

It would be great if Arbor DDoS could enhance its technology and protect users from DDoS attacks without installing any on-prem or customer-premise equipment, but from a technical perspective, I don't know if something like this can be done or not.

I have been using Arbor DDoS for almost four years. My company has a partnership with NETSCOUT.

Stability-wise, I rate the solution an eight out of ten. Some bug issues are related to any of the technologies in the market.

It is a scalable solution. Scalability-wise, I rate the solution an eight out of ten.

I recommend the solution to businesses that operate medium to large-sized companies.

The quality of the technical support provided by Arbor DDoS is premium.

I rate the technical support a nine out of ten.

Positive

The product's initial setup phase is complex. When it comes to a service provider in the local market, you need to realize that you are dealing with a complex solution with a high capacity for threat mitigation to serve multiple customers with different requirements. In our company, we have layer 2 attacks and mitigation techniques, where the tool is installed on an on-prem solution in our gateways and integrated with Arbor DDoS global scrubbing center to handle very high or volumetric DDoS attacks. When you want to go for application security with Layer 7 DDoS, you must install the AED or a customer device on an on-prem model. The new model or the business model of customers try to avoid installing any on-prem devices or hardware so they can take over the headache of operation or management or vendor support of their devices.

The solution is deployed on the on-premises and cloud models. Depending on the cybersecurity compliance requirements, you can choose to deploy the tool on either model as it offers deployment of the product on a hybrid model.

Arbor DDoS is an expensive solution and not a low-priced product, as its technology offers very high performance. I believe that the price of Arbor DDoS falls under the bracket of medium to high price.

There was a plan in my company to work with F5 to protect the cloud environment inside VMware solutions, but we moved to another technology. F5 needs to work on multi-tenant architecture to improve it.

Suppose I discuss my experience and my customers' feedback about Arbor DDoS. In that case, I can say that we all are very satisfied with the solution in terms of the performance and the technology itself, like DDoS mitigation techniques for applications starting from Layer 1 to Layer 7. The cloud scrubbing center offered by Arbor DDoS is amazing, as it has reached up to 11 TB. Arbor DDoS offers very nice support. The only issue with the product is when it comes to its integration capabilities with other technologies, an area where I think Arbor DDoS is working on currently. My company has recently dealt with some incidents when it comes to integrating Arbor DDoS with our SIEM solution, and we saw that there were some issues that Arbor DDoS fixed.

I rate the overall tool an eight out of ten.

Arbor DDoS offers security features that automatically detect and prevent DDoS attacks. When a DDoS attack is detected targeting a specific IP, the Arbor device immediately becomes in line with the traffic and actively works to prevent the attack. This auto feature is one of the best aspects of Arbor DDoS, as it ensures timely and effective protection against such attacks.

The solution's IT support needs improvement. So, since we don't have any direct relationship with Arbor, our service provider provides us with the support. Support is an area which needs improvement.

In our company, we are not using any DDoS solution, but our ISP provides us with NETSCOUT Arbor DDoS. Basically, we have been consuming the services of Arbor DDoS for the last four years. So, we are just the customers of the solution.

For stability, I rate this solution a ten out of ten.

Arbor DDoS is a scalable product. I rate the solution an eight out of ten for scalability.

We don't directly access Arbor DDoS. We are a customer of the solution. Our organization caters to a large customer base of 1,100,000 who utilize our enterprise services. These services are primarily accessed through an internet-based platform. So, DDoS is a very critical solution for us since all our services are internet-facing ones.

Considering the support provided by our ISP, I rate the solution's technical support an eight out of ten.

Positive

As a customer of Arbor DDoS, I am unable to provide any comments regarding the setup process, as it was handled by someone else. Similarly, I cannot comment on the duration of the deployment of the solution within our organization, as our service provider was responsible for its deployment.

As a customer of the solution, I don't know about the pricing details as our company's service provider offers us the solution as an inbuilt feature within the internet bandwidth they provide us. Therefore, there is no additional pricing for Arbor DDoS. Maybe, our service provider might have paid something to Arbor DDoS, of which we have no idea.

Overall, I rate the solution a nine out of ten.

Our company uses a platform to render the solution to our customers and ensure quality service. We build the solution based on our data centers and infrastructure and then deliver an ID appliance to the customer that communicates with our routers and network. The solution provides flow spec protection and prevents volumetric DDoS attacks. 

The solution provides good protection against volumetric DDoS attacks. 

The solution could be more granular to include logs per second and enhanced pipeline monitoring for router licenses. 

We would like the solution to offer secure, bug-free portals that could be installed in our data center and be accessible to our customers. Portals built on their own are expensive and time consuming because they have to be aligned with the solution's operational systems. 

New versions are sometimes released before the bugs are worked out. 

I have been using the solution for six years. 

The solution provides good quality stability and I rate it a nine out of ten. 

The scalability could be improved with a more granular approach. I rate it a six out of ten. 

The initial setup requires knowledge and is not easy. Setup involves many things including security, technology, alerts, and incidents. From a security operation standpoint, it is detailed and hard. 

We have 10-12 technicians who implement the solution and service thousands of users.

There is a push from the solution's vendor to achieve profitability. It is currently profitable and I see it growing in the Polish market. I strongly believe in the solution and its impact on the profitability of our services. 

The solution could be a bit less expensive given its market share. Other solutions that only offer DDoS protection are less expensive. Pressure from new companies will be visible in the future and affect pricing. 

I'd also like botnet protection to be included in the package with volumetric DDoS attack prevention. Since licenses are required for routers, a method for tracking them in the pipeline would make the pricing model more attractive. 

Given the limited scope of functionality, I rate the solution's pricing model a six out of ten. 

Our company also uses Radware as a solution. We build our portfolio based on the appliance software and professional services that could be added to create value for customers.

The battle between NETSCOUT and Radware will continue until the end of time. There are periods of time when NETSCOUT is better and then it switches to Radware. We look beyond the technology when choosing a solution for customers. 

Radware offers more functionality because they include volumetric DDoS attack and botnet protection in their package. The network behavior analysis in Radware's DefensePro includes intrusion, malware protection, and anti-botnet solutions that are more comprehensive than NETSCOUT. Radware puts an emphasis on cloud service using the OPEX model, which allows a startup purchase for a lower investment that we can enhance for our customers over time. This gives us the flexibility to add licenses at any point.

Fortinet also has a good model where you can choose to buy segments of virtual machines instead of whole machines. You buy and accrue points that give you access to segments of these virtual machines. 

I rate the solution an eight out of ten. 

Our primary use case for Arbor is dose protection. 

Arbor's performance is its most valuable feature. The boxes are able to process huge amounts of traffic. One rec unit box can forward 20 gigabytes of traffic without any issue or without any latency towards the network. It's impressive really.

Arbor's SSL decryption is confusing and needs external cards to be installed in the devices. This is not the best solution from an architectural point of view for protecting HTTPS and every other protocol that is SSL encrypted.

Their mitigation rate could be higher. No matter how good Arbor is in DDoS protection, they do not get a 100% mitigation rate.

Arbor has the longest tradition in DDoS protection. They have way more expertise in DDoS than anyone else. However, the price of support and licensing is a bit high. They are not affordable but they do their job perfectly.

I have been using Arbor DDoS for the last five years. 

On a scale of one to five, with one being not stable at all and five being very stable, I would give Arbor a five for stability. 

If you do a good job planning and selecting a good Arbor box for your organization, you can scale at a fairly high level. For scalability, I give Arbor a four out of five, with one being unscalable and five being highly scalable.

Arbor's tech support staff knows what it is doing. 

Positive

On a scale of one to five, one being difficult and five being easy, I would rate Arbor's initial setup as a three. It is easy, but you need to plan it well. You need to think about what you are protecting. There are a lot of different small fine tuning elements that you need to consider during the deployment.

A common implementation strategy for Arbor DDoS takes about two to three weeks. That is the optimal time frame for delivering the whole solution and getting it as a fully functional protection. 

We usually start the implementation process by placing the device in the customer's data center. We put it into a transparent mode and then observe some peaks, packet rates, and traffic flows. When that learning period is over, we will start to enforce the protection. That is about it; nothing more to it than that. There may be some fine tuning as a last step, but that rarely happens.

The deployment usually includes myself and one more engineer. Bigger teams of up to seven or eight engineers do get formed for enterprise customers and internal service providers.

Companies that live from their presence on the internet will get a very high return on investment from Arbor. 

Arbor services are paid annually. A good option is that cloud mitigations can be licensed annually, but you can also buy a single mitigation. That's the lowest quote that you can get. You can activate a cloud mitigation and 24 hours after the mitigation ends, you can buy one more and so on without a contract. They are flexible with the licensing for these additional services, which is nice.

Arbor and other Netscout products are almost like Cisco. You configure them once and you can leave them in the data center forever and never do anything on them again. Issues with stability and other unexpected things barely happen ever.

Regardless of how big your organization is, if you provide some sort of services towards the internet or towards clients, you will benefit from DDoS protection and Arbor especially. They have boxes that are really affordable. 

Arbor can be deployed as hybrid solution, but the company's main business model is deploying their appliances on premises.

The good thing about Arbor and Netscout is that they are able to incorporate taxi and streaks external feeds into their devices. That makes them really flexible not towards their own IP intelligence, but you can streamline the additional information from multiple different open source or paid sources. They are well rounded in terms of features. Their portfolio covers network visibility, pocket brokers, and similar stuff. 

We are not using it in our organization. I'm working for a system integrator, and we have implemented this solution for our customers. Our customers use it as the out-of-path DDoS protector and to reroute the traffic through BGP to TMS to clean the traffic and put back the clean traffic.

Reporting is quite good. There are several pages of reporting on DDoS attacks, and you can find all the details that you need.

It's quite good out-of-path equipment. It works fine automatically for out-of-path.

There should be an automatic way to configure it to monitor traffic and decide which is an attack and which is not. In Arbor, you need to tweak and set all parameters manually, whereas in Check Point DDoS Protector, you can select the lowest parameters, and over the weeks, Check Point DDoS Protector will learn the traffic and you can then tighten some of the parameters to decide which traffic is regular and which is malicious. Arbor needs to be much more adjustable like Check Point.

I don't use it in-line. I know that they have equipment for in-line protection for DDoS, but it takes many hours to configure the traffic, and it needs to be constantly monitored. It's not as usable as Check Point. For in-line, the configuration takes too long. You need to dedicate one person to work with it full-time, and usually, customers are not willing to do that.

We have been using Arbor DDoS for the last two years. 

It's quite stable. Similar to Check Point, there is no problem with stability in the new version. I'd rate it a nine out of ten in terms of stability.

It's quite scalable. It's easy to implement more equipment. I'd rate it a seven out of ten in terms of scalability.

It's more complex than Check Point, and it depends on the topology and what customers need. I'd rate it a three out of ten in terms of ease of setup. All of its deployments are on-premises.

I don't deal with the pricing, but it seems that you need to get basic support in order to upgrade the software and implement some patches.

As an out-of-path DDoS protector, it's quite good. I don't have any experience with in-line, but I saw that it's necessary to have one person to comfortably work with it. For out-of-path DDoS protection, Arbor DDoS would be a better solution. For in-line DDoS protection, Check Point DDoS Protector would be a better solution.

Overall, I'd rate Arbor DDoS an eight out of ten.

We're a hosting company and, in this industry, it's inevitable that you're going to be attacked. We originally purchased the product back in early 2000 for the SQL monitoring. Over the years, DDoS has become a nuisance for other companies we're hosting as well. We had originally purchased it just for internal use, and to predict our own internal infrastructure. But we found an avenue to offer it to our customers as well. It has just grown from there.

It's on-prem to protect our own infrastructure, as well as in the product that we sell to our customers to protect their services. We have a hybrid as well, as we use Arbor Cloud to protect our company's major assets if needed, as a type of over-capacity swing-over.

In terms of the visibility it provides into traffic to the application layer with the Sightline with Sentinel product, it's really good for what it's getting. If you're sampling traffic at the network edge, you don't get the grand scope that you would if you were seeing every single packet. But you're also getting a wide view of information, and at my level, working on the backbone, I need to see the grand scheme of things. If one customer is being scanned or penetrated in one way, it's not as important to me on the network layer as it is to somebody further down the stack. But if I'm seeing all the different scans coming in at a network layer, or bad actors that we have already identified as trying to hit our infrastructure, then that gives me a better idea of what's going on in my network, which is extremely important to me at that point. I can rally the troops to where I need them at that time.

We've gotten to the point where we have worked with this for so long that the protection provided by Sightline with Sentinel, across the different layers of our architecture from the network to the application, is automatic for us. There are very few adjustments that we need to do for customers, even with the wide range of customers that we have. We've been able to configure and to templatize different aspects of the system to fit about 80 percent of our customers, without having to go in there and fine tune. And now, with the addition of the passive protection, we're able to go in and tune a template further, so that it matches the customer even better with what we're doing.

Another way it helps the way our organization functions is because it does have a GUI. I'm able to present information and walk different parts of our leadership through different aspects of attacks, and how we're blocking them. One of the biggest examples of that was my ability to show them, by deploying flow specs, how much traffic I was dropping at the network edge, compared to how much traffic was actually coming into our networks. I showed them how it was saving us from having to upgrade capacity within the data center. It's been our backbone to different aspects of our environment.

In addition, other security groups that may not be at the network level, have the ability to go in and pull NetFlow from Arbor, and start looking for defined signatures of known bad actors out there or known signatures of tools that they may have. 

We're averaging about 1,900 attacks a day. And we're only looking at attacks that could affect our infrastructure. We don't offer this service to everybody within our data centers. Arbor was deployed to protect the infrastructure. There are still a lot of attacks that are getting through that we're not really worried about. We're only looking at the larger types of attacks and engaging them more.

And because this is pretty much automated, we are able to catch attacks now within five to 30 seconds. And in the world of hosting, every single millisecond counts. We offer 99 percent uptime. Without Arbor, we'd probably be around 75 to 80 percent uptime. Attacks are cheap nowadays. People can create a lot of bandwidth for a couple of dollars.

Arbor DDoS also consolidates visibility and the actions we need to take, at the backbone level. Because we have 10 data centers spread out across the globe, and more coming in the future, it gives us better visibility not only into bad actors and traffic coming in, but also the ability to see how traffic is moving from one data center to another. Peer evaluation helps us to see if a peer at a given location is a better use than at another location. Also, point-to-point, from data center to data center, for VPN services that we offer, it has opened up a lot of different aspects of traffic analysis that we weren't really utilizing. Now, we're able to see where we need to adjust our bandwidth, and save money, and other places where we need to raise bandwidth before it costs us money.

It's also helped us get a better idea for future capacity planning, not only for current data centers, but data centers that are going to be in different regions where our company is located. 

And the biggest benefit, for us as A company, are savings from peer evaluations; seeing where we can better utilize the relationship with different providers and if there is the potential for mutual benefit across multiple data centers, globally.

I'm a network engineer by trade. We use it not only for DDoS detection and protection, but we also use it for traffic analysis and capacity planning as well. We've also been able to extend the use of it to other security measures within our company, the front-line defense, not only for DDoS, but for any kind of scanning malware that may be picked up. It's also used for outbound attacks, which has helped us mitigate those and lower our bandwidth costs, as we get charged for outbound traffic. But the biggest use right now is for DDoS.

I like Arbor's hybrid approach to DDoS protection. It's a really good setup. We have the on-premise devices and we can monitor and protect our own infrastructure and that gives us a good handle on that traffic. Since we offer it as a service to our customers, those customers really don't want their traffic leaving the data center. Since we're global, when we get to Europe, there are places where that's not possible. So having a hybrid approach, and especially now with the new features that they're installing, we can kick up to Arbor, if needed, to protect our infrastructure and still have visibility within our own deployment to see how traffic looks without having to go to the third-party portal to log in and see traffic.

Its ability to incorporate DDoS with visibility and protection from the network layer up to the application layer, through the use of the Smart Data feature, works really well. You get a lot more visibility than you would with just NetFlow, especially when we get into the situations where we're in the DDoS and seeing every single package that's coming through. In that situation, a wider scope of information is available not only to us but to other security teams as well. We coordinate with our other security teams, further down the stack, and are able to mitigate at different levels using the information that we're pulling from Arbor. We call it the "security onion." We mitigate at different layers.

Their RESTful API is still a work-in-progress. They're pushing out different versions of the API with each code upgrade.

I would also like more visibility into their bad actor feeds, their fingerprint feeds. We try to be good stewards of the internet, so if there are attacks, or bad actors within our networks, if there were an easier way for us to find them, we could stop them from doing their malicious activity, and at the same time save money.

The company has been using Arbor DDoS for 20 years now. I have been using it for 11 years.

The overall stability is great. In the 11 years that I've worked with it, I've had to replace three devices because of an issue with the actual hardware or software. And in my line of business, that's beyond awesome. We have replaced more backbone devices in that time, in one data center, than Arbor devices.

Scalability is great, at least at the hosting level. Tier-1s may have bigger issues with scalability as far as actual filtering devices go. But they've gone to virtual machines now as well, where they're able to deploy these virtual devices in a way that they couldn't with hardware devices, and at a better cost.

If we can find another use for increasing visibility, we're always glad to help. One of the things that we've found in the past, from security incidents, was that different groups were seeing different issues at different times and nobody knew about it until everybody together came afterwards to discuss the problems or the issues that happened. So we're coordinating with other departments within our organization, not only to provide our feeds, but other feeds from other security tools.

Their technical support is excellent. One of the biggest things about Arbor is their knowledge. We're usually about a step behind when it comes to their code — that's just engineering caution — so by the time we run into an issue, they have already seen it, most of the time, and are able to fix the issue for us before it becomes a bigger issue. There have been times when they practically contact us about possible patching that we may need, just to circumvent any future problems.

I'm in a position where I've been affiliated with Arbor for such a long time, that I know a lot of their top engineers, and any kind of features that we request are usually fast-tracked.

We had Cisco products. We switched because the usability was just too complex. With Cisco, we were able to adjust many things, but there were way too many buttons to push, to help you out. Arbor gives you a great balance between simplicity and surgical precision that I haven't been able to find in other products.

I do test other DDoS products. And one of the things that I have found is that there's a lot of what I call "black magic" software, where you click on a button or switch and it automatically does what you want it to do, but you really have no understanding of what it's doing on the back-end. With Arbor, and being in engineering, you have a great idea of what's going on and how it's being utilized, which makes troubleshooting issues during mitigations a lot easier. If you know exactly what a countermeasure is doing, then you're able to precisely say if it's an issue with your system or if it's further down the stream on another device, a firewall or a load balancer, etc.

The setup depends on the network, but from start to finish, they're really good at helping you set this up. Their sales engineers are very hands-on people. It's pretty much straightforward for a mid-level engineer to set up, without any real help.

We redeploy new hardware every five years, and we can redeploy 48 devices within three days with no network interruption. And we can deploy a single data center for DDoS within four hours, max.

We have a standard implementation strategy. We have them on standby. We have them deliver all their devices with any code that we're going to be upgrading to or running. For the most part, they will stage any type of code or patches that we may need. From there, it's pretty much unplug it and plug it back in.

We have a team of three for deployment. At any given time, one way or another, I would say close to 150 people are using it. Their roles include peer coordinators. We also have our design and build engineers looking at capacity. There are people on my team that deal with nothing but DDoS attacks. I have network operations dealing with network visibility. I have internal SOCs that are looking for any kind of malware or bad actors trying to invade our corporate network. We also have our customer SOC desk looking at the internal data center backbone for customers.

We have definitely seen ROI. DDoS is something that was not supposed to stay around, but it has been around for quite a long time now. If you're going to be in the internet business, the chances of your being attacked are great. We've been able to incorporate it into our service where it pays for itself very quickly.

Our deployment can pay for itself within a year, and we're protecting close to $80 million of monthly revenue of customers that are using the service. 

And that's just a portion of what it's being used for. The capacity planning and being able to block outbound DoS attacks, saving us bandwidth, adds up as well. The last metrics we had there, we were sitting at close to $375,000 per data center by reducing outbound attacks. That also makes our facility less attractive to bad actors to use as a jumping off point or as a reflection point.

You pay for what you get. Like any other consumer product, there are things out there that are extremely cheaper than Arbor, but you're also not going to get the type of information that you do with Arbor. And there are some other companies out there that are a little pricier than Arbor, that are not going to mitigate and give you the type of information that you want. Arbor is striking a good balance between pricing and what they deliver.

In  terms of costs in addition to their standard licensing fees, it depends. There are other feeds that you can subscribe to. There are different services that they're starting to bundle up with NETSCOUT, that you'll be able to subscribe to. There are some feeds on proactive alerting. Because they have such a big visibility into the global internet network, they're able to see botnets discussing or targeting potential customers of yours, and they can actually make you aware of such. They have different feeds that they get from their security team that help you mitigate DoS attacks without any kind of intrusion on your part. You don't have to make any kind of adjustment to countermeasure. These are pre-configured signatures that they see in the wild and that feed is delivered straight to your mitigation device and can mitigate DoS attacks that common users wouldn't be able to do by themselves. That is great for those who are first taking on the product and getting into taking on DDoS attacks.

We've looked at Radware among others. Some of the other ones are really GUI-heavy. They have pretty pictures and you can click around, but that's the extent of what you can do. You can't go in and fine tune some of these systems. They're either very network-mitigation-type heavy, or they're more on the application. They're not a really good balance of both, which I've been able to find with Arbor. Another thing I have found is that a lot of these competitors have feeds. And once you start diving into their feeds and seeing where their sources are, a lot of them have Arbor as one of their feeds.

One of the reasons that we stay with Arbor is its evolution to meet growing concerns around DDoS attacks. My job is to find the best product out there to protect our infrastructure. I've looked for years and years, and continue to look, and Arbor has been able to give us the best results overall, as well as the best equipment, with the least number of headaches. We get a great bang for our buck. Requests that we put in for features are met with either a great explanation of why they can't fit it in, or are deployed months after we've requested them. Arbor's biggest feature is not their equipment, rather it's their knowledge, because they get such great visibility into the global network. They're able to see things that are months ahead of hitting the rest of the industry and are usually one step ahead of what's about to hit.

The new feature that stands out compared to their competition is their automatic flow specs. Flow specs are nothing more than dynamic ACLs on the network edge, using PGP. What this does is it surgically reduces the amount of capacity we need to use from their TMS (threat mitigation system) and now use the network edges, the routers, to drop the traffic that's not wanted. There are a lot of what we call "dumb attacks," reflection amplification attacks, that can decimate a data center. With flow specs, we're able to drop that traffic before it even enters into our network. That's exactly what you want. You want to be able to stop and drop traffic further up the stack, as much as possible.

Another feature that they're working on, that I'm excited to see, is the ability to share these flow specs, these rules, with your provider. So if we have an attack, and we have AT&T or another of the big Tier-1s, we can send them our rules, and they can block the traffic at their network at that time, which reduces the liability to our network as well.

They're also starting to put out reporting features. It's often hard to take what you see at the technical level and push that up to your C-level type of executives. They like pretty graphs and you can't really do that with the information from NetFlow. But using the new executive reporting makes it a lot easier for us to justify it for next year's budget. And if there are budget cuts somewhere, we can always show to our leadership how useful this deployment is, to get the additional capital or OpEx, if need be.

These features are available in competing products, but not to the extent that Arbor has in its reporting. Reporting is available in a lot of products, but the information they provide is something you have to go in and actually create. And you're limited to what you're able to create. With Arbor, and its REST API, we can now create all kinds of reports that suit the person or the audience that we're trying to get to.

There's no other competitor that I'm aware of, right now, that's working with the providers to be able to share flow specs between them. That's one of the advantages that Arbor has in working with something like 95 percent of the Tier-1 providers. Arbor has a little more insight into the bigger providers that we rely on. Other competitors have not gone to that level yet.

Talk with their sales engineers and understand the different uses of Arbor. If you're just looking just for a pure DDoS product, there may be other solutions within Arbor that are better to use, or different feeds that may be beneficial. Maybe you're more into capacity planning or peering analysis, and there are other things in addition to those that you can do with Arbor. If you're buying it for DDoS, you still do capacity planning and peer evaluation for the same cost using the same license. But what I've found with other people that use the product is they're single-use. Some buy it for DDoS and only use it for DDoS. They don't take into account the other information that they could be pulling from it.

The sheer amount of traffic that's out there in the network is one of the biggest things I've learned from using the solution. Looking at north-south traffic, traffic coming into our data centers and out of our data centers, it's a lot higher than what we had thought we would see when we first started using Arbor. It helped us to provide an infrastructure that was future-proof. Before we started understanding the different uses of Arbor, we would upgrade our routers on the edge, only to have to upgrade two or three years later when the actual router was still viable but it just wasn't able to control or handle the capacity. Now, we're able to put devices in place that are future-proof and that reduces our costs by not having to replace those devices every so often because they ran out of bandwidth.

Another thing we found was the number of bad actors that were living within our environment. When cloud first started popping up, everybody rushed to get their own clouds up and running. What wasn't taken into account was that there was a lot of malicious traffic that was being generated by these types of environments. They gave us a better understanding of cloud computing and the security issues that we would be facing as we tried to expand that environment.

Sightline with Sentinel does not yet communicate information upstream to our service provider around attacks, so that they can stop the attack closer to the attacker. It's something that we've been working on with Arbor for many years. There are some programs out there that Arbor is working on where we can communicate with other deployments that have Arbor. From the engineering perspective, we're all for it, not only at my company but even at the major Tier-1s. It's when you get up to higher management that we hit the roadblocks. Everybody in security wants to share information, but nobody wants to say anything either.

More and more people are coming around to the idea that they need some type of DDoS protection as part of their security posture. We tell customers that there's no one silver bullet out there that's going to do it all. Arbor does a great job of mitigating DoS attacks but we don't want to do all the blocking with Arbor devices, so further down the stack you want load balancers and firewalls to help you out.

The fact that Arbor has been in DDoS visibility and protection for more than 10 years definitely affects our confidence in it. I've been with other providers that use Arbor as well and that's one of the things that is always brought up, the confidence level. Deploying this on my network and the visibility it's going to give me is hands-down better, compared to an up and coming cheaper product that may claim to have better abilities to mitigate DDoS attacks. But they don't have the visibility that you really need. That's the key asset that Arbor has because they've been in the business for so long and have these great relationships with these big Tier-1 providers. They're not only able to provide the necessary equipment but, more importantly, the knowledge that comes with it. At the root of things, all DDoS vendors basically do the same thing, they drop traffic. It's the knowledge of what type of traffic to drop that is extremely important, to me and others who are in the same business. When you have visibility into one-third of the global internet, you have great visibility into what's going to happen in the future as well.

I would give Arbor DDoS a nine out of 10. There's always room for improvement. With DDoS products, there's always an evolving merry-go-round of different attacks. For me, giving it a 10 would be that silver bullet where it is going to handle all your attacks. Arbor will be straightforward with you and let you know that it's not that silver bullet and that there are times when its system is not the best system for the use that you have. One of the downfalls, at least on our site, has been that its visibility into the application layer in the monitoring mode is not the best, and that's because it's sampling traffic. Once it's in a mitigation and seeing packet-for-packet, it's devastating to see the amount of information you can pull. That's why we've gone ahead and implemented different Arbor devices lower down, closer to the application, to give us even more visibility.

I use Arbor DDoS for the same purposes for which I use A10.

It has an easy-to-understand GUI.

The solution's shortcomings are related to its documentation, so it's an area that needs to improve.

I have been using Arbor DDoS for a year.

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a nine out of ten. Around 50 people use the solution in my company. Also, I don't have plans to increase its usage.

I have never used Arbor's support.

The setup process was easy. The solution has been set up on all the devices. So, I did the setup from start to end.

I didn't evaluate other products before choosing Arbor DDoS.

I would definitely recommend the solution to those planning to use it. I rate the overall solution a ten out of ten.

We use this solution to protect our infrastructure. 

The solution is stable and scalable. 

Licensing costs could be reduced. 

We've been using this solution for close to 18 months. 

The solution is stable. 

The solution is scalable, we have 3,000 users. 

The initial setup is easy, it takes a couple of minutes. 

There is an annual license fee with the cost dependent on requirements. 

I recommend this solution and rate it nine out of 10.