Arbor DDoS Reviews

I was working in the ISP environment and the Arbor DDoS solution is integrated in there.

We have certain gaming server data centers having some big or small LAN protectors. All protectors have been added to Arbor for mitigation and protection and the IPs with frequent attacks are separately added for more focus monitoring. Usually when gaming users go online they experience this type of high volume attack. We pick those IPs and separately define an Arbor for mitigation and the whether those are positive.

Specifically in the ISP infrastructure where I was working, Arbor DDoS is integrated to detect the threats and mitigation. Basically, the peak flow TMS solution and peak flow SP solution has been procured by my company. We are providing services to customers and protecting our own infrastructure as well.

When you work in an ISP or enterprise environment, the main priority is to protect your services or your customers services, like bandwidth. There must be no high volume breach towards any customer, such as a DDoS attack or application level attack. The purpose of procuring a peak flow TMS solution is to mitigate the high volume attacks towards our customers and to protect our internal infrastructure as well. This is our priority in this aspect.

I think the diversity of protection is extremely limited. It must be expanded in future upgrades and versions. Plus, hardware stability is a big issue with Arbor. We have frequent outages with the hardware.

Arbor is good for expansions or forecasts, and helps us as well. Their pre-sales team is very dedicated and focused and they just nominate the POC, who then provides the capability, descriptions and presentations to us.

They are helpful. Their response time is good. 

No, we were just manually blackholing at level three, an upper level. We were not using any specific DDoS solutions like Arbor.

Initial setup is a bit complex because it is a Linux based working environment for configuration. A bit of expertise is required to configure the setup. It requires an expert level assistance from Arbor to complete the configuration or to apply any new system.

Deployment took around 3-4 months because we had two sites nationwide on which peak flow was deployed.

Yes. They were just handling the physical connectivity, the mounting, placement and insertion of the cords. By law, integration is pushed by the Arbor expert.

Licensing is good and they are very helpful to us. Without licensing you cannot get the complete features of the product, as well as the complete level of support, so licensing is obviously a good option.

Actually there is a different planning team which takes care of the projects, so I don't know if they were considering any other vendor or not, but right now Arbor is the first choice and we are working with it.

Arbor has a global ranking in reliability and credibility. They are very unique and can respond to a very wide scope of threats from their global deployment. So, Arbor is very helpful to have inside of the most recent attacks and their backgrounds.

Arbor has a global ranking and global recognition. Whenever you do a search on Google, you can find Arbor on the top three or top five DDoS protection vendors. Obviously, Arbor is very reliable.

I work at the service provider level. I did a deployment at a multinational telecommunications company. They have network separation, and each network has its own SP which is a controller, the "mind" of the solution, and multiple TMS's, which are the scrubbing centers for the illegal traffic. They are forwarding suspected denial-of-service traffic to the scrubbing centers, based on the SP intelligence. It will scrub the data and forward it to the normal traffic after mitigating the denial-of-service attack.

I work as a security consultant and integrator. We deploy Arbor for our customers. Arbor is a great network service solution. Most of the bigger enterprises or service providers use Arbor. I don't think there's another option.

The DDoS mitigation. There is no other feature.

It's just one dashboard with mitigation. You decide which mitigation you want and at what threshold to do this or that. Its operation is pretty simple. It's easy. Once you deploy it, you're optimizing your network and using the solution to its fullest.

For troubleshooting problems, it's not so intuitive. It's not straightforward. This is the core of their kernel, so they need to improve it a little bit. I don't have a specific example, but I don't feel comfortable troubleshooting Arbor issues. You don't have full control of the system. I also work on F5 in which you have access to the kernel, bare-bones Linux, so you can do whatever you want. Maybe this is a security hazard. Someone may miss something with F5, but for me, as troubleshooter, I have full control of everything. On Arbor, you don't have the same type of control.

But otherwise, from a user perspective, it's pretty straightforward.

It's pretty stable. Every now and then you'll hit a bug, but it's pretty stable.

Scalability is pretty good because you have the SP, which is a controller, and you can add TMS's based on your needs.

There's a problem when using Arbor, but it's mostly not related to Arbor itself, it's connected to scaling. What happens is, you will design a deployment and, after some time, you find that the deployment is not enough for the throughput of your network. Then you have CPU spikes, memory spikes, and some other issues.

Tech support is very good. On a scale of one to ten, they are a seven to eight. They're very responsive. Compared to most of the vendors, they're pretty good. The quality of the people handling the tickets is high.

I used Juniper and F5, but F5 is not an on-premise solution. They have multiple protections but it's not a full-blown solution. We still offer F5.

When I joined this company I found that they work with Arbor. They told me there's something called Arbor and I had to do a deployment and start working with it.

The complexity of the initial setup depends. If you have a simple network, the deployment will be easy, but if you have something more complex and you are trying to inject Arbor, it won't be easy. Most likely, you'll do it as Layer 2, and you have VRFs and VLANs. After the design is complete, the configuration will be straightforward, but the design part is not easy. That's not about Arbor itself, it's about how big networks work.

The implementation strategy also depends. Every service provider and big enterprise has its own type of networks and its own type of logical flow. So there's no standard strategy.

The last implementation I did took about two months. But again, it's not about the deployment itself, it's about the meetings, the design part, meeting with other teams. After two months it was up and running. Before that, the first one I did, took three months, but we had two SPs and eight TMS's in different data centers, so it was quite a big implementation.

When it's a service provider, multiple teams handle multiple things, so you have to have one person from every team to sit in a meeting; everyone has his own concept or his own ideas. After a couple of meetings, after a couple of suggestions, and after checking if what was discussed is possible, if it is the better option, it can go well.

In terms of staff for deployment, it's mostly a one-person job. For day-to-day administration, it takes three to four people. They would need security backgrounds, SOC or security device managers.

I don't have visibility into customers' ROI but the potential is there for ROI because denial of service is the number-one attack that can destroy your reputation and destroy your business. If you're safe from that type of attack, it's really good for your business and your investment.

To be honest, I don't care about numbers. I'm a technical guy. But I know it's expensive compared to its competitors. After you have the on-premise solution, for your solution to be effective you have to subscribe to an "upper level," so there's another cost. There is also a subscription to cloud services, which is another cost.

Try to design it properly for injecting it into a network. If not, it could be that when you deploy it you will cause a "black hole" in your network and everything will go down. That has happened. In the case where it happened, it had something to do with routing. Arbor was injecting traffic to the TMS's but the TMS's were not able to forward the traffic to its original source.

I rate Arbor DDoS at eight out of ten. For me, that's a pretty high rating because nothing is a nine. It's still a new solution and they're developing it. Every couple of months there's a new release with bug-fixes or some new way to do stuff. They're investing in the solution. Symantec Blue Coat is good, for example, but for quite some time there has been no development. Even with the recent version, there is nothing that different in Blue Coat. For a dynamic environment, you have to have a vendor that you can trust.

We are an internet service provider. We are using Arbor in our networks and it mitigates all attacks on our network. We are using BGP for traffic diversion.

When we implement Arbor in an organization it is protected against DDoS attacks. We also protect our services, our customers and their networks with it. We need Arbor or a similar solution in our organization.

It's very flexible and we can easily deploy it to our network. It's very user-friendly. We can do everything via the web interface and troubleshoot easily from the CLI. It's not complicated. I like the features.

Sometimes the PPM module gives you an error. They improved it, they deployed a patch, and fixed it. Generally, if it gives you an error, you need to power it off and back on again.

It's more stable than its competitors. We haven't had any stability issues with it.

It's scalable.

Technical support is pretty good. Sometimes first-level engineers take too much time, but when they escalate to the engineers they solve our problems. So the first level of support, I am not sure about them, but the other levels are good.

They respond to our tickets.

We used Cisco Guard but Cisco no longer sells that solution. It was a very complex solution and our customer satisfaction was very low. We searched for a new solution and we liked Arbor.

It is easy to deploy. You can easily configure the interface, connect your network, and easily do the BGP configuration from the menu.

If you're deploying the TMS product, it takes about one hour for the physical deployment and configuration requirements. The Collector is easily done in TMS. Their inline solution, APS devices, is also easily done. It takes about a half an hour for an APS device.

We don't have a specific deployment strategy. For deployment, the minimum staff required is one security guy and one network guy.

We generally get support from Arbor engineers while we deploy.

We have gained from this product, and our customers are also satisfied with this solution. It helps with our profit. It's a good investment.

Arbor's products are very expensive. Their competitors are cheap when compared with Arbor. Now we are using Arbor, but in the future, if the price remains expensive, we might PoC the competitors. If we have the budget, we want to use Arbor, but in the future, if we have budget problems we may try other products.

I would recommend Arbor's solution. I like it.

In terms of increasing the usage of Arbor, when we expand our networks, we open new sites or data centers, we always use Arbor. In the future, if expand out, we will use it again.

I rate it a nine out of ten because I have been using it for about eight years and it's very user-friendly, troubleshooting is good, and the reporting side is also good. It's easy to deploy and our customer feedback has been good. It's just that the pricing is very expensive, so I give it a nine.

We are using Arbor as a DDoS protection infrastructure. It protects our both our company's infrastructure and also our customers' infrastructure. We are not using it to protect one website, we are protecting a lot of websites and a lot of customers' infrastructures including their websites, their web services, etc.

It protects our infrastructure. We are in a particular geography so we face a lot of cyber attacks, especially DDoS attacks. It's very beneficial for our infrastructure. It's a vital component for every provider network.

We are using it mainly for DDoS protection. Reporting functions provide good visibility. Also, API's helps us to improve our service. We are also using it by serving cloud signaling service to our customers for their on-premise APS devices.

Learning period for managed objects are too short; better to have auto-profiling based on learning.

As long as you don't touch it, it's very stable. But if you try to configure new features or some new deployment, sometimes that can be a problem. A few weeks ago we had an appliance that went down. 

It's very scalable. It has a central management platform that manages all appliances, so if you have a few sites, you can scale it to other sites with new devices and you can manage them from the central management platform.

Arbor has an engineer in our country and we try to solve our cases or our problems or our new feature configurations with him. Also we are able to do that by contacting tech directly. The guys in our country help us contact the tech team. They also have another contact in the tech team so they can speed up the resolution of our cases by communicating with him.

When issues arise, they're helpful, they're knowledgeable and responsive.

The last ticket we submitted was when one of our appliances went down while we were configuring it one night. They solved it within four or five hours after we opened the case. They sent the solution within that time. The appliance went back up and has continued to work properly.

The setup is very straightforward, not too complex. Their tech team is very helpful.

As far as I know, they are very successful in DDoS protection. Because they know it, their service prices are too high. They provide cloud DDoS protection for ISPs, but that is also too expensive. 

We are evaluating other options. We may apply one if we find an appropriate solution. As I mentioned before, Arbor DDoS prices are too high, it's very expensive. It would be better to have more than one vendor in our infrastructure, because there is no competition when you have one vendor or one solution.

Arbor is very good at what it does. If you have enough budget you can apply it to your infrastructure and use its flexibility and reporting features very well. But if you don't have the budget and you don't expand the budget for the coming next years, I suggest not getting in touch with Arbor.

Five or six engineers can log in to devices, but in our company two people are managing infrastructure. There are always ways to optimize it, but we have been working for two years to optimize it and it's in a good situation compared to two years ago.

I would rate it a seven out of ten. My rating is based on the general problems that we had and the solutions for them, as well as the daily stability of these devices.

We are using nearly all the features of Arbor. Currently, they are enough for us, but in the future, if there are different kinds of DDoS attacks I believe that Arbor DDoS will also take action against them.

The main focus was DDoS protection.

Some months ago, in Mexico, we had presidential elections. At that time it was very important to deny DDoS attacks, especially on the platform for counting votes in the election. This solution was good for our customers.

• AIF
• Cloud Signalling - In my previous environment, we worked with Arbor as a carrier but in my current company some of our customers have the solution on-premise and we have to synchronize the solution with the Arbor solution that our customers have in their enterprises. The ability to work with the Arbor solution on the carrier side and on-premise provides solutions for both types of customers.

The look and feel of the management console is a little old, excessively simple. If you compare it with other solutions, the look and feel of the console is like you're using technology from five or six years ago. It doesn't show all the technology that is actually behind it. It looks like an older solution, even though it is not.

The first impression needs to be more mature. It needs to be something that you would be proud to show someone. If you have a visitor to your SOC and you show him your installation, you need something more impressive. The look and feel of other brands is really nice, while Arbor is really simple. It's a good solution but not as spectacular as others. It's a matter of marketing, not performance.

The product is very stable. 

The scalability is really amazing. That was part of the equation for one particular customer. When they understood how the bandwidth can be shared between different branches of their backbone, that they could really grow by correctly re-routing traffic, they were really happy with the solution.

My interaction with tech support was really nice. I used to be part of HPE some time ago and I understand how those kinds of companies work. You have to have all the requirements before you make an appointment with the engineers. When we followed up with all the requirements that Arbor needed, the process was very straightforward.

In terms of submitting a ticket, they are responsive and knowledgeable. They are very experienced people.

My former company didn't have a previous solution. The company was new in Mexico and there were many considerations regarding government involvement in the industry, so security considerations were not there at that time.

Arbor is the official solution for my former company, worldwide. Also, Arbor was sold as OEM as part of Cisco, and Cisco has a very strong position in that company. Both of those facts helped push the Arbor solution there.

The setup is very straightforward, once the final architecture is decided. 

However, the decision regarding the final architecture was not very simple because the carrier environment is very complex. In addition, at the time, the carrier I was working for bought another small carrier and was doing the integration between both their installations and backbones. That was very complex. But once all those details were decided, the placement of the Arbor solution was very straightforward.

The setup work and testing of the Arbor solution took about three to four weeks, not including all the pre-planning and architecture discussions.

I played a part, but Arbor engineers do the whole installation process. I helped as much as I could but Arbor wants the implementation done by Arbor techs. I helped with some minor activities.

For the deployment, there was one senior engineer and one junior engineer. On our side, there were a number of people, me and a couple of other engineers. And when we tested the mitigation between different branches, there were three Arbor engineers with us.

Because the solutions from competitors are very different, it's not easy to compare. However, the licensing from Arbor is clear and understandable and the pricing is reasonable when looking at the market, in general.

Don't worry that it is complex because, out-of-the-box, it protects you from the basics. Just open it and connect, that's all you have to do. But if you are making an investment of this type because you have to be protected against all scenarios, you have two options: close support from Arbor or a specialized engineer. If you have those resources, all the rest is very straightforward. It becomes a simple solution that can give you good results.

I give the solution a nine out of ten. I try to put myself in the shoes of our company's owner. If a solution is simple to operate and gives good results, it's good for me. The solution needs to do what it's supposed to do and be simple to manage.

It is mostly for Internet Service Providers (ISPs). It is for operations on the service provider and network security operations. It is a good solution.

It improves our organization by preventing attacks and improving the availability of the network on services, which provides a better service to customers.

We are able to respond quickly and prevent DDoS attacks.

There is some room for AI to take place.

Stability is perfectly good. I have not seen an issue in years.

Its scalability is big. It is for large deployments of big organizations and service providers.

Technical support is good. They provide quite good support. They have different levels depending on the pockets that you have bought, so you get the relative support. They have a lot of levels for support and good SLAs.

The initial setup is complex, but experts are involved. Even with experts from both the vendor and the operator side, the initial set up can take some time, though it is essential.

We work with different vendors from different industries.

Most important important criteria when selecting a vendor:

• How the offering covers the business needs.
• The reputation of the vendor.

Arbor Pravail APS devices are using for protecting availability of services. DDOS, rating, and behavior analyses are the base of this product. 

Arbor Pravail APS devices provides easy management, high visibility, and quick response capabilities. Therefore, we can quickly complete the POV PoC demo process.

Arbor Pravail APS products provide high visibility. With real-time packet capture features, you can easily and quickly response. 

Arbor Pravail APS devices do not sync features or config the backup enough. This needs to be improved.

• Very user-friendly GUI
• Simplest way of mitigation
• Predefined filters/techniques to easily stop the attacks and start mitigation.

My last project was with the biggest banks of India (almost all of them) and MNC, so it helped us to protect their network from present DoS/DDoS attacks.

Auto mitigation is a feature provided when DDoS is observed on any of link/customer (configured under auto mitigation). It automatically starts mitigation with default filters. In default filter mode, there could be an impact on the customer’s link,

E.g., if we have enabled monitoring of internal traffic for that link/customer, it starts mitigation on legitimate traffic. It can also creates looping in the network for any misconfiguration, which can impact the ISP’s internal network and the customer's link utilization.

Two years.

No issues.

No issues.

No issues.

A seven out of 10, because response times from Arbor TAC are little higher.

An eight out of 10. Very good.

Not applicable.

Not applicable.

The implementation was done by Arbor itself. They were excellent.

Not applicable.

Not applicable.

Not applicable.

Be in direct contact with Arbor TAC rather than choosing a vendor in-between.