Considering Arbor Networks for a DDoS Solution ? Maybe Re-Think that.

If you are considering an Arbor Networks (now part of NetScout) solution to protect your organisation from DDoS then you might want to read this article.

Arbor Networks is a software company founded in 2000 and based in Burlington, Massachusetts. Arbor sells network security and network monitoring software, used – according to the company’s claims – by over 90% of all Internet service providers. The company’s products are used to protect networks from denial-of-service attacks, botnets, computer worms, and efforts to disable network routers. Arbor does not sell or claim to sell Application Security. They do not sell a WAF.

Netscout acquired Arbor as a brand from Tektronix in 2013. Arbor specialised in creating service provider/carrier DDoS platforms and their products are sold via BT, Orange, Ericsson and Deutsche Telekom. Previous UK customers include RBS (bank), Morrissons (retailer), CardFactory (retailer).

Arbor is purchased in essentially three formats. Hardware/Software on premises. Cloud. Or a hybrid of those two (hardware/software and Cloud).

The hybrid solution comes from Neustar and isn’t just an Arbor product. Arbor push hard the cloud / hybrid option. They have to do this as their on premises products alone won’t be enough to stop a DDoS attack by their very nature. Their Arbor appliances were traditionally (ten+ years ago) designed to be deployed in carrier networks to give the carrier a fighting chance of stopping DDoS networks traversing their networks and giving them an option to not have to Black Hole.

The downside to the hybrid approach is that it’s two vendors and significant cost.

Arbor is purposely vague about their cloud offer. Size, place, etc.  Neustar has long been a distant 2nd to Akamain Prolexic in attack mitigation capabilities. The Neustar cloud deployment is not mature.

The largest attack that Arbor claims to have mitigated was 334 Gbps. The largest attack Akamai claims to have mitigated was 320 Gbps. Both are big attacks. Both attacks require large, cloud-based mitigation providers such as Arbor or Akamai. The difference is that in Arbor’s case, if the “hybrid” network mitigated the attack, the customer involved almost certainly had an Arbor engineer to help them mitigate the attack. If not, then a hybrid network was of no help in the Arbor case.

The management console used to manage the Arbor appliance is criticised as looking very dated and too simplified.

Arbor has been OEM’d to parts of Cisco technologies. Be wary if buying from Cisco. Arbor expects that Arbor engineers will install and design the whole solution. It isn’t something the customer can get involved in really.

Akamai’s DDoS protection service is designed to stop even the largest, strongest DDoS attacks. Akamai has mitigated the largest DDoS attack launched in the world, including a record-setting 1.3 Tbps attack, and a 127 million packet per second (Mpps) request per minute application layer attack, the kinds of attacks that typically bring down websites, along with low and slow encrypted Layer 7 attacks that take down applications.

Akamai DDoS solutions are managed via the Akamai Luna portal. Full customer involvement happens from the initial discussions to the final deployment and ongoing management.

0 Comments

Submit a Comment