F5 BIG-IP software from Seattle-based F5 Networks is a load balancing and application protection solution suite available on cloud or via virtual editions, on a subscription or perpetual licensing basis.
N/A
NETSCOUT Arbor DDoS Protection
Score 8.0 out of 10
N/A
NETSCOUT Arbor DDoS Protection security software offers protection across multiple layers of the OSI model. It provides security measures for Layer 2 (Data Link layer) through Layer 7 (Application layer), ensuring complete protection for network infrastructure.
Definitely in larger environments, more mature organizations that obviously have the budget to spend and want best in class. Where it struggles is those organizations that don't have the funding and money to spend on it and need more basic functionality. So I'd say that's smaller customers we've worked with and kind of mid-market. They tend to get scared when they get the quotes. Also we've had some struggles with account team consistency. So for the sales team, just a lot of turnover and a lot of missteps on customer calls.
Arbor has the propensity to deal with even the larger firms. I have been using it for a year span and I don’t have any such complaint which is affecting us in a bad way. I can recommend this to all the companies who want to have a good network behavior analysis and to monitor the problems if there is any chance of it to occur and which has the potential to affect the whole working environment of the company.
I mean from a basic level, it actually satisfies all the use cases we have, which is basically to have multiple web servers for the front end and then you want that to be equally split across. The traffic comes in from all over the world. We use DRA protection and everything, but then we also internally want to make sure all the servers are being utilized and we provide much more availability across all servers. We just make sure BIG-IP sits in between and handles the traffic accordingly. And it's pretty basic and it comes to drawing traffic. It's pretty easy to configure and set it up and then forget.
Arbor's layer 7 countermeasures are very good out of the box, but it is very easy to reconfigure values and see the impact in real-time.
Peakflow SP provides fairly detailed traffic analysis and breakdown for top-N data such as top talkers, top ASNs, top ports and so on. They offer "SP Insight" as a product to build in more powerful reporting on the already-collected metrics with an interface very similar to Kibana or one of its many forks. We are not licensed for that so I can't speak to its capabilities.
Arbor allows for a good amount of automation. Fast flood detection ensures that if pre-determined thresholds are quickly exceeded, preconfigured mitigations can be started or in the event of an extremely large volumetric attack you can trigger an Arbor Cloud (sold separately) mitigation or a remotely-triggered blackhole announcement to drop traffic to the attacked destination IP address(es) upstream.
ATAC (Arbor support) is very helpful. The level of support our organization maintains covers ATAC performing all update functions to all Arbor appliances - SP and TMS.
Recently we have been deploying F5 web application firewall and we have started the deployment. We have already moved applications out there, but we are not yet to the point wherein I could comment any positive feedback or any negative feedback because we are still going through it, right. But as far as I'm concerned, I don't see any drawbacks or any shortcomings on the F5 product lineup.
Arbor is a highly expensive company. this was the major reason behind not going for the Arbor sightline in the first place. Although its features are good but the cost is unjustifiable.
The implementation and the understanding of this tool are full of complexity and perplexity.
I am looking forward to having a new update on it. They used to update their versions quite frequently but it's been a long time they haven’t updated or maybe it is not in their priority lists right now.
It's not difficult to understand the parts of application configurations and features. Setting up new virtual servers with multiple profiles, certificates, and nodes is easy for new users through the web interface, which also translates to programability in scripts, DevOps, or other configuration management use-cases. Users from different backgrounds such as networking and infrastructure can use F5 BIG-IP, while users who are familiar with API calls can easily configure objects without needing to understand the platform at all.
On the occasions when we've had to engage f5 support, they have been great. They have always resolved our issues quickly and been easy to work with and professional. The reason I give them a 10 out of 10, however, is because when we've had issues that have crossed over between the f5 BIG-IP, our Cisco switches, and our Microsoft IIS server the f5 support representatives have been extremely knowledgeable about every product and device involved and have been able to troubleshoot end-to-end without having to engage other vendors.
That's the one thing that really stood out. It was a lot easier to use from an administrator standpoint, so I think that's the one thing that really made our team decide to go with this product versus another competitor. Just ease of use.
We evaluated Corero and a number of external scrubbing services. In the POC, we found Corero's mitigation capabilities to extremely limited beyond blocking common traffic types at preconfigured rates. It's not impossible to configure custom mitigation methods and countermeasures, but it requires a deep understanding of BPF and bytecode, where Arbor is checkboxes, radio buttons, and dialog buttons that all sit next to a graph showing traffic dropped and permitted by the current settings. I'm not going to enumerate each of the cloud services evaluated because the decision came down to the same reasoning. The amount of traffic we receive is enough that it would be prohibitively expensive for our use case.
