Skip to main content
Arbor Sightline

Arbor Sightline
Formerly Arbor SP


What is Arbor Sightline?

Arbor Sightline (formerly Arbor SP) is a network behavior analytics platform developed by Arbor Networks, now owned and supported by NETSCOUT.

Read more
Recent Reviews
Read all reviews
Return to navigation

Product Details

What is Arbor Sightline?

Arbor Sightline Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings



(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
The first and foremost use of Arbor is in our IT and networking department and it is great to monitor the flow of the traffic across the network and it is the basic problem it is dealing with. It is also assisting us in managing overlay VPNs, and as I have said that it is astounding for monitoring and from monitoring I mean the way it helps us in detecting the problem that occurs in the network. By diagnosing the problem we can prevent it from creating an impact on our business.
  • It provides a real-time monitoring feature.
  • It is amazing in providing us with a thorough report of the traffic and we can analyze traffic.
  • We can manage overlay VPNs and BGPs and it is assisting us a lot.
  • We can detect and look for any potential issue in the hotspots and if the BGP gets hijacked as well it is great for monitoring purposes.
  • Arbor is a highly expensive company. this was the major reason behind not going for the Arbor sightline in the first place. Although its features are good but the cost is unjustifiable.
  • The implementation and the understanding of this tool are full of complexity and perplexity.
  • I am looking forward to having a new update on it. They used to update their versions quite frequently but it's been a long time they haven’t updated or maybe it is not in their priority lists right now.
Arbor has the propensity to deal with even the larger firms. I have been using it for a year span and I don’t have any such complaint which is affecting us in a bad way. I can recommend this to all the companies who want to have a good network behavior analysis and to monitor the problems if there is any chance of it to occur and which has the potential to affect the whole working environment of the company.
  • Monitoring network.
  • Network analytics.
  • Reports it provides.
  • Arbor is good in empower us to monitor the issues in the network.
  • We can get better traffic analytics and reports are quite detailed.
  • The price is quite high which makes it a little hard choice for us.
We chose Cisco because we had past experience with some Cisco products and we were ready to invest a high cost for Cisco Secure but unfortunately it didn’t come up to our expectations and left us in despair. The speed, the price and the analytics of Cisco, everything was just average but when we moved to Arbor we came to realize that market still have some good network analytics tool.
Score 6 out of 10
Vetted Review
Verified User
We use Arbor Peakflow SP (which is being/has been rebranded to Netscout Sightline) in conjunction with Arbor TMS to provide out-of-band DDoS mitigation and traffic analytics. It is primarily used by our NOC/SOC. The SP peers with our edge routers via BGP and collects netflow and SNMP data to determine malicious attack patters and trigger alerts to let us know ASAP when we or a customer are under attack. The SP controls the TMS appliances to make BGP flowspec announcements to the edge routers (the TMS also peers with the edge routers via BGP) and offramp traffic to specific destination IP addresses on specific ports based on attack signatures and mitigation methods enabled.
  • Arbor's layer 7 countermeasures are very good out of the box, but it is very easy to reconfigure values and see the impact in real-time.
  • Peakflow SP provides fairly detailed traffic analysis and breakdown for top-N data such as top talkers, top ASNs, top ports and so on. They offer "SP Insight" as a product to build in more powerful reporting on the already-collected metrics with an interface very similar to Kibana or one of its many forks. We are not licensed for that so I can't speak to its capabilities.
  • Arbor allows for a good amount of automation. Fast flood detection ensures that if pre-determined thresholds are quickly exceeded, preconfigured mitigations can be started or in the event of an extremely large volumetric attack you can trigger an Arbor Cloud (sold separately) mitigation or a remotely-triggered blackhole announcement to drop traffic to the attacked destination IP address(es) upstream.
  • ATAC (Arbor support) is very helpful. The level of support our organization maintains covers ATAC performing all update functions to all Arbor appliances - SP and TMS.
  • All Arbor products are extremely expensive. "If-you-have-to-ask-you-probably-can't-afford-it" expensive. That being said, if you play your cards right and negotiate you can get the price down a better price.
  • The recently updated their API from SOAP to REST. This is a good thing. They version their API as they add and remove methods. This is also a good thing. Every time they add a new version, they immediately sunset the previous version. This is not a good thing as it requires a lot of updates to code if you were previously using a method that has been modified/deleted/renamed.
  • SP with TMS relies heavily on SNMP, netflow, and BGP information. If any one of those components fails for any given router, the Peakflow system's usefulness becomes extremely limited.
  • Be prepared to answer questions when you eventually receive an attack that cannot be mitigated by the Peakflow system. Eventually you will get a large volume attack that will fill your pipes before the traffic can be offramped. This isn't a criticism of Arbor specifically; there's nothing you can do about that on-premesis with an on-premesis solution. Just make sure you level-set before making a large purchase like this to avoid difficult "explain why we purchased DDoS mitigation if it can't mitigate a DDoS" meetings.
Good fit
  • If you receive layer 7 attacks on a regular basis targeting critical infrastructure that needs to stay up, this is a good fit in conjuction with out-of-band TMS or in-band APS. This is obviously going to be contingent on your budget.
Not a good fit
  • If you are looking to mitigate large volume attacks that are saturating your uplinks to the Internet and taking your entire network down, this (or any on-premesis solution, for that matter) is not the solution for you. Look into any external DDoS scrubbing service to let them take the blow and return only the clean traffic to you.
  • The Peakflow system has many features similar to an IPS with the ability to block traffic based on layer 7 signatures, but country code, etc and may be tempting to use this as an IDS/IPS solution. This will cause issues for a few reasons, cheif among them is that the system is not intended for permananent or indefinite mitigations. Additionally, signitures are only updated on software version upgrades.
  • We have been able to keep our highest-priority customers up and running during long-running attacks, preventing paying out SLA credits.
  • Our website and shopping carts have been victims of attacks we have been able to mitigate and avoid damage to our brand/company image.
  • We have run into some appliances that have been made end of life with little notice - as little as one month. It is difficult to get a return on your investment when your intended hardware lifecycle is thrown out the window.
We evaluated Corero and a number of external scrubbing services.

In the POC, we found Corero's mitigation capabilities to extremely limited beyond blocking common traffic types at preconfigured rates. It's not impossible to configure custom mitigation methods and countermeasures, but it requires a deep understanding of BPF and bytecode, where Arbor is checkboxes, radio buttons, and dialog buttons that all sit next to a graph showing traffic dropped and permitted by the current settings.

I'm not going to enumerate each of the cloud services evaluated because the decision came down to the same reasoning. The amount of traffic we receive is enough that it would be prohibitively expensive for our use case.
Return to navigation