F5 BIG-IP software from Seattle-based F5 Networks is a load balancing and application protection solution suite available on cloud or via virtual editions, on a subscription or perpetual licensing basis.
N/A
NETSCOUT Arbor DDoS Protection
Score 10.0 out of 10
N/A
NETSCOUT Arbor DDoS Protection security software offers protection across multiple layers of the OSI model. It provides security measures for Layer 2 (Data Link layer) through Layer 7 (Application layer), ensuring complete protection for network infrastructure.
Definitely in larger environments, more mature organizations that obviously have the budget to spend and want best in class. Where it struggles is those organizations that don't have the funding and money to spend on it and need more basic functionality. So I'd say that's smaller customers we've worked with and kind of mid-market. They tend to get scared when they get the quotes. Also we've had some struggles with account team consistency. So for the sales team, just a lot of turnover and a lot of missteps on customer calls.
If you receive layer 7 attacks on a regular basis targeting critical infrastructure that needs to stay up, this is a good fit in conjuction with out-of-band TMS or in-band APS. This is obviously going to be contingent on your budget.
Not a good fit
If you are looking to mitigate large volume attacks that are saturating your uplinks to the Internet and taking your entire network down, this (or any on-premesis solution, for that matter) is not the solution for you. Look into any external DDoS scrubbing service to let them take the blow and return only the clean traffic to you.
The Peakflow system has many features similar to an IPS with the ability to block traffic based on layer 7 signatures, but country code, etc and may be tempting to use this as an IDS/IPS solution. This will cause issues for a few reasons, cheif among them is that the system is not intended for permananent or indefinite mitigations. Additionally, signitures are only updated on software version upgrades.
The great thing is the IP address management that's happening. When you set up the network it's very easy and you don't have to keep on configuring everything together. Again, it's very streamlined and it's one of the biggest players there in the market for this work.
Arbor's layer 7 countermeasures are very good out of the box, but it is very easy to reconfigure values and see the impact in real-time.
Peakflow SP provides fairly detailed traffic analysis and breakdown for top-N data such as top talkers, top ASNs, top ports and so on. They offer "SP Insight" as a product to build in more powerful reporting on the already-collected metrics with an interface very similar to Kibana or one of its many forks. We are not licensed for that so I can't speak to its capabilities.
Arbor allows for a good amount of automation. Fast flood detection ensures that if pre-determined thresholds are quickly exceeded, preconfigured mitigations can be started or in the event of an extremely large volumetric attack you can trigger an Arbor Cloud (sold separately) mitigation or a remotely-triggered blackhole announcement to drop traffic to the attacked destination IP address(es) upstream.
ATAC (Arbor support) is very helpful. The level of support our organization maintains covers ATAC performing all update functions to all Arbor appliances - SP and TMS.
Well, not necessarily the features. I find that we have to change our processes in order to kind of match what F5 BIG-IP does. And it's not a bad thing, it's just that a lot of my engineers want to do it their way, not they F5 BIG-IP way.
Arbor is a highly expensive company. this was the major reason behind not going for the Arbor sightline in the first place. Although its features are good but the cost is unjustifiable.
The implementation and the understanding of this tool are full of complexity and perplexity.
I am looking forward to having a new update on it. They used to update their versions quite frequently but it's been a long time they haven’t updated or maybe it is not in their priority lists right now.
It's not difficult to understand the parts of application configurations and features. Setting up new virtual servers with multiple profiles, certificates, and nodes is easy for new users through the web interface, which also translates to programability in scripts, DevOps, or other configuration management use-cases. Users from different backgrounds such as networking and infrastructure can use F5 BIG-IP, while users who are familiar with API calls can easily configure objects without needing to understand the platform at all.
On the occasions when we've had to engage f5 support, they have been great. They have always resolved our issues quickly and been easy to work with and professional. The reason I give them a 10 out of 10, however, is because when we've had issues that have crossed over between the f5 BIG-IP, our Cisco switches, and our Microsoft IIS server the f5 support representatives have been extremely knowledgeable about every product and device involved and have been able to troubleshoot end-to-end without having to engage other vendors.
We chose Cisco because we had past experience with some Cisco products and we were ready to invest a high cost for Cisco Secure but unfortunately it didn’t come up to our expectations and left us in despair. The speed, the price and the analytics of Cisco, everything was just average but when we moved to Arbor we came to realize that market still have some good network analytics tool.
I would say from a security perspective, because I manage security, availability is sort of the key area for us and making sure that is properly handled through BIG-IP, that is the biggest business success, I would say from the product perspective.
