[c-nsp] Anomaly Detection Module/Anomaly Guard Module

[Byrd, William]

Sorry if this comes through as a double post. I sent it hours ago but I
never saw it show up.

As I am in the process of wrapping up an Arbor Peakflow SP deployment right
now I'd whole heartedly agree with this statement. A few things I'd strongly
recommend to anyone deploying this with Cisco gear keep in mind however:

- You're not getting TCP flags off of 6500/7600 routers
- The Supervisors for 6500/7600 routers do not currently generate Netflow
for MPLS switched packets (majority of this SP's traffic)
- Netflow in general on the 6500/7600 routers isn't wonderful. You'll
probably need to be running pretty new code to get any kind of worthwhile
Netflow data
- If you purchase the Arbor TMS you might have to do a lot of work with it
to get it installed and mitigating attacks in a way that works on your
network. The TMS is amazingly flexible however so you have a lot of
different options for this.

Caveats listed above aside the Arbor support staff and in particular our
Sales Engineer have been wonderful and amazingly responsive. My Sales
Engineer has worked with me as late as 11:30 - 12:00 EST on getting our
deployment up and running. (12 - 14 hour days. Mind blown.)

If you're seriously looking into buying a security product I'd throw my
suggestion behind the Peakflow SP solution. Arbor really has incredible
support. Cisco could stand to learn a few lessons from them on how to run a
Support organization.

-Will (No I do not work for Arbor)

On Thu, Oct 8, 2009 at 5:05 PM, Scott Granados <gsgranados at comcast.net>wrote:

> Arbor Networks has some great products in this area.
>