Darren AnsteeAs Chief Technology Officer at NETSCOUT Arbor, Darren is responsible for the technology strategy of our products and services that help customers see and understand network traffic in order to solve their most complex security challenges. He works closely with product management, security research, architects, engineering and sales organizations to drive alignment on the next generation capabilities that will help our customers across enterprise and service provider markets. Darren brings 22 years of experience in networking and security, including 14 years with Arbor. He was previously Principal Security Technologist. He reports directly to NETSCOUT Arbor President Brian McCann.

Sachi Mulmi (SM), researcher with Frost & Sullivan, had an opportunity to conduct a Movers & Shakers interview with Darren Anstee (DA), Chief Technology Officer, NETSCOUT Arbor.

SM: Can you start by providing our readers a brief overview of your company including the vision behind its formation and its current role in the market?

DA: Arbor was founded based on ground breaking research into the identification of distributed network threats at the University of Michigan, which then received a DARPA grant, finally launching Arbor Networks as a business in 2000.

Arbor began by focusing its efforts on providing traffic visibility and Distributed Denial of Service (DDoS, a primary Internet service availability issue) threat detection capabilities to service providers, which were just beginning to deal with DDoS attacks against their infrastructure and customers at that time. Today, Arbor equipment is used by nearly every major ISP, cloud and hosting provider globally to monitor their networks and protect the availability of Internet services.

As with all cyber threats, DDoS attacks have evolved and become more sophisticated, and now target organisations of all types and sizes. Arbor evolved its portfolio to address these changes, launching a hybrid / layered DDoS protection solution in 2010. This solution addressed the enterprise need for protection from more advanced, application layer DDoS attacks and provided MSSP partners with additional service and revenue opportunities.

Today, as part of NETSCOUT, Arbor offers the broadest portfolio of ISP visibility and DDoS detection and mitigation products and services on the market today. Our virtualized and NFV enabled portfolio scales from sub-100Mbps capacity to carrier-grade appliances with 400Gbps of mitigation capacity. Arbor Cloud, a fully managed service run by Arbor DDoS experts, has over 7Tbps of mitigation capacity spread across nine scrubbing centers globally.

SM: Continued innovation is the key to success in this growing industry. How is the process of innovation managed at your company?

DA: Arbor has maintained a leadership position in DDoS protection for fifteen years because of its focus on innovation. From our earliest days as a university and DARPA research project, innovation has been a part of our DNA. Over the years, we’ve developed a number of industry-firsts, from Fingerprint Sharing, which allowed ISPs to automate the sharing of attack fingerprints to collaborate in dealing with attacks, to cloud signalling which automates the interaction within hybrid DDoS protection capabilities, allowing the on-premise and cloud-based DDoS protection components to share information in an automated way.

Innovation is not just something that happens organically. It needs to be a part of the culture. It needs to be encouraged and nurtured. It needs to be given the time and resources to develop. There needs to be a lot of listening, to both customers and partners. We need to think about their business needs, pressures, concerns and opportunities both today and over the next 5 – 10 years.

Today, we’re highly focused on broadening and deepening the visibility our products provide at the service layer, improving automation, integrating into service delivery platforms (NFV) and leveraging the technology available to us from within NETSCOUT to improve our product value. The world is changing fast and standing still is not an option.

SM: What are the key requirements for a DDoS mitigation solution?

DA: Given that the first D in DDoS stands for Distributed, one critical capability is global insight into network traffic, to provide an early warning system for DDoS attacks. NETSCOUT Arbor has that through our ATLAS infrastructure, which collects data anonymously from ISPs around the world, giving our researchers insight into approximately 1/3 of all internet traffic. With this unique global lens, we are ideally situated to deliver insights into, and protections against, the botnets and attack tools that drive DDoS attacks globally.

Scale is also important. We are now in the era of terabit attacks. Dealing with these attacks requires both high-capacity intelligent mitigation infrastructure, and integration with a network’s own capabilities e.g. FlowSpec, BGP blackhole, to discard attack traffic.

Flexibility is also key. Arbor strongly recommends a hybrid, or multi-layer DDoS defense. This is required to defend against the full spectrum of today’s DDoS attacks. Large, high volume, attacks must be mitigated in the cloud where sufficient capacity exists to avoid network congestion, while application-layer and stateful attacks that target firewall, IPS devices and application servers are best defended via inline on-premise devices, or virtually inline instances.

Most important though is workflow and the ability to integrate into and support efficient operational processes. What good is a product and all of its bells and whistles if it is difficult to deploy and operate. Arbor puts tremendous focus on usability, UI design, automation, integration and workflow – this is something we have refined and evolved over our 15 year history.

Finally, whether you are using a managed security service or operating your own solution, one of the most important aspects of DDoS defense is experience and situational awareness. Operational playbooks, and regular exercises or experience in using them, are key. A cyber defense of any kind is only as good as your ability to use it.

SM: What factors are driving the growth of the DDoS mitigation market?

DA: There are a number of key factors. On the one hand digital transformation is making a broader range of businesses dependent on Internet services for day-2-day business continuity. Whether it is their use of SaaS services, cloud etc., regulatory requirements, or their interactions with their business partners and customers, most businesses today exist in a complex mesh of data and application services – and availability of those services is essential. This is driving demand for DDoS protection services.

Another key factor driving the growth of the DDoS mitigation market are the attacks themselves. We’re seeing more attacks now than we ever have done before, 7.5 million in 2017, and, they’re getting increasingly sophisticated. According to Arbor’s 13th annual Worldwide Infrastructure Security Report, last year there was a thirty percent increase in the number of enterprise organizations that experienced stealthy application-layer attacks, and a twenty percent increase in those who experienced multi-vector attacks that simultaneously target bandwidth, apps and infrastructure. At the same time, those who reported the cost of internet downtime at $501 to $1,000 per minute increased by nearly sixty percent. That is a risk situation that requires, and has, C-level attention.

SM: What is the size of the market now and what market segments are growing?

DA: That is what we rely on Frost & Sullivan for! Seriously, I would say that so many businesses today are stretched from a security perspective. So many threats, so many tools – and only so many resources and people. As a result, managed security services are increasingly popular, and that is true for DDoS protection as well.

We see strong growth in the service provider market, as they invest to protect themselves from today’s massive attacks. They’re also investing in their own DDoS managed services for their enterprise customers, and increasingly they are looking to target a broader range of their customers than they have done before. Arbor works with more than 60 service providers who use our technology both to protect their network and to offer revenue generating managed services.

As for industry verticals, it used to be that only certain segments were concerned with DDoS protection, such as financial services and gaming. Today, because the ability to launch DDoS attacks has been democratized by free tools and cheap for-hire attack services, nearly any business can become a target for virtually any reason. The threat landscape has changed dramatically.

If you have further questions/comments, please contact: sachi.mulmi@frost.com

For more information on DDoS Mitigation Global Market Analysis, please visit:

About Frost & Sullivan

For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models and companies to action, resulting in a continuous flow of growth opportunities to drive future success.

Frost & Sullivan

For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models and companies to action, resulting in a continuous flow of growth opportunities to drive future success.

Share This