PoC for shortlisted DDoS Vendors

In our effort to pick up a reasonably priced DDoS appliance with a
competitive features, we're in a process of doing a PoC for the
following shortlisted vendors:

1- RioRey
2- NSFocus
3- Arbor
4- A10

The setup will be inline. So it would be great if anyone have done this
before and can help provide the appropriate tools, advices, or the
testing documents for efficient PoC.


Hi Mohamed,

We recently introduced a community RTBH service called UTRS that might
be a useful tool in your toolbox. Automated route relay went into
effect not long ago and it seems to be working well. It isn't
equivalent to any of the vendors you listed, but complimentary (and
completely free :slight_smile: so I hope you don't mind me mentioning it. You can
find more about it here:


As for other tools...

NfSen may be an open source option you want to consider. It can be
extended with plugins you or others provide:


Team Cymru has leveraged that with a set of plug-ins based on our
insight for your network. If you want to talk to us about it, see:


You might also check out:


Cisco has, or had the Cisco Guard family of products, formerly based on
the Riverhead acquisition, but that platform was end-of-sale some time
ago and is effectively dead. They (and some other hardware vendors)
have since begun to license Arbor into their gear.


I have recommended RioRey to our clients. There have been no, or only minor, issues with any of the testing, mismatch with optics and that was a client issue. The RioRey box can be set in full bypass, monitor, or mitigation. You can install in bypass mode first to make sure everything is wired
up correctly, then switch on monitor mode and see how it is doing. When your comfort level increases you can turn on full mitigation mode. Full disclosure I did work for RioRey years back, but for our clients we always try to recommend what works best for the client.