Mike,
What did you end up going with if not fastnetmon? Were you using their paid or free version?
I had intended to use the paid version once the ‘free trial’ proved to work, but for the previously mentioned reasons it did not and I gave up. Would still love to have this style of solution in my network and still open to other solutions, just haven’t really found anything else.
Mike,
The free trial is the paid version right? Just was wondering if you use the community or advanced paid version.
Check out Wanguard
Hi !
I was looking around (a couple years ago) for mitigation appliances (Riorey, Arbor, F5 and so on)… but the best and almost affordable solution I found was Incapsula/Imperva.
https://docs.imperva.com/bundle/cloud-application-security/page/introducing/network-ddos-monitoring.htm
Basically, You send your flows to Imperva on cloud for analysis. As soon as they find DDoS attack , they activate mitigation. It´s some kind of elegant-hybrid solution without on-premise appliances . Just check it out 
Regards,
JJ
Javier,
So is Imperva similar to how Kentik operates? What was it priced liked? I like the Kentik solution, but their per router per month pricing is too expensive even for a small network.
So is Imperva similar to how Kentik operates? What was it priced liked?
It is a nice model as you don't need additional hardware or virtual appliances on-prem, which cuts down on the CAPEX cost. Like everyone else, they price the scrubbing based on your clean traffic levels. Price I have is circa $73,000 a year for 250mbit clean traffic and circa $94,000 a year for 500mbit clean traffic. Reasonably good value if you get attacked a lot - a very expensive insurance policy if not. Yearly pricing is broadly on par with Radware, Arbor and A10 (Verisign).
If you are looking for remote scrubbing, I can high recommend DDoS-Guard (ddos-guard.com), they do not have any “limits” on the size or the number of attacks, the billing is simply based on the clean bandwidth. The highest they have mitigated for us is about 40G. You can either have it in an always on mode, with all incoming traffic coming via their 4 POPs (Los Angeles, Amsterdam, Hong Kong or Almaty) or you can use something like FastNetMon or DDoS-Guard’s own application that runs on any hardware and use eBGP to route the victim /24 over DDG’s network.
Hopefully you would be sending those flows out a different circuit than the one that’s going to get swamped with a DDoS otherwise… it might just take a while to mitigate that 
depending on the type obviously.
Phil,
This sounds like a different model to me. Kentik I think averages out around $500 per 10G per month. Kentik doesn’t do any scrubbing however. Does anyone have guide to DDoS services? Seems like there is a wide array of pricing and technology options.
This sounds like a different model to me. Kentik I think averages out around $500 per 10G per month
I was talking about Imperva