Anti DDoS appliances: Riorey vs Fortinet vs ...?

Portal Home > Knowledgebase > Articles Database > Anti DDoS appliances: Riorey vs Fortinet vs ...?

Posted by gettinghit, 12-27-2012, 04:15 AM
Hey all- I am checking out options for a self-hosted anti-ddos appliance. It should be full 1gbps (1.4m pps). The options I know of are: avfirewalls.com/FortiDDoS-100A.asp ( $25k - ASIC architecture) riorey.com/products-rx.html RX4400 ( dont know price - commodity hardware with custom linux distro ) radware.com/Products/ApplicationNetworkSecurity/DefensePro_TechSpec.aspxDefensePro DefensePro 1006 (unknown price, unknown architecture) Does anyone have any comments on either one? Is there another option I am missing? I did read that palo alto networks firewalls have great ddos capabilitys baked in, but are not specifically anti ddos appliances. Arbor networks/nsfocus is too expensive for us, as we would like to keep prices at 25k or less. We are -not- interested in non-hosted solutions (prolexic, cloudflare, etc..) Thanks! Last edited by gettinghit; 12-27-2012 at 04:28 AM.
Posted by Snoork Hosting, 12-27-2012, 04:34 AM
Corero (TopLayer) is very good. We have few of them deployed in production and get the job well done. In office we have WatchGuard devices and are pretty neat. The web GUI is user friendly. They do also offer DDoS filtering policies.
Posted by gettinghit, 12-27-2012, 05:10 AM
What is the rice range on corero for 1gbps protection?
Posted by Snoork Hosting, 12-27-2012, 05:22 AM
I don't remember what we paid for the Corero device, but I was recently checking with Riorey on their DDoS devices and the basic one for 1 Gbps protections runs around $40,000 I heard Riorey is very good as well, but haven't used them personally. Their costs are also much higher than their competitors. Keep in mind that you need extensive knowledge in operating those DDoS mitigation devices. WatchGuard is probably the easiest one of all to use as its all in one solution that you can basically deployed in just a few minutes.
Posted by ddosguru, 12-27-2012, 05:49 AM
We have used both RioRey and Fortinet (IntruGuard) in the past and substantially prefer Fortinet for price, performance, and precision. From our experience in 2009, we were not at all impressed with RioRey. We're currently using the highest NSFOCUS models, but they also have 2 Gbps units which are probably in your budget range.
Posted by Z3r0Eff3ct, 01-28-2013, 10:51 PM
I just ordered the Corero device, 1000EC, which is their mid-high range. Hope it does well.
Posted by feastboy, 04-09-2013, 04:51 PM
Z3r0Eff3ct any review of corero device..?
Posted by kipper3d, 09-06-2014, 09:16 AM
I just want to chime in on this thread too - we currently use Riorey devices - specifically the rs10 and rs30s. 10gbps and 30gbps ddos protection. We've been pretty happy with them in terms of performance, stability and the ability to easily apply granular filtering per IP. Riorey is about 30% hardware and 70% software (I don't recall the exact percentages but you get the idea). The beauty of this is that each software update they've submitted, we've seen significant improvements to performance and new options for handling newer DDoS types that have popped up. They are a bit pricy though, but mitigation hardware is generally very expensive. If you work with them they will come down. The RS30 device has option for 10, 20 or 30gbs protection at different price ranges. Last edited by kipper3d; 09-06-2014 at 09:21 AM.
Posted by archerhashish, 08-12-2015, 06:16 AM
I am interested to know whom are you referring to by "their competitors" , what are the cheaper alternatives?
Posted by Z3r0Eff3ct, 08-12-2015, 01:33 PM
I posted here back in 2013. We have been using the Corero DDS device. For the most part it has done a good job. The issue with the device however was the connection usage limits which we've hit multiple times. Mostly during a DDOS attack which basically rendered the device useless. We've hit it even with attacks as small as 100mbps. The good news is that Corero did release newer devices called SmartWall appliances which are now about 20x more powerful, allowing 16m concurrent connections and 1m/sec connection setup rate. We also purchased these and are now in process of setting it up. At the same time, we also talked to RioRey on a call and they didn't have good things to say about Corero. From what I can gather, the largest difference between Corero devices is stateful inspection, while RioRey isn't. That means you can hit the upper connection limits with a Corero device on an attack. From my understand, they are two very different solutions and it is probably best if you call Corero and ask about their solution and how it compares to RioRey, then call RioRey and ask them how theirs compares to Corero. Your options are as follows: -Corero -RioRey -Radware (Which is what Akamai/Prolexic uses) -Fortinet These are the main players in the market.

Add to Favourites Print this Article