Flowtriq uses per-node pricing, so we have a position on this topic. All competitor figures below come from publicly available pricing pages as of June 2026. We will show you the math and let you run your own numbers.
How DDoS detection is priced today
The DDoS detection market has settled into four licensing models. Each one ties your cost to a different variable, and that variable determines how your bill behaves as your network grows.
1. Per-Gbps: license by monitored bandwidth
Enterprise vendors like Arbor (Netscout) and software tools like FastNetMon Advanced charge based on the maximum bandwidth your network can generate. You buy a tier, and if your traffic exceeds it, you upgrade.
FastNetMon Advanced pricing: $115/month for 10 Gbps, $220/month for 40 Gbps, $350/month for 100 Gbps, and custom pricing above that. There is also an $85 one-time activation fee on non-enterprise plans.
2. Per-component: license each functional piece separately
Andrisoft Wanguard charges per component. According to their online store: Sensor at $990/year, Filter at $1,590/year, Console at $990/year. You need all three for a complete detection and mitigation stack, which totals $3,570/year ($297.50/month) for one deployment.
3. Per-node: flat fee per monitored server
Flowtriq charges $9.99/node/month. A node running 100 Mbps costs the same as one pushing 10 Gbps. Detection, mitigation, dashboard, unlimited users, and support are included. No bandwidth tiers, no per-component add-ons.
4. Per-appliance CapEx: buy the hardware
Vendors like Corero sell purpose-built hardware appliances. You pay a large upfront cost for the box plus an annual support and subscription fee. Pricing is not public but typically starts in the five-figure range for a single appliance, with annual maintenance at 15-20% of the purchase price.
The per-Gbps trap
Bandwidth-based licensing creates a specific problem: your detection cost scales with traffic, not with the infrastructure you are actually protecting. Here is why that matters.
Consider a hosting provider running 15 servers behind a 10 Gbps uplink. They sign up for FastNetMon at the 10G tier: $115/month. Business grows. They upgrade their uplink to 40 Gbps to handle increased traffic. Their server count goes from 15 to 18. Three new servers, 20% more infrastructure. Their DDoS detection bill? $220/month. That is a 91% cost increase for 20% more infrastructure.
Now they grow to a 100 Gbps uplink. Maybe they have 25 servers now. FastNetMon jumps to $350/month. Their bandwidth grew 10x from the original 10 Gbps, their server count grew 67%, and their detection bill tripled.
This creates three specific problems:
- Bandwidth growth outpaces server growth. Modern hosting often means higher per-server utilization, not more servers. Upgrading from 1 Gbps to 10 Gbps ports does not mean you added servers. It means your existing servers are busier. Your detection cost should not increase because your servers got faster.
- Perverse incentive to under-monitor. When monitoring costs scale with bandwidth, operators are tempted to monitor a subset of their capacity. They point detection at a sample of traffic rather than all of it. This creates blind spots, and blind spots during an attack mean missed vectors.
- Budget unpredictability at tier boundaries. You pay the same whether you use 11 Gbps or 39 Gbps on the 40G tier. But crossing from 10.1 Gbps to the 40G plan is a $105/month jump. These staircase increases make budgeting difficult for growing networks.
Per-component pricing: Wanguard's model
Wanguard avoids the bandwidth trap by charging per functional component instead of per traffic volume. A single Sensor license covers one flow exporter with no traffic cap. That is a genuine advantage over bandwidth-based licensing.
But per-component pricing introduces its own cost pressure. A full Wanguard deployment requires:
- Sensor: $990/year - collects and analyzes flow data from one exporter
- Filter: $1,590/year - applies mitigation rules
- Console: $990/year - web interface for management
That is $3,570/year ($297.50/month) for a single-site deployment. If you operate three sites, each with its own flow exporter, you need three Sensor licenses and three Filter licenses. The Console can be shared, but sensors and filters cannot. Three sites: $990 + ($990 x 3) + ($1,590 x 3) = $8,730/year ($727.50/month).
Wanguard also does not include per-server visibility. It monitors network flows at the router level. If you want to know which process on which server is generating anomalous traffic, you need additional tooling. The licensing model covers the detection infrastructure, not the endpoints themselves.
What per-node pricing looks like in practice
Per-node pricing ties cost to the thing you are actually protecting: servers. Here is what Flowtriq costs at different scales:
| Server count | Monthly cost | Annual cost (20% off) | Cost per server |
|---|---|---|---|
| 10 servers | $99.90/mo | $959.04/yr | $9.99/server |
| 50 servers | $499.50/mo | $4,795.20/yr | $9.99/server |
| 200 servers | $1,998.00/mo | $19,180.80/yr | $9.99/server |
| 500 servers | $4,995.00/mo | $3,996.00/mo (annual) | $7.99/server |
The math is linear. Add a server, add $9.99. Remove one, remove $9.99. No tier jumps, no staircase pricing, no renegotiation.
The bandwidth variable disappears entirely. Growing your uplink from 10 Gbps to 100 Gbps with the same server count? Same price. Upgrading every server from 1 Gbps to 10 Gbps ports? Same price. Your per-server utilization can double, triple, or spike during a DDoS attack, and your detection bill does not change.
Side-by-side comparison
| Per-Gbps | Per-Component | Per-Appliance | Per-Node | |
|---|---|---|---|---|
| Cost model | Bandwidth tiers | Sensor + Filter + Console | Hardware CapEx + annual support | Flat fee per server |
| Scales with | Traffic volume | Monitoring points | Appliance count | Server count |
| Growth penalty | Tier jumps (91%+ increases) | Linear per component | Large CapEx per unit | Linear ($9.99/server) |
| Budget predictability | Low (tier boundaries) | Medium | Low (CapEx cycles) | High (linear scaling) |
| Cloud-friendly | Partial | No (requires dedicated VMs) | No (physical hardware) | Yes (agent-based) |
| Starting cost | $115/mo (FastNetMon 10G) | $297.50/mo (full stack) | $10,000+ CapEx | $9.99/mo (1 node) |
| Hidden costs | $85 activation, $70/user dashboard, dedicated server | Priority support add-on, server hardware | Annual maintenance (15-20%), rack space, power | None (dashboard, users, support included) |
When per-Gbps makes sense
Per-Gbps licensing is not always the wrong choice. It makes sense in specific scenarios:
- Central aggregate monitoring. If you are an ISP monitoring flows from a core router and you need a single pane of glass for all transit traffic, bandwidth-based licensing aligns with your existing capacity planning model. You already think in Gbps, and your vendor contracts are structured around it.
- Bandwidth-priced business models. If your revenue scales with traffic (transit resale, CDN, bandwidth brokerage), your detection cost scaling with traffic is at least proportional to revenue. The economics stay aligned even as costs increase.
- Inline mitigation requirements. If you need hardware that sits in the data path and scrubs traffic at line rate (Corero SmartWall, Arbor TMS), the appliance cost inherently scales with throughput capacity. Per-Gbps licensing matches the hardware economics.
When per-node makes sense
Per-node pricing is the better fit for the majority of hosting and infrastructure operators:
- Individual server protection. If each server needs its own detection and you want per-server visibility into attack traffic, per-node pricing matches the unit of protection to the unit of cost.
- Bandwidth growing faster than server count. If you are upgrading uplinks, adding transit, or enabling higher-speed ports without adding proportional servers, per-node pricing keeps your bill stable while per-Gbps licensing punishes the upgrade.
- Predictable costs regardless of traffic spikes. DDoS attacks cause traffic spikes. With per-node pricing, a 50 Gbps attack against your 20-server infrastructure does not change your detection cost. With per-Gbps pricing, that spike might push you into a higher tier.
- Mixed environments. If you deploy across cloud instances, bare metal servers, and VPS hosts, each one counts as one node at $9.99/month. No separate licensing for cloud vs. on-prem, no component juggling between environments.
- Starting small. One server, one node, $9.99/month. No minimum commitment beyond that single node. No license renegotiation as you scale from 5 to 50 to 500 servers.
$9.99/node/month. No bandwidth tiers. No surprises.
Detection, mitigation, dashboard, unlimited users, and support included with every node. Start your 14-day trial and see per-node pricing in practice.
Start Free Trial →Frequently asked questions
Why is DDoS protection priced per Gbps?
Is per-node pricing cheaper than per-Gbps?
The bottom line
Every pricing model optimizes for a different variable. Per-Gbps optimizes for the vendor's revenue at the expense of growing networks. Per-component optimizes for modular deployments but adds complexity. Per-appliance optimizes for inline performance but requires CapEx cycles. Per-node optimizes for the operator by tying cost to the infrastructure being protected.
If your bandwidth is growing, if you are upgrading ports, if you are adding transit, your DDoS detection cost should not be the thing that penalizes that growth. Run the math on your own deployment. Map out your server count and bandwidth trajectory over 12-24 months. The model that costs least today might not be the model that costs least next year.