Toronto Tech Week 2026 ran May 24-29 across downtown Toronto. Flowtriq was there all week, attending events, meeting people at venues from MaRS to the Discovery District, and running a guerrilla marketing campaign that involved a fake newspaper and a server tombstone.
Beyond the marketing, we had a lot of conversations with people who build and operate Canadian internet infrastructure. ISPs, hosting providers, MSPs, data center operators, and security teams. Here's what we learned.
DDoS protection is still an afterthought for most Canadian operators
The majority of small and mid-sized Canadian hosting providers and ISPs we spoke to don't have dedicated DDoS detection. They rely on customer complaints, Nagios/Zabbix threshold alerts on bandwidth, or manual monitoring during business hours. When an attack hits at 2 AM, nobody knows until the support tickets start coming in.
This isn't a technology problem. The tools exist. It's a cost and complexity problem. Enterprise DDoS solutions from Arbor, Radware, or Corero cost tens of thousands per year and require dedicated hardware and staff. For a 50-server hosting provider or a regional ISP, that's not realistic.
There's a clear gap in the market between "no protection" and "enterprise appliance." That's exactly where Flowtriq sits, and the conversations we had this week confirmed it.
Canadian operators care about data residency
This came up repeatedly. Canadian operators want to know where their monitoring data lives, who has access to it, and whether it crosses the border. PIPEDA (Canada's federal privacy law) and provincial regulations create real compliance requirements for handling network telemetry data.
Several operators told us they'd evaluated US-based monitoring tools and walked away because the data would be stored outside Canada, or because the vendor couldn't clearly answer where the processing happens.
For Flowtriq, this is a selling point. The agent runs on the customer's own infrastructure. Metrics and incident data are stored in the Flowtriq platform, but the raw traffic never leaves the customer's network. PCAPs are captured and uploaded on-demand, not streamed continuously. This model works well for Canadian compliance requirements.
BGP-based mitigation is underused
Most of the ISP and hosting operators we talked to have BGP-capable routers. Many of them peer at TORIX or other Canadian exchanges. But very few of them have automated BGP-based DDoS mitigation in place.
The common pattern is manual: an engineer notices an attack, logs into the router, and manually adds a blackhole route or a FlowSpec rule. This works, but it's slow, error-prone, and doesn't scale to 3 AM incidents.
Flowtriq's BGP mitigation engine automates this. When an attack is detected, the platform can auto-announce FlowSpec rate-limiting or drop rules, RTBH blackhole routes, or escalate to upstream cloud scrubbing. It supports ExaBGP, GoBGP, BIRD 2, and FRRouting, which covers the majority of BGP speakers used in Canadian networks.
The operators we talked to were interested but cautious. Nobody wants to auto-announce a blackhole route and accidentally take down a customer. That's why Flowtriq uses confidence-gated deployment with configurable thresholds, dry-run mode for testing, and automatic rollback on collateral damage detection.
The MSP opportunity is real
Several managed service providers we met are actively looking to add DDoS monitoring to their service stack. Their customers (law firms, fintech companies, e-commerce operators) are asking for it, especially after high-profile incidents in the Canadian market.
The challenge for MSPs is finding a tool that works across multiple customer environments, supports multi-tenancy, and has pricing that leaves margin for the MSP. A $10,000/year appliance doesn't work when the MSP is charging $200/month for a managed security bundle.
Flowtriq's per-node pricing ($9.99/node/month) and white-label option make this viable. An MSP can deploy agents across 50 customer servers, charge $20-30/node to their clients, and keep the margin. The white-label dashboard lets them brand it as their own service.
Flow-based monitoring is growing
We talked to several operators who are already running sFlow or NetFlow from their border routers but don't have a good tool to ingest and act on it. Some are parsing flow data with custom scripts. Some are running the open-source tools like ntopng or pmacct and building alerting on top.
The common complaint: these tools give you visibility but don't close the loop. They can tell you traffic spiked, but they can't classify the attack, alert your team on Slack, and push a FlowSpec rule to your router in the same workflow.
Flowtriq's flow source ingestion (sFlow v5, NetFlow v5/v9, IPFIX) and the new Mirror/SPAN mode are built for exactly this. Ingest from your routers, detect per-IP, auto-mitigate. One pipeline from detection to response.
The Toronto networking community is tight-knit
This was maybe the most valuable takeaway. The Canadian networking and infrastructure community, especially in Toronto, is smaller and more connected than the US market. People know each other. They meet at TORIX events, at PTC and NANOG, at the Canadian Telecom Summit. Recommendations travel fast.
For a bootstrapped company trying to break into the space, this is good news. One happy customer at a Toronto hosting provider tells three other operators about it. One deployment at a regional ISP gets noticed by the people they peer with.
Toronto Tech Week gave us a week of in-person conversations that would have taken months over email. The connections we made and the visibility we gained in the local networking community are worth more than any ad campaign.
What's next
We're doubling down on the Canadian market. Flowtriq is already used by hosting providers, ISPs, and MSPs in Canada and globally. The conversations at Tech Week reinforced that the product-market fit is strong for Canadian operators who need DDoS detection without the enterprise price tag.
If we met you at an event this week, thanks for the conversation. If we didn't, here's the pitch:
pip install ftagent sudo ftagent --setup
Sub-second DDoS detection. Automatic mitigation. $9.99/node/month. Flow sources from $19/source. Mirror/SPAN mode from $49/source. 7-day free trial, no credit card.