Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode NEW
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Trust Center/SOC 2

SOC 2 Trust Services Criteria Mapping

AICPA Trust Services Criteria · SOC 2 Type I / Type II

SOC 2 compliance requires demonstrable controls for security, availability, and processing integrity. DDoS detection and mitigation directly supports multiple Trust Services Criteria. This mapping shows exactly which criteria Flowtriq helps you satisfy.

7
Criteria Addressed
5
Full Coverage
2
Partial Coverage

Criteria Mapping

CriteriaDescriptionHow Flowtriq Addresses ItCoverage
CC6.1 Logical and physical access controls IP allowlisting prevents blocking trusted sources. Service port definitions control which ports are considered legitimate. Per-node API key authentication. Dashboard role-based access control for team members. Partial
CC6.6 Security measures against threats outside system boundaries Automated DDoS detection and mitigation at the network boundary. Per-packet analysis of all inbound traffic. Multi-layer defense: firewall rules, XDP/eBPF kernel filtering, BGP FlowSpec, RTBH. Threat intelligence feed integration with automatic blocking of known DDoS sources. Full
CC7.1 Detection and monitoring of security events Continuous 24/7 per-packet monitoring with 10-second reporting intervals. Adaptive baseline calculation using rolling statistical analysis. Configurable threshold multipliers for anomaly sensitivity. Agent health monitoring with heartbeat checks. Full
CC7.2 Monitoring system components for anomalies Per-second PPS/BPS anomaly detection across all monitored servers. L7 application-layer monitoring for HTTP request rate and error rate anomalies. Service port traffic classification to distinguish normal from anomalous patterns. IOC pattern matching against known attack signatures. Full
CC7.3 Evaluation of identified security events Attack classification across 8+ DDoS families with confidence scoring. Severity assessment based on traffic volume, attack type, and service impact. Protocol breakdown analysis. Source IP distribution and geolocation analysis. PCAP evidence for detailed event evaluation. Full
CC7.4 Incident response procedures Automated first-response mitigation (iptables, nftables, XDP, FlowSpec, RTBH). Alert routing to 12+ channels (Slack, PagerDuty, email, webhook, etc.) for human escalation. Configurable response modes: full auto-mitigation or alert-only monitoring. Manual override and custom rule deployment via dashboard. Full
A1.2 Recovery from processing disruptions Automatic mitigation removes attack traffic to restore service availability. Configurable block cooldowns with automatic unblock when attacks subside. Baseline recalibration after traffic pattern changes. Post-incident reporting for recovery documentation. Maintenance window support for planned changes. Partial
Auditor note: Flowtriq provides the technical controls for DDoS detection, monitoring, and response. Your SOC 2 auditor will also assess organizational controls (policies, procedures, personnel) and complementary controls provided by other systems. This mapping demonstrates the technical evidence Flowtriq contributes to your overall SOC 2 compliance posture.

Evidence Available for Auditors

Flowtriq provides the following evidence artifacts for SOC 2 audits:

Detection evidence: Historical traffic data, baseline calculations, threshold configurations, alert history
Response evidence: Mitigation action logs, firewall rule deployment records, attack timeline data
Forensic evidence: PCAP capture files, attack classification reports, source IP analysis
Availability evidence: Agent uptime metrics, heartbeat logs, service health checks
Configuration evidence: Dashboard audit trail, API access logs, threshold change history

Demonstrate SOC 2 DDoS controls

Deploy Flowtriq and provide your auditor with continuous monitoring evidence across 7 Trust Services Criteria.

Start Free Trial