Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
Docs
Documentation Quick Start API Reference Agent Setup Integrations 18
Learn
Free Tools 37 Free Certifications State of DDoS 2026 REPORT DDoS Protection Landscape Buyer's Guide PDF Hackathon Sponsorships
Company
About Us Become a Consultant 30% Partners White Label Managed Protection Contact Us System Status
Open Source
ftagent-lite MIT NetHawk MIT
Legal
Security Trust Center Terms & Privacy
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All use cases →
Managed SOC for Hosting

Your Customers Expect 24/7 Protection.
You Don't Need to Build a NOC.

Hosting providers with 10-50 servers face a tough choice: hire a full-time NOC team or hope auto-mitigation handles everything. Flowtriq Managed gives you a third option. Our analysts monitor your infrastructure, respond to incidents, and tune your detection thresholds so you can focus on growing your hosting business instead of firefighting DDoS attacks.

The Problem

DDoS attacks cause customer churn, SLA violations, and reputation damage

When a DDoS attack hits one of your customer's servers, the damage spreads. Shared uplinks saturate, adjacent tenants experience packet loss, and your abuse inbox fills up. If you can't respond fast enough, customers leave for a host that can protect them.

Most hosting companies don't have a dedicated security team. The people managing your infrastructure are the same people handling sales, support, and provisioning. Asking them to also be DDoS response experts is unrealistic.

And hiring a 24/7 NOC team costs more than your entire revenue. You need expert DDoS response without the headcount.

typical hosting DDoS incident
02:14 AM Attack begins on customer VM
02:14 AM Flowtriq auto-mitigates (firewall rules)
02:22 AM Attacker shifts vectors, re-floods
02:22 AM Auto-rules partially effective
02:23 AM Shared uplink saturating
02:23 AM Your phone is off. You're asleep.

WITH MANAGED RESPOND:
02:22 AM Analyst alerted, reviewing
02:24 AM Analyst escalates to BGP scrubbing
02:25 AM Clean traffic restored
02:26 AM Incident report filed

You wake up to a summary. Not to chaos.

Why Managed

Self-serve detection is powerful. Managed makes it complete.

Flowtriq's automated detection and mitigation handles the majority of attacks without human intervention. But hosting providers face scenarios where expert judgment matters: multi-vector attacks, persistent adversaries, threshold tuning for diverse workloads, and upstream provider coordination.

Self-serve alone

  • Auto-mitigation handles simple floods
  • Complex multi-vector attacks need human judgment
  • Thresholds set once and left until something breaks
  • You coordinate with upstream providers yourself
  • Incident reports written by your team (if at all)
  • Off-hours attacks wait until morning
  • No proactive tuning as traffic patterns change

Self-serve + Managed SOC

  • Auto-mitigation still runs, analysts handle escalations
  • Trained analysts respond to complex attack scenarios
  • Monthly threshold optimization based on real traffic data
  • Analysts coordinate with OVH, Hetzner, Cloudflare directly
  • Post-incident reports delivered to your inbox automatically
  • 24/7 on-call response (Respond and Dedicated tiers)
  • Proactive tuning catches drift before it causes false positives

Outcomes

What managed protection means for your hosting business

Reduce customer churn

When attacks are resolved before customers even notice, they stop looking for "better protected" alternatives. Your retention improves because your protection actually works around the clock.

Meet SLA commitments

Promising 99.9% uptime is easy. Delivering it during a sustained DDoS campaign is hard. Managed analysts ensure mitigation happens fast enough to keep you within your SLA windows.

Reclaim your team's time

Your operations team spends hours per incident on manual investigation and response. With managed, that drops to zero. They read a summary the next morning and move on.

Fewer abuse tickets

Fast mitigation means fewer tenants impacted, which means fewer tickets filed. Your support queue gets lighter and your customer satisfaction scores improve.

Sell protection as a feature

Market "managed DDoS protection included" to your customers. It becomes a competitive advantage and a reason to choose your hosting over commodity alternatives.

Protect your reputation

Hosting review sites and forums are full of complaints about providers that can't handle DDoS. Managed protection keeps your name out of those threads.

Service Tiers

Choose the level of coverage your hosting business needs

Watch
$499/mo
CoverageBusiness hours
Mon-Fri 8am-8pm ET
MonitoringAlert review + triage
Incident responseAlert forwarding with context + recommendations
Response timeNext business hour
TuningMonthly threshold review
ReportingMonthly summary
CommunicationEmail
Dedicated
$3,999/mo
Coverage24/7 on-call
MonitoringNamed analyst assigned to your network
Incident responseCustom runbook execution: your analyst knows your topology
Response time5 minutes
TuningContinuous tuning + proactive threat hunting
ReportingMonthly + post-incident + quarterly review
CommunicationEmail + Slack/Teams + direct phone

All tiers month-to-month with no commitment. Annual billing saves 20%. Managed tiers are in addition to your Flowtriq platform subscription.

How It Works

What our analysts do for your hosting operation

Alert triage: Every alert from every node in your fleet is reviewed by a human analyst. They determine severity, identify the target, and assess whether auto-mitigation is handling the attack effectively.

Active response: On Respond and Dedicated tiers, analysts take hands-on action. They adjust firewall rules for multi-vector attacks, escalate to BGP FlowSpec or RTBH when local mitigation isn't enough, and coordinate with your upstream scrubbing provider.

Threshold tuning: Your traffic patterns change as you add customers and workloads. Our analysts review baselines monthly and adjust detection thresholds to minimize false positives while keeping detection sensitivity high.

Reporting: Post-incident summaries explain what happened, what was done, and what to expect next. Monthly reports track trends across your fleet so you can make informed capacity and security decisions.

managed analyst workflow
INCIDENT #4821 node: web-host-14

02:14:01 Alert received by on-call analyst
02:14:15 Analyst reviews: UDP flood, 2.8 Gbps
02:14:22 Auto-mitigation confirmed active
02:17:40 Attacker shifts to TCP SYN + GRE
02:18:02 Analyst deploys SYNPROXY rules
02:18:15 Analyst enables GRE drop filter
02:18:30 Traffic normalized
02:19:00 Upstream scrubbing on standby
02:45:00 Attack subsides, rules withdrawn

Post-incident report: sent
Customer impact: none
Your involvement: none

FAQ

Questions from hosting providers

Do your analysts understand multi-tenant hosting environments?

Yes. Our analysts are trained on shared infrastructure scenarios where a single attack can degrade service across an entire hypervisor or rack. They know how to isolate blast radius, apply per-node mitigation, and coordinate with upstream providers without impacting adjacent tenants.

What happens if an attack hits outside business hours on the Watch tier?

Flowtriq's automated detection and mitigation runs 24/7 regardless of your managed tier. On the Watch tier, analyst review and recommendations are delivered the next business day. If you need 24/7 human response for complex or persistent attacks, upgrade to the Respond tier.

Can your analysts coordinate with my upstream provider (OVH, Hetzner, Cloudflare)?

Absolutely. On the Respond and Dedicated tiers, our analysts handle upstream coordination directly. They can trigger BGP scrubbing, file mitigation requests with your provider, and verify clean traffic return, all without waking up your team.

How is this different from just using Flowtriq self-serve?

Self-serve gives you the detection platform. Managed adds human analysts who review every alert, tune thresholds based on your traffic patterns, respond to incidents with hands-on mitigation, and provide post-incident reporting. It is the difference between having a fire alarm and having a fire department.

Do I still have control over my Flowtriq account?

Yes, full control. Analysts use the "Analyst" RBAC role, which grants read/write on detection and mitigation settings but zero access to billing, API keys, or user management. Every analyst action is logged in a tamper-evident audit trail.

Can managed analysts help onboard new customer nodes?

On the Dedicated tier, your named analyst can assist with onboarding new nodes, configuring per-node thresholds, and building runbooks for specific customer segments. On Watch and Respond, your team handles provisioning and our analysts handle the detection and response side.

What does the monthly tuning report include?

Each report covers: incidents handled and their outcomes, threshold adjustments made, false positive analysis, traffic pattern changes, and recommendations for the coming month. On the Dedicated tier, reports also include proactive threat intelligence relevant to your IP space.

Is there a minimum contract length?

No. All tiers are available month-to-month with no commitment. Annual billing saves 20%. You can upgrade, downgrade, or cancel at any time with no penalties.

Get Started

Ready to Stop Losing Customers to DDoS?

Let our analysts protect your hosting infrastructure while you focus on growing your business. Month-to-month, cancel anytime.