MSPs
DDoS Protection
as a Managed Service
MSPs protect dozens of clients without dedicated security staff per account. Flowtriq gives you a single platform to monitor every client's infrastructure, detect attacks in under one second, and automate response -- all from one login.
The Problem
You manage dozens of clients. One of them just got DDoS'd.
MSPs manage infrastructure across many clients, each with different server counts, network configurations, and SLA requirements. When a client gets hit with a volumetric attack, the MSP is the first call. The client doesn't know what's happening -- they just know their site is down and they're losing money.
Without automated detection, your team is reactive. Someone notices high CPU or packet loss, logs into the server, runs tcpdump, tries to identify the attack vector, and eventually applies a manual firewall rule. By the time you've mitigated, the client has been down for 20 minutes and your SLA is blown.
Flowtriq turns DDoS response from a fire drill into an automated workflow. Detection fires in under one second, your team gets alerted instantly, the client's status page updates automatically, and the full mitigation chain (local firewall rules, BGP FlowSpec, and cloud scrubbing) triggers without human intervention.
- Client calls before you even know there's an attack
- Manual tcpdump analysis wastes critical minutes
- No visibility across clients from a single pane of glass
- Every attack is a scramble with no playbook
- SLA breaches erode trust and cost you contracts
- No forensic data to share in post-incident reports
Architecture
One workspace per client. Full isolation. Central oversight.
Flowtriq's multi-workspace architecture is purpose-built for MSPs. Create a separate workspace for each client with their own nodes, incidents, alert channels, and status page. Your MSP team gets admin access to every workspace while clients see only their own data.
Each workspace is fully isolated -- Client A never sees Client B's traffic data, incidents, or PCAPs. But your NOC team can switch between workspaces in one click, giving you a unified view of every client's security posture without any data leakage.
━━━━━━━━━━━━━━━━━━━━━━
├─ Workspace: acme-corp
│ ├─ acme-web-01 1,204 PPS
│ ├─ acme-web-02 892 PPS
│ └─ acme-db-01 340 PPS
├─ Workspace: globex-hosting
│ ├─ glx-edge-01 47,821 PPS ▲ ATTACK
│ └─ glx-edge-02 2,100 PPS
└─ Workspace: pinnacle-saas
├─ pin-app-01 3,401 PPS
├─ pin-app-02 2,880 PPS
└─ pin-cdn-01 5,120 PPS
Workflow
What happens when a client gets attacked
From detection to resolution, Flowtriq handles the entire incident lifecycle. Your NOC team stays informed without needing to intervene manually.
Attack hits Client B's web server
A 2.4 Gbps UDP amplification flood targets glx-edge-01 in the Globex workspace. PPS spikes from 2,100 to 47,000 in under a second.
Flowtriq detects and classifies the attack
The FTAgent on glx-edge-01 detects the anomaly, classifies the traffic as NTP amplification with 97% confidence, and fires an incident in the Globex workspace.
Alerts fire to your NOC and the client
Your NOC team gets a Discord alert. Globex's ops team gets a Slack notification and an email. The Globex status page updates to show an active incident. All automatic, all simultaneous.
Auto-escalation activates
Flowtriq applies local firewall rules instantly, then escalates to BGP FlowSpec filtering at the network edge. For this 2.4 Gbps flood, cloud scrubbing via OVH VAC activates as the final tier. Traffic is cleaned upstream. The server stays online. No manual intervention required.
Attack subsides, normal routing restores
Seven minutes later, attack traffic drops below threshold. Flowtriq auto-withdraws the OVH mitigation, resolves the incident, and updates the status page. A full incident report with PCAP data is available for Globex's post-mortem.
Features
Built for multi-client operations
Everything an MSP needs to deliver DDoS protection as a managed service, without building it from scratch.
Multi-Workspace Management
Create a separate workspace for each client. Full data isolation, independent baselines, and per-client incident histories. Switch between workspaces in one click from the dashboard top bar.
Role-Based Access Control
Give your NOC team admin access across all workspaces. Invite client staff with read-only access so they can view their status page and incident history without touching configurations.
White-Label Status Pages
Every workspace gets its own public status page with a custom slug. Clients share their status page with their own customers, branded to their identity -- no mention of your MSP or Flowtriq.
Per-Client Alert Routing
Configure separate notification channels for each workspace. Route Client A's alerts to their Slack channel and your NOC Discord. Route Client B's alerts to PagerDuty and their ops email. Fully independent.
SLA Reporting
Generate incident reports with detection timestamps, classification data, MTTR, and resolution details. Share branded PDF reports with clients to prove your SLA compliance and justify your service fees.
Multi-Layer Mitigation Per Client
Configure the full mitigation stack per workspace: local firewall rules, BGP FlowSpec adapters, RTBH communities, and cloud scrubbing credentials for Cloudflare Magic Transit, OVH VAC, Path.net, or Hetzner. When Client A gets attacked, Flowtriq auto-escalates through all tiers. Other clients are unaffected.
Traffic Intelligence & Transit Analytics
Per-workspace traffic intelligence with top talkers, protocol trends, and anomaly detection. 95th percentile transit measurement per node helps verify provider invoices and plan client capacity. Export CSV reports for client billing reviews.
Terraform & Prometheus
Manage client nodes at scale with the Terraform provider. Export per-node metrics to Prometheus for unified Grafana dashboards across all client workspaces. REST API for automation and custom integrations.
Onboarding
Add a new client in under 10 minutes
Onboarding a new client to Flowtriq takes three steps: create a workspace, install the agent on their servers, and configure alert channels. The entire process takes less than 10 minutes per client, regardless of how many servers they have.
Once onboarded, the agent begins learning the client's traffic baseline immediately. Within 24 hours, Flowtriq has a statistical model of normal traffic patterns for every monitored interface. No tuning, no manual threshold setting, no per-client configuration files.
Name: delta-logistics
Slug: delta-logistics
OK workspace created
Step 2: Deploy agents
delta-web-01: agent installed
delta-web-02: agent installed
delta-db-01: agent installed
Step 3: Configure alerts
NOC Discord: connected
Client email: connected
Baseline learning started.
Full protection in ~24 hours.
_
Revenue
Turn DDoS detection into a profit center
DDoS monitoring is a natural upsell in any managed services contract. Your clients already trust you with their infrastructure -- adding real-time attack detection to your service catalog is a straightforward value-add that most clients will accept without hesitation.
You pay Flowtriq $9.99 per node per month (or $7.99/node on annual billing). You set your own pricing to clients. Most MSPs charge $15-30 per server per month for DDoS monitoring, creating healthy margin on every node.
With 50 client servers, that's $500/month to Flowtriq and $750-1,500/month from clients. The service runs itself -- fully automated detection, alerting, and mitigation with zero manual overhead per incident.
Example: 50-Node MSP Portfolio
| Line Item | Monthly |
|---|---|
| Flowtriq cost (50 nodes) | -$499.50 |
| Client billing @ $20/server | +$1,000.00 |
| Client billing @ $30/server | +$1,500.00 |
| Net margin (@ $20) | +$500.50/mo |
| Net margin (@ $30) | +$1,000.50/mo |
Annual billing reduces your cost to $7.99/node. Volume discounts available at 50+ nodes.
Comparison
Managing attacks manually vs. with Flowtriq
Manual DDoS Response
- Client calls you before you know there's an attack
- SSH into server, run tcpdump, analyze manually
- 20-40 minutes to identify attack vector
- Write iptables rules by hand under pressure
- No forensic data for post-mortem reports
- SLA breach on every significant attack
Automated with Flowtriq
- Alert fires in under 1 second -- before the client notices
- Attack classified automatically (SYN, UDP, DNS, etc.)
- Cloud scrubbing triggers without human intervention
- Client status page updates in real time
- Full PCAP capture and incident forensics
- SLA compliance with sub-minute MTTR
FAQ
Common questions from MSPs
Can each client have their own workspace?
Yes. There is no limit on the number of workspaces you can create. Each workspace is fully isolated with its own nodes, incidents, alert channels, status page, and team members. Your MSP staff can be members of every workspace with admin privileges, while client staff only see their own workspace.
Can we brand the status pages for each client?
Yes. Every workspace has access to the public status page at flowtriq.com/status. Clients can share this URL with their own customers. The status page shows real-time node health and incident history -- no MSP branding or cross-client data is exposed.
How do we bill our clients?
You set your own pricing. Flowtriq bills you per active node at $9.99/month (or $7.99 on annual billing). How you package and price this for your clients is entirely up to you. Most MSPs bundle DDoS monitoring into their managed services contract or offer it as an add-on line item at $15-30 per server per month.
Can we invite client staff to their workspace?
Yes. Each workspace supports unlimited team members with role-based permissions. Invite client staff with the read-only role so they can view their status page, incident history, and analytics without being able to modify configurations or alert channels. Your MSP team retains admin or owner access.
White-Label
Sell it as yours. $7.99/node.
White-label the entire Flowtriq platform under your MSP brand. Your clients log into your domain, see your logo, and contact your support team. They never know Flowtriq exists.
The economics: You pay $7.99/node/month. Most MSPs bill clients $15–30/server. That's 50–75% margin on a service that runs itself.
What's included: Custom domain via CNAME, full visual rebrand (logo, favicon, colors, fonts), branded login page, custom CSS overrides, and custom support links. One-time $200 deposit that's applied as billing credit.
Or use it internally: Not every MSP wants to resell. You can also run Flowtriq at $9.99/node as an internal NOC tool — monitor client infrastructure without exposing any dashboard to clients. Use status pages and incident reports for client-facing communication instead.
Your cost 50 nodes × $7.99 = $399.50/mo
You charge 50 nodes × $20.00 = $1,000.00/mo
────────────────────────────────────
Margin $600.50/mo (60%)
Annual $7,206/yr recurring revenue
What your clients see:
✓ Your logo, your domain, your colors
✓ Your support email + URL
✗ No Flowtriq branding anywhere
Related Use Cases