Don’t wait,
be active
in
your defence

Choose the perfect plan for your needs

Plans & Pricing

The initial protection can be setup in less than 24h*

Basic

Remotely Triggered Black Hole

1 200

  • Wanguard installation
  • Hardware recommendation
  • Remote OS setup & tuning
  • Network update & tuning
  • Quagga setup
  • Wanguard attack thresholds setup
  • Wanguard training - 2h
  • Wanfilter with routing
  • ExaBGP with Flowspec setup
  • Extra training and customizations
Order now Is this the Right Plan for me?

Standard

Simple Filtering

2 000

  • Wanguard installation
  • Hardware recommendation
  • Remote OS setup & tuning
  • Network update & tuning
  • Quagga setup
  • Wanguard attack thresholds setup
  • Wanguard training - 2h
  • Wanfilter with routing
  • ExaBGP with Flowspec setup
  • Extra training and customizations
Order now Is this the Right Plan for me?

Optimal

Filtering with Flowspec

2 600

  • Wanguard installation
  • Hardware recommendation
  • Remote OS setup & tuning
  • Network update & tuning
  • Quagga setup
  • Wanguard attack thresholds setup
  • Wanguard training - 2h
  • Wanfilter with routing
  • ExaBGP with Flowspec setup
  • Extra training and customizations
Order now Is this the Right Plan for me?

Advanced

RTBH & Flowspec Filtering

3 000

  • Wanguard installation
  • Hardware recommendation
  • Remote OS setup & tuning
  • Network update & tuning
  • Quagga setup
  • Wanguard attack thresholds setup
  • Wanguard training - 2h
  • Wanfilter with routing
  • ExaBGP with Flowspec setup
  • Extra training and customizations
Order now Is this the Right Plan for me?

Price is VAT exclusive. For customers in the EU, a VAT will be added unless a valid EU VAT code is provided.

*Depending on customed preparation and response time.

Plans overview

Learn about possible scenarios and decide which of our plans will fit your needs.

Basic Scenario 1

Remotely Triggered Black Hole

Most popular protection against DDoS attacks is black hole routing (RTBH). This method is suitable when big volumetric attack is hitting Your network. Then the only way to survive and still have internet connectivity is to block the IP that is being attacked before it reaches Your network.Network will be protected, but the downside is that the attacked IP has no communication with outside world.

  1. Attack starts, traffic begins to rise above your bandwidth limit.
  2. Wanguard detects the attack and sends a BGP Update to the blackhole traffic.
  3. Router sends this BGP Update to ISP1 and ISP2 and the traffic gets blocked before hitting our router.
  4. Traffic returns to normal baseline.

Standard Scenario 2

Simple Filtering

This is the first form of filter/firewall that is supported by customer BGP router driven by Wanguard to create rules that block malicious traffic. The volume of attack must be within bandwidth available from ISP.

  1. Attack starts, traffic is within our bandwith limits.
  2. Wanguard detects the attack and send BGP Update to divert traffic for filtering.
  3. Filter is cleaning traffic with hardware or software firewall.
  4. Cleaned traffic is routed back to network/servers.

Optimal Scenario 3

Filtering with Flowspec

The most comprehensive filtering solution with very fine granular options of dropping or limiting malicious traffic. Hardware filtering for offloading traffic from network, to flow spec filtering on router and software firewall and SYN proxy for ultimate protection against Layer 7 attacks.

  1. Attack starts, traffic is within our bandwith limits.
  2. Wanguard detects the attack and send BGP Update to filter/drop malicious traffic on the router with Flowspec rules.
  3. Normal traffic flows to our network, bad one (with DDoS signatures) is filtred and send to trash (null route)

Advanced Scenario 4

RTBH & Flowspec Filtering

This option ensures survival of network during volumetric attacks as well as Layer 7 protection. Ultimate protection for every one where network outage is not an option.

  1. If attack is saturating our Uplinks to ISP1 and ISP2, we need to black hole it (RTBH) (Scanario 1).
  2. If attack is outside Flowspec abilities or other protection is needed then it needs to be diverted for traffic filtering to Wanguard Filter (Scenario 2).
  3. If attack is within our bandwith limits we can use Flowspec abilities to filter it on our router (Scenario 3).

Not sure which plan is best for you?

We’re here to help. Contact us or see frequently asked questions.

Contact us