Why You Need a DDoS SLA
Most hosting providers say "DDoS protected" on their website but have no formal SLA defining what that means. When an attack happens and a client asks "what does DDoS protected mean exactly," the answer is usually vague. That vagueness erodes trust.
A DDoS SLA defines measurable commitments: detection time, mitigation time, notification requirements, uptime guarantees during attacks, and reporting obligations. It gives clients confidence and gives your team clear operational targets.
Key SLA Components
Detection time (MTTD)
How long from the start of an attack until your systems detect it. With per-second kernel monitoring, Flowtriq typically detects attacks in under 2 seconds. A reasonable SLA commitment: "DDoS attacks are detected within 5 seconds of onset."
Mitigation time (MTTM)
How long from detection until mitigation is active. Automated on-server firewall rules deploy in under 5 seconds. BGP FlowSpec propagation takes 10-30 seconds. Cloud scrubbing diversion can take 1-3 minutes. A reasonable commitment: "Automated mitigation deploys within 60 seconds of detection."
Notification time
When the client gets told their server is under attack. With automated notifications through the WHMCS module or webhook system, clients can be notified within seconds of detection. SLA commitment: "Affected clients are notified within 5 minutes of attack detection."
Incident reporting
What the client receives after an attack. The report should include: start/end timestamps, attack type and classification, peak traffic volume, mitigation actions taken, and outcome. Flowtriq generates these automatically. SLA commitment: "Post-incident reports are available within 1 hour of attack conclusion."
Uptime during attacks
This is the most aggressive commitment. With on-server mitigation and upstream escalation, many attacks can be mitigated without service interruption. SLA commitment: "99.9% service availability during detected DDoS events below [X] Gbps."
Realistic SLA Tiers
Tier MTTD MTTM Report Uptime ------------------------------------------------------ Basic <30s <5 min 24 hrs 99.0% Standard <5s <60s 1 hr 99.5% Premium <2s <30s Real-time 99.9%
Tier the SLA to match your pricing. Basic covers automated detection and alerting. Standard adds automated mitigation. Premium adds real-time incident dashboards and priority escalation.
Measuring SLA Compliance
Every SLA metric needs to be measurable. Flowtriq's incident logging provides the data:
- MTTD: Timestamp of first anomaly detection minus timestamp of traffic deviation start (calculated from baseline data)
- MTTM: Timestamp of first mitigation rule deployment minus detection timestamp
- Notification time: Timestamp of client notification minus detection timestamp
- Uptime: Service availability during the incident window, measured by external monitors
These metrics are logged per-incident. At the end of each month, you can generate a compliance report showing SLA performance across all incidents.
What to Exclude from the SLA
Be honest about what you cannot guarantee:
- Attacks exceeding your total upstream capacity: If your total bandwidth is 10 Gbps and the attack is 50 Gbps, on-server mitigation cannot help. Cloud scrubbing can, but the diversion time is not instant.
- Application-layer attacks that mimic real users: Sophisticated L7 attacks may not be immediately distinguishable from legitimate traffic spikes.
- Client-originated issues: If the client's application crashes under normal load, that is not a DDoS SLA violation.
Using the SLA as a Sales Tool
A published DDoS SLA differentiates you from competitors who just say "DDoS protected." Post the SLA on your website. Include it in contracts. Reference it on server listing sites. Prospects comparing hosting providers will notice which ones have concrete commitments and which ones have marketing language.
Pair the SLA with a verified DDoS protection badge on your order pages for maximum trust impact.
Build your SLA on Flowtriq. Sub-second detection, automated mitigation, and incident reporting give you the data to back up your promises. Start your free 14-day trial.