Service providers & ISPs
Protect your network. Then make that protection a service.
Service providers sit at the center of the attack surface. You absorb volumetric floods on behalf of your customers, and your customers increasingly expect DDoS protection to be part of what they pay for. RioRey is built for exactly this operating model.
The challenges you face
Network risk
One attacked customer affects everyone on the segment
Without mitigation at the edge, a large volumetric attack against a single customer saturates shared uplinks and degrades service for every other customer you carry.
Operational reality
Manual mitigation does not scale
Writing ACL rules and managing traffic steering by hand during an attack consumes your engineering team and still produces inconsistent outcomes. It is not a viable strategy at ISP scale.
The opportunity
Your customers are asking for DDoS protection
Most cannot run their own mitigation infrastructure. You are already positioned to deliver it. The question is whether your current setup lets you offer it without adding significant overhead.
How RioRey fits your operation
01
Deploy once. Protect everything on the segment.
RioRey appliances or virtual instances sit in-line or off-ramp at the network edge. The same filtering that protects your infrastructure protects your customers. No per-customer deployment is required to get started.
02
Automatic detection and mitigation across all 25 attack classes.
RIOS analytics run continuously at line rate, covering Layer 3 through Layer 7. Your engineers are not pulled in to respond at 2am. Protection is consistent whether anyone is watching or not, because it does not depend on someone being there to activate it.
03
Segment your customers in rWeb and build a service around it.
rWeb's multi-tenant architecture lets you create separate zones for each customer with independent visibility and reporting. Give customers a portal showing their own traffic, their own attacks, and their own uptime history. That visibility is a service you can charge for, not just operational overhead.
04
Use rCloud for attacks that exceed your edge capacity.
You do not need to own every gigabit of scrubbing capacity you might ever need. Size your on-premise filtering for what you regularly face. When a large volumetric attack exceeds that capacity, rCloud absorbs the overflow before it hits your network. The same rWeb visibility applies to cloud-scrubbed traffic. No black box, no loss of control.
Recommended deployment paths
Most common for ISPs
Hybrid: on-premise with rCloud overflow
On-premise RIOS filtering handles day-to-day attacks automatically. rCloud scrubbing activates for volumetric floods that would otherwise exceed your uplink capacity. One vendor, one management interface, no visibility gaps between layers.
Hardware or VM: RE100, RS40, rVM series
Cloud overflow: rCloud
Traffic steering: RioRey Director
Cloud overflow: rCloud
Traffic steering: RioRey Director
In-line or off-ramp appliance
For providers where uplink capacity is not a limiting factor. Simpler architecture with full protection on-premise. Scale filtering capacity by running parallel RIOS instances as your network grows. There is no single-device ceiling.
Hardware: RE100, RS40, RE10, RE-4000
VM: rVM-100 through rVM-1
VM: rVM-100 through rVM-1
Private off-ramp scrubbing center
For providers who want to operate their own scrubbing infrastructure and offer it to customers as a managed service. RioRey Director handles BGP and netflow detection and traffic steering automatically.
Hardware: RE100
Control: RioRey Director
Management: rWeb with customer portal
Control: RioRey Director
Management: rWeb with customer portal
Why the detection approach matters at ISP scale
You cannot staff a response team for every customer attack.
Signature-based systems require someone to update rules when new attack tools emerge. Anomaly-based systems require stable traffic baselines, which are impossible when your customer mix changes constantly as customers join and leave. RioRey's analytics target the underlying methodology of each attack. That methodology does not change when an attacker renames a tool or rotates a botnet. The same detection logic that blocks a SYN flood variant today will block the next variation without any update or human intervention. That consistency is what makes automated, unattended protection viable at ISP scale.
Unified visibility across on-premise and cloud
On-premise devices
rCloud scrubbing
Real-time traffic view
Live per-zone dashboard
Live per-zone dashboard
Attack detail
Full attack breakdown
Full attack breakdown
Historical reporting
Complete history
Complete history
Per-customer segmentation
Multi-tenant zones
Multi-tenant zones
Customer-facing portal
Included in rWeb
Included in rWeb
Mitigation controls
Direct, real-time
Direct, real-time
API access
Full REST API
Full REST API
Ready to talk through your network?
We will walk through your topology and recommend a specific deployment path.