Nexusguard DDoS Protection Services (NDPS) Description and Terms

Last Updated: Nov 24, 2022

These Nexusguard DDoS Protection Services Description and Terms (“NDPS Description”) set forth the terms and conditions pursuant to which Nexusguard Pte. Ltd., on behalf of itself and its affiliates (“Licensor”) provides Nexusguard Cloud Services or Nexusguard On Premise Services to a customer (an “End User”) who has purchased Nexusguard DDoS Protection Services. This NDPS Description is an addendum to, and supplements the terms of, the agreement which governs the End User’s purchase and/or use of Licensor Products and/or Services (the “Agreement”). Together, the Agreement and this NDPS Description govern the End User’s use of, and each party’s obligations with respect to, the Nexusguard DDoS Protection Services. In the event of a conflict between this NDPS Description and the Agreement, this NDPS Description shall control with respect to Nexusguard Cloud Services and Nexusguard On Premise Services. Capitalized terms not otherwise defined in this NDPS Description shall have the meaning ascribed to them in the Agreement.

1. DEFINITIONS

The following definitions shall apply to the capitalized terms used herein.

1.1/24 Prefix” means a block of two hundred fifty-four (254) continuous IP addresses.

1.2 Always On Protection Service” shall mean the services described in Section 2.2.

1.3 Nexusguard Cloud Platform” means the integrated hardware and software combined to form the network controlled by Nexusguard in connection with the provision of the Nexusguard Cloud Services, excluding telecommunications services providing a connection between any Nexusguard servers used in the provision of the Nexusguard Cloud Services.

1.4 Nexusguard On Premise Platform” means the integrated hardware and software installed and controlled by Licensor or its hosting agent in connection with the provision of the Nexusguard On Premise Services to the End User’s Endpoint, excluding telecommunications services providing a connection between Nexusguard servers used in the provision of the Nexusguard On Premise Services.

1.5 Nexusguard Cloud Services” means the cloud-based services provided by Licensor and performed by its employees or agents which “cleans” or “scrubs” certain internet-based, malicious, attack traffic from a stream of internet-based traffic directed to the End User’s Endpoint and delivered by Licensor to the End User over the Internet and, where applicable, any supplemental services purchased by End User as described in this NDPS Description.

1.6 Nexusguard On Premise Services” shall mean the on-premise services provided by Licensor and performed by its employees or agents which “cleans” or “scrubs” certain internet-based, malicious, attack traffic from a stream of internet-based traffic directed to the End User’s Endpoint and delivered by Licensor to the End User over a direct connection and, where applicable, any supplemental services purchased by End User as described in this NDPS Description.

1.7 Attack” or “Attack Incident” shall mean an event in which malicious traffic (e.g. Distributed Denial of Service (“DDoS”)), is directed to an Endpoint which is on the Nexusguard Cloud Platform. The determination as to whether traffic is Attack traffic shall be determined solely by Licensor.

1.8 Attack Coverage” means the maximum DDoS Bandwidth that may be transmitted to the Nexusguard Cloud Platform or Nexusguard On Premise Platform on behalf of User.

1.9 AUP” shall mean the Acceptable Use Policy which is described in Section 5.8.

1.10 Auto-Mitigation” shall mean a mitigation action taken automatically by the Nexusguard Cloud Platform upon receiving a supported triggering action that has been agreed upon by both parties and using a pre-configured default mitigation template that has been setup for End User.

1.11 BGP-Based Services” shall mean services in which mitigation is performed by the redirection of End User traffic to the Nexusguard Cloud Platform or Nexusguard On Premise Platform via a Border Gateway Protocol (“BGP”) routing change.

1.12 Bandwidth” refers to the 95% percentile consumed information traffic capacity in a billing month (i.e. the consumed information capacity that is equal to or greater than the traffic during 95% of such billing month).

1.13 “Clean Traffic” or “Clear Traffic™” shall mean the 95th percentile peak Mbps of legitimate End User internet traffic going into or out of the Nexusguard Cloud Platform or Nexusguard On Premise Platform for an Endpoint, which is processed by the Nexusguard Cloud Service in accordance with the type of service purchased by End User.

1.14 Content” shall mean all data, software, and information that End User or its authorized users provides, authorizes access to, or is contained within the traffic provided to the Nexusguard DDoS Protection Services.

1.15 DDoS” or “DDoS Attack” shall mean a distributed denial-of-service attack under which a multitude of compromised systems attack a single target, thereby causing users of the targeted system to be deprived of the services of the targeted system.

1.16 DNS Based Services” shall mean services in which mitigation is performed by the redirection of End User traffic to the Nexusguard Cloud Platform by changing the Domain Name Service (“DNS”) record for End User hostname.

1.17 Emergency Setup” shall mean initial provisioning of End User DNS hostname information into the Nexusguard Cloud Platform within an expedited time frame as defined in Section 2.4 of the SLA.

1.18 Emergency Updates” shall mean changing End User DNS hostname information in the Nexusguard Cloud Platform within an expedited time frame as defined in Section 2.5 of the SLA.

1.19 Endpoint(s)”, as used herein, means that part of an End User’s infrastructure subject to protection by the Nexusguard DDoS Protection Services.

1.20 Flow Monitoring Service” shall mean the services described in Section 2.3.

1.21 Incident” means an event wherein End User has directed internet-based traffic for an Endpoint to the Nexusguard Cloud Platform and shall include both Attack Incidents and Non-Attack Incidents.

1.22 Location” means, for BGP-Based Services only, End User router Endpoint to terminate Generic Routing Encapsulation (“GRE”) tunnels connected to the Nexusguard Cloud Platform.

1.23 Mitigation Incident” or means either (a) the event commencing when either End User or Licensor performs a Protection Activation and ceases when End User contacts Licensor pursuant to then-current Licensor policies and directs Licensor to cease such announcement(s) or (b) an event where more than twenty-five (25) kilobits per second (“Kbps”) of End User traffic flows through the End User’s assigned DNS Redirection VIP address, GRE Tunnels or direct circuit on the Nexusguard Platform. For purposes of calculating the measurement period of a Mitigation Incident, (i) for On Demand Services, the Mitigation Incident shall be calculated for each twelve (12) hour period for which traffic is diverted, and (ii) for Always-On Protection Service, the Mitigation Incident shall be calculated for any consecutive 12 (12) hour period during the Mitigation.

1.24 Network Flow Telemetry” shall mean digital records that are created by network devices and transmitted to a data processor over the network, consisting of metadata-based characteristics that describe data traffic connections made over a monitored network. Such characteristics include but are not limited to source and destination IP addresses, IP protocol, source and destination ports, traffic volume, timestamp, and network interfaces utilized.

1.25 Non-Mitigation Incident” shall mean, for purposes of On Demand Services, a Mitigation Incident in which the End User has directed internet-based traffic for an Endpoint to the Nexusguard Cloud Platform and there has been no Attack traffic for a period of seventy-two (72) consecutive hours.

1.26 On Demand Services” shall mean the services described in Section 2.1.

1.27 Protection Activation” shall mean that the End User has taken actions to route their traffic to Nexusguard Cloud Platform or Nexusguard On Premise Platform because a DDoS Attack is taking place.

1.28 Provisioning Process” shall mean the Licensor’s then-current process for provisioning of an Endpoint, a change to configuration, or directing End User traffic to or away from the Nexusguard Cloud Platform.

1.29 Quotation” shall mean the document issued by Licensor under which Licensor offers for sale the Nexusguard DDoS Protection Services.

1.30 Requested Prefix” shall mean the /24 Prefix or such other subnet prefix agreed to by the Licensor in connection with the Nexusguard DDoS Protection Services being provided to End User.

1.31 Service Commencement Date” shall be the earlier of (i) five (5) days after the Nexusguard provisioning team has delivered the provisioning completion notice to the User and (ii) the date that User begins using NDPS.

1.32 Service Order Form” shall mean one or more order forms executed from time to time by Nexusguard and User that set forth the NDPS that User is purchasing from Nexusguard and that Nexusguard is providing to User, and the prices for such NDPS.

1.33 SLA” shall mean the Service Level Agreement attached as Exhibit A to the NDPS Description.

1.34 Special Unavailability” shall mean NDPS being unavailable due to: (i) problems with User’s endpoint; (ii) Force majeure events; (iii) unlawful or negligent acts by Users or its agents or its suppliers; (iv) problems with User’s domain name registrar; (v) network unavailability, including without limitation telecommunications problems, beyond Nexusguard’s control; (vi) User misuse; (vii) User’s TCP requests exceeding sixty four million (64,000,000) TCP packets per-second; (viii) traffic routed to NDPS exceeds 1,280 Gbps; (ix) planned maintenance as provided in the SLA section; (x) User’s breach of any terms of the Agreement; or (xi) third party action or inaction. Nexusguard shall determine in good faith the occurrence of any event of Special Unavailability.

1.35 Standard Setup” shall mean the initial provisioning of End User network up to 100/24 subnets and/or hostname information up to 10 DNS hostnames and/or up to 10 GRE destinations into the Nexusguard Cloud Platform within normal timeframes as defined in Section 2.2 of the SLA. Setup of direct connections into the Nexusguard Cloud infrastructure and BGP peering with Nexusguard Cloud are not included in Standard Setup.

1.36 Standard Updates” shall mean changing End User network up to 100/24 subnets and/or hostname information up to 10 DNS hostnames and/or up to 10 GRE destinations into the Nexusguard Cloud Platform within normal timeframes as defined in Section 2.3 of the SLA. Setup of direct connections into the Nexusguard Cloud infrastructure and BGP peering with Nexusguard Cloud are not included in Standard Setup.

1.37 Sustained Traffic Overage” shall mean the Clean Traffic Bandwidth over any 36 hours in a billing month is greater than the subscribed Clean Traffic Bandwidth stated in the Agreement.

1.38 VIP(s)” or “DNS Redirection VIP(s)” means, the Licensor assigned IP address on the Nexusguard Cloud Platform which terminates to only one (1) End User hosted IP address to send Clean Traffic and receive outbound internet traffic.

2. DESCRIPTION OF SERVICES

The following describes the types of Nexusguard DDoS Protection Services that Licensor makes generally available to its End Users. The terms in this NDPS Description shall apply only to the type of Nexusguard Cloud Service(s) actually purchased.

2.1 On Demand Services. The On-Demand Service is an on-demand service offering in which the End User can route traffic through the Nexusguard Cloud Platform on a per-Incident basis, subject to the terms of this NDPS Description, in order for their traffic to be filtered in mitigation in the course of an Attack or threat of an Attack.

2.2 Always On Protection Services. The Always-On Protection Services shall mean the service offering in which the End User can continually route their traffic through the Nexusguard Cloud Platform at all times, subject to the terms of this NDPS Description, independent of any Attack or threat of Attack.

2.3 Remote DDoS Monitoring Service shall mean the service offering in which Licensor shall provide flow-based monitoring services of End User’s network and routers.

2.4 Transformational Alliance Partner (“TAP”) program. End User shall use the Nexusguard DDoS Protection Services only for its own internal business operations; provided, however, if End User has purchased the Nexusguard DDoS Protection Services as part of TAP, then End User may use the Nexusguard DDoS Protection Services to provide services to End User’s customers who access the Nexusguard DDoS Protection Services using End User’s network. If the Nexusguard DDoS Protection Service is purchased as part of TAP, then the provisions of this Section 2.4 shall apply and: (i) End User’s customers must have entered into a formal contractual agreement with End User containing confidentiality provisions that incorporates terms at least as protective as those terms provided in the Agreement and that recognizes the intellectual property rights in the Nexusguard DDoS Protection Services belongs to Licensor, (ii) End User will make no representations, warranty or covenant (whether express or implied) regarding the Nexusguard Cloud Service, (iii) and all obligations of Licensor are direct only to the End User, and End User’s customers shall have no third party beneficiary rights with respect to this NDPS Description and the services provided hereunder.

2.5 Application Protection Service shall mean the DNS Based Service offering in which the Nexusguard Cloud Platform will perform DDoS Mitigation and other functions subsequently described in the Agreement via the Application Protection module by functioning as a reverse proxy that will act as an intermediary between an endpoint device such as a computer or a server, and a user or a client requesting a service from the End User. The Nexusguard Cloud Platform will transparently handle all requests from a user or client towards the End User’s Endpoint, and all responses from the End User’s Endpoint to the requesting user or client.

2.6 Origin Protection Service shall mean the BGP-Based Service offering in which the Nexusguard Cloud Platform will perform DDoS Mitigation via the Origin Protection module by functioning as a temporary Internet upstream transit provider for the End User for all incoming traffic from the Internet to the End User’s Network.

2.7 DNS Protection Service shall mean the DNS-Based service offering in which the Nexusguard Cloud Platform will perform DDoS Mitigation for End User’s Domain Name Systems via the DNS Protection module by i) hosting the End User’s Domain Zone as either the Primary or Secondary, or ii) functioning as a reverse proxy and acting as a intermediary between the End User’s Domain Name System, and the requesting user or client.

2.8 Clean Pipe Service shall mean the BGP-Based service offering in which the Nexusguard On Premise Platform will perform DDoS Mitigation on Internet upstream services provided by the End User to their customers.

2.9 Network Protection Service shall mean the BGP-Based service offering in which the Nexusguard On Premise Platform will perform DDoS Mitigation for the End User’s network.

2.10 Edge Protection Services shall mean the BGP-Based service offering in which the Nexusguard Cloud Platform will perform DDoS Mitigation for End User’s Nexusguard On-Premise Platform.

3. PROVISION AND USE OF NEXUSGUARD DDOS PROTECTION SERVICES

3.1 For BGP-Based Services. End User acknowledges that deployment on the Nexusguard Cloud Platform will not proceed while End User is experiencing a DDoS Attack. The provisioning of the service may require configuration which takes several days and that in such instance, any activation of Nexusguard DDoS Protection Services on an expedited basis shall require deployment on the DNS-based platform rather than the BGP-based platform as Licensor, in its reasonable discretion, determines is appropriate.

3.2 For DNS Based Services. End User acknowledges that the deployment on the Nexusguard Cloud Platform requires that the End User configure their Domain Name Service to direct traffic to the Nexusguard Cloud Platform for Nexusguard DDoS Protection Services to be effective. For the protection of encrypted web services, and for the SLA to apply, End User is required to upload valid certificates in order for the services to be able to function as intended as described in 4.5.

3.3 For Remote DDoS Monitoring Services. The Nexusguard DDoS Protection Service may be provisioned up to two (10) Routers for up to 1 Autonomous Systems (AS) Network and up to one hundred (100) /24 subnets. End User acknowledges that in order for Remote DDoS Monitoring Service to work, End User is responsible for configuring and ensuring that the End User’s Routers will send the necessary telemetry to Nexusguard Cloud Platform according to the guidelines provided by the Licensor.

3.4 Language. Where applicable, all obligations of each party, including without limitation, delivery of the Nexusguard DDoS Protection Services, interfaces, support obligations or requests, and notices shall be required to be performed in English, and all interaction, whether with End User or Licensor shall be conducted using English. End User shall ensure that, during the entirety of a Mitigation Incident, End User will have available a technical contact that speaks English for interaction with Licensor’s support team.

3.5 Trial Use. Licensor may make Nexusguard DDoS Protection Services available for End User’s use on a trial basis, to the extent set forth in the Quotation. Such Trial Services shall be subject to the terms of this NDPS Description; however, the Trial Services shall not be subject to any Credits described in the SLA.

4. MITIGATION USING NEXUSGUARD DDOS PROTECTION SERVICES.

4.1 Licensor shall calculate the End User’s total amount of used Clean Traffic in Mbps, at the ninety-fifth (95th) percentile during each Mitigation Incident to confirm End User is within its total contracted Clean Traffic amount. Clean Traffic shall be determined by periodically measuring End User’s Clean Traffic bandwidth utilization running through the Nexusguard Cloud Platform. At the end of a measurement period (Mitigation Incident), the utilization measurements are ordered from highest to lowest and the top five percent (5%) of the traffic measurements discarded. The next highest measurement for the inbound or outbound traffic is considered the ninety-fifth (95th) percentile Clean Traffic.

4.2 For On-Demand Service, in the event of a Mitigation Incident, any traffic which is directed to the Nexusguard Cloud Platform that is not for a pre-provisioned domain, protocol or port will be blocked.

4.3 For On-Demand Services, End User acknowledges that the Nexusguard DDoS Protection Service is an on demand service for use during Attack Incidents only and is not meant to be used as an always-on service during periods when an Attack is not occurring or when Licensor has not explicitly agreed to continue for another mitigation period. Any such use when an Attack is not occurring may incur additional fees in accordance with Section 8.1.

4.4 Attack traffic may be mitigated as far “upstream” as possible, including internet network provider access control lists (“ACLs”), Flowspec, black hole routing or other network-based blocking mechanisms.

4.5 The Nexusguard DDoS Protection Service includes Layer 4 rate limiting protection for HTTPS traffic provisioned on the Nexusguard Cloud Platform. The Nexusguard DDoS Protection Service does not open HTTPS packets for “inspection”, “cleaning” or “scrubbing” unless the End User has elected to utilize a packet inspection service, if offered, at the application Layer 7 level on a per domain, per SSL certificate basis. This packet inspection service requires End User to provide Licensor with valid SSL certificates to be loaded on to the Nexusguard Cloud Platform for the traffic that shall be subject to HTTPS packet inspection.

4.6 During any Attack Incident, Licensor will work with the End User, where required, to fine tune the Nexusguard DDoS Protection Services during a Mitigation Incident with a goal of achieving greater DDoS protection while minimizing traffic disruption.

5. END USER OBLIGATIONS

5.1 End User agrees that the successful and timely performance of the Nexusguard DDoS Protection Services requires End User’s good faith cooperation and participation, including following the guidelines set forth in Licensor’s service guide for the Nexusguard DDoS Protection Services. Accordingly, End User agrees to fully cooperate with Licensor including without limitation: (i) providing relevant information reasonably requested by Licensor on the Endpoints prior to the activation of the Nexusguard DDoS Protection Services pursuant to the Provisioning Process with respect to each Endpoint, and during the provision of Nexusguard DDoS Protection Services shall inform Licensor of any changes to such information, (ii) provide all other information reasonably requested by Licensor which Licensor determines is reasonably necessary in order to provide the Nexusguard DDoS Protection Services, and (iii) take such other actions that Licensor determines is reasonably necessary to enable Licensor to perform the Nexusguard DDoS Protection Services, including without limitation providing access to, and availability of, the Endpoints in order to allow the Licensor to perform the Nexusguard DDoS Protection Services. In addition, End User agrees to make the necessary configuration changes to its infrastructure to enable the performance of the Nexusguard Cloud Services. End User acknowledges that the Nexusguard DDoS Protection Services may be delayed or not completed if End User does not cooperate with Licensor, or if Licensor’s performance is otherwise delayed or prevented by End User, and Licensor shall not be held accountable for any such delays as a result of End User’s failure to take the foregoing actions.

5.2 For BGP-Based Services, End User must provide and utilize a BGP and GRE capable device(s) and properly configure such device(s).

5.3 For Flow Monitoring Services, End User must provide the types of Network Flow Telemetry that are specified in the service guide for the Nexusguard Cloud Service.

5.4 End User acknowledges that in order for Licensor to provide the Nexusguard DDoS Protection Services, End User’s internet traffic for the Endpoint must first be redirected to the Nexusguard Cloud Platform.

5.5 End User acknowledges that operation and performance of the Nexusguard DDoS Protection Services involves repeated filtering of traffic to the Endpoint and End User expressly consents to the same. End User hereby grants Licensor and its agents, for the Term, a non-exclusive, non-transferable, royalty-free license to access any part of the internet traffic flowing to the Endpoint and any application traffic contained therein for the purposes described in this NDPS Description.

5.6 End User shall be responsible for, or at its discretion assign rights to the Licensor to perform, the direction of all internet traffic for an Endpoint by following Licensor’s procedures then in effect under the Provisioning Process (which may include, by way of example, contacting Licensor’s support team and having Licensor announce or cease announcing the Requested Prefixes or changing DNS to DNS Redirection VIPs).

5.7 End User shall provide Licensor with written instructions on the End User’s escalation and authorization protocols for its emergency/incident response procedures for DDoS attacks. This information will be required to be provided to the Licensor during the Provisioning Process.

5.8 End User shall comply with the following Acceptable Use Policy for Nexusguard DDoS Protection Services (“AUP”), as may be updated pursuant to section 12. End User shall not use, or allow use of, the Nexusguard Cloud Service in violation of this AUP, including any of the following types of abuses (“Abuses”): (a) use of the Nexusguard DDoS Protection Service in an unlawful manner or for an unlawful purpose, (b) use of the Nexusguard DDoS Protection Service in a manner that, in Licensor’s reasonable discretion, directly or indirectly produces or threatens to produce a negative effect on the Nexusguard DDoS Protection Service network other than in a manner for which the Nexusguard DDoS Protection Service network was designed or that interferes with the use of the Nexusguard DDoS Protection Service network by other customers or authorized end users, including, without limitation, overloading servers or causing portions of the Nexusguard DDoS Protection Service network to be blocked, or (c) with respect to On Demand Service, excessive or prolonged use of the Nexusguard DDoS Protection Service while not actively mitigating a DDoS attack or incident.

5.9 Licensor may suspend an Endpoint or the Nexusguard DDoS Protection Services, as applicable, if, in Licensor’s reasonable determination, an Abuse occurs. Such suspension shall remain in effect until End User corrects the applicable Abuse. In the event that, in Licensor’s reasonable determination, an Abuse is critically impacting, or threatens to impact critically, the Nexusguard DDoS Protection Service network or servers, Licensor may suspend an Endpoint or the Nexusguard Cloud Service, as applicable, immediately and without prior notice. In the event that an Abuse is not critically impacting the Nexusguard DDoS Protection Service network or threatening to do so, Licensor shall give prior notice of any suspension. End User’s failure to correct any Abuse within thirty (30) days after receipt of notice will entitle Licensor to terminate Nexusguard DDoS Protection Services effective immediately upon Licensor’s delivery of the termination notice

5.10 Licensor may discontinue the Nexusguard DDoS Protection Service at any time upon thirty (30) days prior written notice provided that such right shall not be utilized by Licensor as a termination for convenience but shall only be used where such discontinuance would apply to all or substantially all of Licensor’s Nexusguard DDoS Protection Services customers and, provided that End User is not in default under the terms of the Agreement and this NDPS Description, Licensor shall provide a refund of the pre-paid fees for the period after the effective date of termination.

6. CONTENT AND DATA PROTECTION

6.1 Use of the Nexusguard DDoS Protection Service will not affect End User’s ownership or license rights in its Content. Licensor employees and contractors may access and use the Content solely for the purpose of providing and managing the Nexusguard DDoS Protection Service. Licensor will treat all Content as confidential by not disclosing Content except to Licensor employees and contractors and only to the extent necessary to deliver the Nexusguard DDoS Protection Service. Licensor may use End User Network Flow Telemetry in aggregate and/or anonymized form to compile statistics related to the performance, operation, and use of the Nexusguard DDoS Protection Service (“Service Statistics”), provided that the Service Statistics will not identify End User as the source of the Network Flow Telemetry. Licensor retains all intellectual property rights in the Service Statistics.

6.2 End User is responsible for obtaining all necessary rights and permissions to enable and grant such rights and permissions to Licensor employees and contractors, to use, provide, store, and otherwise process Content in connection with the Nexusguard DDoS Protection Service, and by providing such Content to Licensor all such action shall be deemed by Licensor to have been obtained without the necessity for Licensor to confirm such actions. This includes End User making necessary disclosures and obtaining consent, if required, before providing individuals’ information, including personal or other regulated data in such Content. End User is responsible to determine the suitability of the Nexusguard DDoS Protection Service with respect to applicable laws that End User is subject to related to End User’s business.

6.3 Licensor will return or remove Content from the Nexusguard DDoS Protection Service upon the expiration or termination of the Nexusguard DDoS Protection Service, or earlier upon End User’s request.

7. TERM AND TERMINATION

The Nexusguard DDoS Protection Service shall begin on Service Commencement Date, and shall continue in effect for the initial term set forth on the Quotation or Service Order (“Initial Term”). Upon expiration of the Initial Term, the Nexusguard DDoS Protection Service may be renewed upon Licensor’s receipt of a renewal purchase order for successive twelve (12) month periods or for the term set forth in the Quotation (“Renewal Term(s)”) (the Initial Term and any Renewal Terms, collectively the “Term”).

8. PAYMENTS AND FEES

8.1 Service fees for the Nexusguard DDoS Protection Services will be as set forth in Quotations (“Service Package Fee”). Licensor will have no obligation to perform the Nexusguard DDoS Protection Services until it receives a valid and acceptable purchase order or Service Order for such services. The Service Package Fee includes the amount of traffic contracted to be covered hereunder, together with other components purchased as indicated on the applicable Quotation. Additional options may be purchased for an additional fee which will be set forth in a separate Quotation issued by Licensor at the time such additional services are requested. For purchases of Nexusguard DDoS Protection Services made directly through Licensor, invoicing will be on an monthly recurring basis unless otherwise specified on the applicable Quotation. All payment obligations to Licensor are non cancelable and non-refundable unless otherwise specifically set forth herein, and the purchased Nexusguard DDoS Protection Services may not be downgraded during a then-current term of the Nexusguard DDoS Protection Services. Additional fees that may be charged based upon use of the Nexusguard DDoS Protection Services include the following:

8.1.1 Mitigation Incident Fees. The Mitigation Incident Fees shall mean the fee that applies to a Mitigation Incident above and beyond the Mitigation Incident that are included in the Service Package Fee. The Mitigation Incident Fee shall cover a period of consecutive hours or portion thereof unless specified in the order. Mitigation Incident longer in duration than specified in the order are subject to additional Mitigation Incident Fees for each period or any part thereof. The Mitigation Incident Fees are applicable only when purchasing Nexusguard DDoS Protection Service that include a limited number of mitigations and are indicated in the order.

8.1.2 Non-Mitigation Incident Fees. The Non-Mitigation Incident Fees are applicable only when purchasing Nexusguard DDoS Protection Services that include unlimited mitigations and shall be in the amount of one (1) month of Service Package Fee, unless otherwise specified in the Quotation. Use of the Nexusguard DDoS Protection Service when an Attack is not occurring and without prior authorization from Licensor for a period of any time up to seventy-two (72) consecutive hours is considered a Non-Mitigation Incident and may be assessed a Non-Mitigation Incident Fee at Licensor’s discretion.

8.1.3 Clean Traffic Overage Fees. The Clean Traffic Overage Fee shall mean a fee that Provider reserves the right to charge in the event that the amount of Clean Traffic sent by an End User to the Nexusguard Cloud Platform during any Mitigation Incidents or the Non-Mitigation Incident exceeds the amount of Clean Traffic contracted for the specific End User, and Provider and End User fail to reach a mutual agreement on remediation. Such fee will be determined using the 95th percentile peak Clean Traffic flowing through the Nexusguard Cloud Platform and will be calculated for each instance in which a Mitigation Incident or Non-Mitigation Incident exceeds the then-current list price for every 100Mbps or part thereof over the contracted rate.

8.1.4 All Service Packages include up to two (2) Standard Updates per month of service. Other services including additional Standard Updates, Emergency Setup requests or Emergency Update requests, must be purchased separately. Licensor shall not be obligated to commence with any additional services until it has received and accepted a purchase order for the additional services. Notwithstanding the foregoing, during emergency situations Licensor may agree to perform additional services immediately based on mutual agreement that a purchase order for such additional services will be provided within thirty (30) days following receipt of the applicable Quotation.

9. WARRANTIES

9.1 Licensor represents that the Nexusguard DDoS Protection Services will perform as described in the service level agreement attached hereto and incorporated herein as Exhibit A (“SLA”). EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION 9.1, LICENSOR MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE NEXUSGUARD DDOS PROTECTION SERVICES. FURTHER, LICENSOR EXERCISES NO CONTROL OVER, AND ACCEPTS NO RESPONSIBILITY FOR CONTENT OR INFORMATION CONTAINED IN THE TRAFFIC DIRECTED TO THE NEXUSGUARD DDOS PROTECTION SERVICES. END USER’S SOLE AND EXCLUSIVE REMEDY, AND LICENSOR’S SOLE AND EXCLUSIVE OBLIGATION, WITH RESPECT TO THE NEXUSGUARD DDOS PROTECTION SERVICES AND ANY BREACH OF THE FOREGOING REPRESENTATION IN THIS SECTION 9.1 WILL BE THE REMEDIES SET FORTH IN THE SLA. A breach of the representation in this Section 9.1 or the SLA shall not constitute a breach of the Agreement but shall give rights solely to the remedies and credits set forth in the SLA.

9.2 End User represents and warrants that: (a) End User has all right, title and interest or is the licensee with right to use and/or access all of the Endpoints, applications and/or Content provided to Licensor in order for Licensor to perform the Nexusguard DDoS Protection Services and all of the Content accessed at End User’s direction to perform the Nexusguard DDoS Protection Services; (b) if the End User utilizes a packet inspection service, that its provision of the SSL certificate for the HTTPS Packet Inspection service and Licensor’s use thereof for provision of the Nexusguard DDoS Protection Service does not violate any laws, security policies or regulations or infringe the proprietary or privacy rights of any third party; (c) End User shall not use the Nexusguard DDoS Protection Services for any unlawful purpose; and (d) End User shall comply with its obligations under this NDPS Description. End User further represents that no governmental agency has issued sanctions against End User or otherwise suspended, revoked or denied End User’s export privileges. End User will defend, indemnify and hold harmless Licensor for any third-party claims, including claims made by regulatory agencies arising out of End User’s use of the Nexusguard DDoS Protection Services based on the Content.

10. INDEMNITY

End User will defend at its own expense any action brought against Licensor, its directors, officers, or employees by a third party to the extent that the action is based on a claim, suit, or proceeding arising from or relating to (i) the breach of any representation or warranty set forth in Section 9.2 above; (ii) any third party claim that Licensor’s provision of the Nexusguard DDoS Protection Service to Endpoints designated by End User in connection with performing the Nexusguard DDoS Protection Services for End User is not authorized; (iii) Content, including without limitation, any claim involving alleged infringement or misappropriation of any patent, copyright, trademark, trade secret or other intellectual property right; or (iv) claims made by regulatory agencies arising out of End User’s use of the Nexusguard DDoS Protection Services based on the data contained within the Content. This Section 10 shall survive termination of the Nexusguard DDoS Protection Services and the Agreement.

11. EXPORT REGULATION

In addition to the export controls provisions contained in the Agreement, End User will not use the Nexusguard DDoS Protection Service to export or re-export any technical data or software in violation of applicable export laws. End User is solely responsible for compliance related to the manner in which End User chooses to use the Nexusguard DDoS Protection Service, including End User’s transfer and processing of Content and the region in which any of the foregoing occur. End User is solely responsible for ensuring that all users of End User’s account are not “Denied Parties” under applicable export laws.

12. CHANGES TO THIS NDPS DESCRIPTION

Licensor may make changes to this NDPS Description (including the AUP and/or the SLA) at any time by posting a revised version at https://www.nexusguard.com/en/nexusguard-ddos-protection-services-(ndps)-description-and-terms and any successor site designated by Licensor. Except with respect to changes in the AUP, such changes shall apply only to purchase orders placed for the applicable Nexusguard DDoS Protection Service after the aforementioned changes take effect. All changes to the AUP shall become effective immediately.

13. LIMITATION OF LIABILITY

EXCEPT FOR CUSTOMER’S INDEMNITY OBLIGATIONS HEREUNDER OR INFRINGEMENT OF LICENSOR’S INTELLECTUAL PROPERTY, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR SPECIAL, INDIRECT, CONSEQUENTIAL OR INCIDENTAL DAMAGES OR COSTS OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES, LOST PROFITS, LOST SAVINGS, LOSS OF INFORMATION OR DATA, OR BUSINESS INTERRUPTION, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
EXCEPT FOR CUSTOMER’S INDEMNITY OBLIGATIONS HEREUNDER, INFRINGEMENT OF LICENSOR’S INTELLECTUAL PROPERTY, OR OBLIGATION TO PAY HEREUNDER, IN NO EVENT WILL EITHER PARTY'S LIABILITY EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO LICENSOR FOR THE SERVICE THAT GAVE RISE TO SUCH CLAIM.

EXHIBIT A
TO
NEXUSGUARD DDOS PROTECTION SERVICES DESCRIPTION AND TERMS
SERVICE LEVEL AGREEMENT

This Service Level Agreement (“SLA”) for the Nexusguard DDoS Protection Service is attached to and made a part of these Nexusguard DDoS Protection Services Description and Terms (“NDPS Description”). In the event of a conflict between the terms of the Agreement or this NDPS Description and the terms of this SLA with respect to Nexusguard Cloud Service, the terms of this SLA shall control. Capitalized terms not otherwise defined in this SLA shall have the meaning ascribed to them in the NDPS Description. All sections referred to herein shall refer to sections in this SLA unless otherwise stated.

1. DEFINITIONS

1.1Credit” shall mean the credit issued for a Service Outage and shall be the pro-rated value of one (1) day of fees determined by dividing the monthly Service Package Fees payable to Licensor by the number of days in the calendar month in which the Service Outage occurs.

1.2Nexusguard Cloud Platform” shall mean the group of Nexusguard controlled servers, hardware and associated software that are responsible for delivering the Nexusguard Cloud Services.

1.3 Platform Outage” shall mean a period of total lack of availability of Nexusguard Cloud Platform of at least 5 consecutive minutes (c) Platform Availability Percentage and is calculated by subtracting the percentage of minutes during the month in which Nexusguard Cloud Platform was experiencing a Platform Outage.

1.4 Nexusguard On Premise Platform” means the integrated hardware and software installed and controlled by Licensor or its hosting agent in connection with the provision of the Nexusguard On Premise Services to the End User’s Endpoint, excluding telecommunications services providing a connection between Nexusguard servers used in the provision of the Nexusguard On Premise Services.

1.5 Services” shall mean Nexusguard DDoS Protection Services designated in the Service Order Form and more fully described in the written documentation provided to the End User.

1.6 Service Outage” shall mean a period in which the Services is detected to be totally unavailable for at least 5 minutes. Service Availability Percentage is calculated by subtracting the percentage of minutes during the month in which the End User was experiencing a Service Outage.

1.7 DDoS Attack” shall mean a 5 consecutive minutes or more surge in End User traffic of which at least 30% is detected and considered malicious by Nexusguard.

1.8 SLA Incident” shall mean any set of circumstances resulting in a failure to meet a commitment outside of scheduled and/or urgent maintenance window.

1.9 DDoS Mitigation” shall mean that Nexusguard mitigation filters were activated in order to end a DDoS Attack

1.10 Protection Activation” shall mean that the End User has taken actions to route their traffic to Nexusguard Cloud Platform or Nexusguard On Premise Platform because a DDoS Attack is taking place.

1.11 DDoS Attack Notification” shall mean an effort to notify End User via the End User portal when a DDoS Attack have been detected by Nexusguard.

1.12 Time to Mitigate” shall mean the time taken for DDoS Mitigation to take effect once traffic is successfully routed to Nexusguard Cloud Platform and Nexusguard On Premise Platform following a Protection Activation.

2. SERVICE LEVELS

2.1 Nexusguard Cloud Platform Availability: 99.999%

The Nexusguard Cloud Platform, for purposes of NDPS provided to End User, shall not be unavailable for more than twenty-six (26) consecutive seconds in any calendar month. For purposes of this Service Level, the term “available” means that the NDPS is available to the End User for use and is capable of receiving and routing network traffic via pre-provisioned GRE tunnels and/or DNS proxy only. Direct Connects are not part of the platform availability SLA.

2.2 Standard Setup: 48 Hours.

Standard Setup of Nexusguard DDoS Protection Services shall be performed within forty-eight (48) hours of the completion of the provisioning call and acceptance of configuration submission by Licensor.

2.3 Standard Changes: 48 Hours.

Standard Changes of DDoS Protection Services for shall be performed within forty-eight (48) hours of the completion of the provisioning call and acceptance of configuration submission by Licensor.

2.4 Emergency Setup: 4 Hours. (Only applies to DNS Based Services).

Emergency Setup of DDoS Protection Services shall be performed within four (4) hours of acceptance of configuration submission by Licensor.

2.5 Emergency Changes: 2 Hours.

Emergency Updates of Nexusguard DDoS Protection Services shall be performed within two (2) hours of acceptance of configuration submission by Licensor.

2.6 DNS Availability: 99.999% (Only applies to DNS Based Services)

The Nexusguard Domain Name System (DNS) for the purpose of delivering NDPS shall not be unavailable at any time. For the purposes of this Service Level, the term “available” means that the NXG DNS is able to respond to DNS queries set up to query more than 1 NXG DNS nameserver.

2.7 BGP Route Announcement: 3 Minutes (Only applies to BGP Based Nexusguard Cloud Services)

Licensor shall announce the End User BGP route to the Internet within three (3) minutes of all parties agreeing to initiate a mitigation and the End User completing any necessary routing changes on their End User premise equipment.

2.8 Auto-Mitigation Initiation: Sub 1 Minute. (Only applies to BGP Based Nexusguard Cloud Services)

Licensor shall announce the End User BGP route to the Internet within one (1) minute of receiving the BGP route announcement from End Users using a BGP route triggered mitigation, or within one (1) minute of detecting an attack using flow monitoring when setup for auto-mitigation.

2.9 Mitigation Effectiveness: 5 Minutes/15 Minutes.

Mitigation Effectiveness shall mean the cleaning of the traffic such that dirty/malicious traffic is dropped by the system. Licensor shall achieve Mitigation Effectiveness within: (i) five (5) minutes for Layer 3 and Layer 4 attacks from the time traffic is redirected to Nexusguard DDoS Protection Service and Licensor has detected malicious traffic; and (ii) fifteen (15) minutes for Layer 7 attacks from the time traffic is redirected to Nexusguard DDoS Protection Service and Licensor has detected malicious traffic. Each attack vector change shall restart timing of Mitigation Effectiveness.

2.10 DDoS Attack Notification: 15 Minutes

Licensor shall notify End User of a DDoS Attack no longer than fifteen (15) minutes in the event a DDoS attack has been detected. The notification may be sent automatically by the Platform, or via a member of the Nexusguard SOC.

2.11 Incident Time to Response: 10 Minutes

An Incident conference bridge shall be initiated with available Licensor staff within ten (10) minutes of Licensor receiving an End User’s incident request by phone or by Nexusguard ticketing system.

REMEDIES FOR SERVICE INCIDENTS

3.1 Licensor shall, in good faith, determine whether a Service Outage occurred based on Licensor's Records and data. In the event of a Service Outage, the following Credits will apply (as illustrated in Schedule 1 attached hereto – SLA Credit Calculation Chart):

3.1.1 Credit – SLA: Nexusguard Cloud Platform: 99.999% Availability.
For a Service Outage occurring with respect to the SLA provided in 2.1, if the Service Outage is greater than: twenty-six (26) seconds but less than or equal to five (5) minutes, one (1) Credit shall apply; greater than five (5) minutes but less than or equal to one (1) hour, five (5) Credits shall apply; greater than one (1) hour, ten (10) Credits shall apply. To make a claim under 2.1, End User must send to Licensor Customer Support proof that the platform was unavailable for mitigation.

3.1.2 Credit – SLA: Standard Setup and Standard Updates: 48 Hours.
For any Service Outage occurring with respect to the SLAs provided in 2.2 and 2.3, if the Service Outage is greater than one (1) day but less than or equal to seven (7) days, one (1) Credit per day of Service Outage shall apply; greater than seven (7) days, ten (10) Credits shall apply.

3.1.3 Credit – SLA: Emergency Setup and Emergency Updates: 4 Hours and 2 Hours.
For any Setup and Updates occurring with respect to the SLAs provided in 2.4 and 2.5, if the Setup or change is greater than four (4) hours and two (2) hours respectively, one (1) Credit per hour shall apply, up to a maximum of ten (10) Credits.

3.1.4 Credit – SLA: BGP Route Announcement: 5 Minutes.
For any Service Outage occurring with respect to the SLAs provided in 2.7, if the Service Outage for BGP Route Announcement is greater than five (5) minutes, but less than or equal to fifteen (15) minutes, one (1) Credit shall apply; greater than fifteen (15) minutes, but less than or equal to sixty (60) minutes, two (2) Credits shall apply; greater than sixty (60) minutes, but less than or equal to four (4) hours, five (5) Credits shall apply; greater than four (4) hours, ten (10) Credits shall apply.

3.1.5 Credit – SLA: Auto-Mitigation Initiation: Sub 1 Minute.
For any Service Outage occurring with respect to the SLAs provided in 2.8, if the Service Outage for Auto-Mitigation Initiation is greater than one (1) minute, but less than or equal to two (2) minutes, one (1) Credit shall apply; greater than two (2) minutes, but less than or equal to five (5) minutes, two (2) Credits shall apply; greater than five (5) minutes, but less than or equal to fifteen (15) minutes, five (5) Credits shall apply; greater than fifteen (15) minutes, ten (10) Credits shall apply.

3.1.6 Credit - SLA: DNS Availability: 99.999%
For a Service Outage occurring with respect to the SLA provided in 2.6, if the Service Outage is greater than: twenty-six (26) seconds but less than or equal to five (5) minutes, one (1) Credit shall apply; greater than five (5) minutes but less than or equal to one (1) hour, five (5) Credits shall apply; greater than one (1) hour, ten (10) Credits shall apply. To make a claim under 2.6, End User must send to Licensor Customer Support proof that the DNS was unable to respond to any DNS queries.

3.1.7 Credit – SLA: Mitigation Effectiveness: 5 Minutes/15 Minutes.
For any Service Outage occurring with respect to the SLAs provided in Sections 2.9:
if the Service Outage for Layer 3/4 is greater than five (5) minutes, but less than or equal to fifteen (15) minutes, one (1) Credit shall apply; greater than fifteen (15) minutes, but less than or equal to sixty (60) minutes, two (2) Credits shall apply; greater than sixty (60) minutes, but less than or equal to four (4) hours, five (5) Credits shall apply; greater than four (4) hours, ten (10) Credits shall apply.
if the Service Outage for Layer 7 is greater than fifteen (15) minutes, but less than or equal to thirty (30) minutes, one (1) Credit shall apply; greater than thirty (30) minutes, but less than or equal to sixty (60) minutes, two (2) Credits shall apply; greater than sixty (60) minutes, but less than or equal to four (4) hours, five (5) Credits shall apply; greater than four (4) hours, ten (10) Credits shall apply.

3.1.8 Credit - SLA: DDoS Attack Notification: 15 Minutes
For any Service Outage occurring with respect to the SLAs provided in 2.10, if the Service Outage for DDoS Attack Notification is greater than: fifteen (15) minutes, but less than or equal to thirty (30) minutes, one (1) Credit shall apply; greater than thirty (30) minutes, but less than or equal to sixty (60) minutes, two (2) Credits shall apply; greater than sixty (60) minutes, but less than or equal to four (4) hours, five (5) Credits shall apply; greater than four (4) hours, ten (10) Credits shall apply.

3.1.9 Credit - SLA: Incident Time to Response: 10 Minutes
For any Service Outage occurring with respect to the SLAs provided in 2.11, if the Service Outage for Incident Time to Response is greater than: ten (10) minutes, but less than or equal to thirty (30) minutes, one (1) Credit shall apply; greater than thirty (30) minutes, but less than or equal to sixty (60) minutes, two (2) Credits shall apply; greater than sixty (60) minutes, but less than or equal to four (4) hours, five (5) Credits shall apply; greater than four (4) hours, ten (10) Credits shall apply.

3.2 To make a claim under Sections 2.1, End User must submit a packet capture of the traffic to the affected Endpoint of at least an hour of duration; provided, however, if End User is unable to provide the required packet capture of the duration set forth in this sentence, then End User shall provide Licensor with reasonable evidence to enable Licensor to verify the claim.

3.3 In the event End User believes a Service Outage has occurred, End User will provide to Licensor all relevant details and documentation supporting End User’s claims of a Service Outage. Any claims for a Credit must be made by End User within seven (7) days after the alleged Service Outage and will be made to Licensor’s Customer Support organization in writing. Claims made more than seven (7) days after the event will not be eligible for any of the remedies described herein. Licensor will investigate the claim and will respond back to End User within ten (10) business days of receipt of the notification of a claim from End User, either (i) accepting End User’s Service Outage claim, or (ii) with all relevant details and documentation supporting a dispute of End User’s Service Outage claim, in which case the parties shall resolve any such dispute promptly in good faith. Notwithstanding anything to the contrary set forth herein, (i) End User may not accumulate more than fifteen (15) Credits in any calendar month, and (ii) End User will not be entitled to any Credits if End User is in breach of the NDPS Description at the time of the occurrence of the event giving rise to the Credit until End User has cured the breach. In addition, End User will not be entitled to a Credit if the event giving rise to the Credit would not have occurred but for End User’s breach of the NDPS Description or misuse of the Nexusguard Cloud Platform, Nexusguard On Premise Platform, Nexusguard Cloud Services, or the Nexusguard On Premise Services. Credits obtained by End User shall have no cash value but will apply against Service Package Fees in future invoices; provided, however, that if the Credits accrue in the last month of the Term and End User does not renew the Services and is not in default under the terms of the NDPS Description or the Agreement, Licensor shall provide such Credits to End User in the form of a check within thirty (30) days of the end of the Term. Licensor will reflect Credits on invoices issued one calendar month after the occurrence of the Service Outage. Credits shall only apply to Services provided pursuant to the Service Fee set forth in the Quotation and will not apply to any other Licensor Services or any other form of custom development services provided by Licensor. Credits that would be available but for any of the limitations set forth in this section will not be carried forward to future months. End User’s sole and exclusive remedy, and Licensor’s sole and exclusive liability, in the event Licensor fails to provide the Nexusguard DDoS Protection Services in accordance with the NDPS Description and this Service Level Agreement, shall be to receive a Credit in accordance with the terms of this Section 4.

LATENCY AND OPTIMIZATION

During an attack, and following one, you should expect increased latency across all affected IP addresses. Nexusguard may be able to assist you with minimizing latency resulting from an attack. but makes no guarantee that the Service will alleviate latency during an attack. No SLA or other credit is available due to latency experienced during an attack, even if the Service is active.

EXCEPTIONS

Credits are not eligible for End Users during trial, Proof-of-Concept or during provisioning phase.
This SLA and any Service Levels shall not apply to performance or availability issues classified as special unavailability or resulted from a breach of the obligations bound by End User’s acceptance of the service

< Back to the Terms of Sale page

SCHEDULE 1 TO SERVICE LEVEL AGREEMENT
FOR NEXUSGUARD DDOS PROTECTION SERVICES
SLA CREDIT CALCULATION CHART
Credit as described in Section 3.1.1
Service Outage for SLA provided in Section 2.1 (Nexusguard Cloud Platform)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
26 seconds
5 minutes
1 Credit
5 minutes
1 hours
10 Credits
1 hour

10 Credits
Credit as described in Section 3.1.2
Service Outage for SLA provided in Section 2.2 (Standard Setup) and 2.3 (Standard Updates)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
1 day
7 days
1 Credit per day of Service Outage
7 days
10 Credits
Credit as described in Section 3.1.3
Service Outage for SLA provided in Section 2.4 (Emergency Setup) and 2.5 (Emergency Updates)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
1 hour
5 minutes
1 Credit per hour of Service Outage,  up to a maximum of 10 Credits
Credit as described in Section 3.1.4
Service Outage for SLA provided in Section 2.7 (BGP Route Announcement)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
5 minutes
15 minutes
1 Credits
15 minutes
60 minutes
2 Credits
60 minutes
4 hours
5 Credits
4 hours

10 Credits
Credit as described in Section 3.1.5
Service Outage for SLA provided in Section 2.8 (Auto-Mitigation Initiation)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
1 minute
2 minutes
1 Credit
2_ minutes
5 minutes
2 Credits
5_ minutes
15 minutes
5 Credits
15 minutes
10 Credits
Credit as described in Section 3.1.6
Service Outage for SLA provided in Section 2.6 (DNS Availability)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
26 seconds
5 minutes
1 Credit
5 minutes
1 hour
5 Credits
1 hour
10 Credits
Credit as described in Section 3.1.7.1
Service Outage for SLA provided in Section 2.9 for Layer 3 & 4 attacks (Mitigation Effectiveness)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
5 minute
15 minutes
1 Credit
15 minutes
60 minutes
2 Credits
60 minutes
4 hours
5 Credits
4 hours
10 Credits
Credit as described in Section 3.1.7.2
Service Outage for SLA provided in Section 2.9 for Layer 7 attacks (Mitigation Effectiveness)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
15 minute
30 minutes
1 Credit
30 minutes
60 minutes
2 Credits
60 minutes
4 hours
5 Credits
4 hours
10 Credits
Credit as described in Section 3.1.8
Service Outage for SLA provided in Section 2.10 (DDoS Attack Notification)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
15 minute
30 minutes
1 Credit
30 minutes
60 minutes
2 Credits
60 minutes
4 hours
5 Credits
4 hours
10 Credits
Credit as described in Section 3.1.8
Service Outage for SLA provided in Section 2.10 (DDoS Attack Notification)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
15 minute
30 minutes
1 Credit
30 minutes
60 minutes
2 Credits
60 minutes
4 hours
5 Credits
4 hours
10 Credits
Credit as described in Section 3.1.9
Service Outage for SLA provided in Section 2.11 (Incident Time to Response)
Service Outage Greater Than
Service Outage Less than or  Equal to
Amount of Credit
10 minute
30 minutes
1 Credit
30 minutes
60 minutes
2 Credits
60 minutes
4 hours
5 Credits
4 hours
10 Credits