Nokia has announced Deepfield Genome Shield, a security automation system designed to provide proactive DDoS protection at network scale during a time when distributed denial-of-service attacks are evolving in nature. The company positions this launch within its connectivity strategy for the AI era, where operators’ networks, cloud providers, hosting companies, and internet exchange points support increasingly critical traffic and face more challenging attacks to defend against using traditional methods.
Nokia’s premise is clear: the classic model of redirecting traffic to cleansing centers and reacting once an attack is underway is becoming inadequate. Modern attacks can last mere seconds or minutes, reach bursts of several terabits, and rotate IP addresses among thousands of nodes. In such scenarios, manual or reactive mitigation defenses may come too late.
Residential botnets change the DDoS landscape
The most concerning factor for Nokia is the rise of proxy-based residential botnets. According to the company, these networks could reach an estimated capacity of between 250 and 600 Tbps and exploit consumer connections that, in many cases, are unaware their devices or access points are being used to launch evasive attacks against national networks, operators, and digital services.
This type of threat complicates defense significantly. For years, many DDoS attacks originated from more identifiable infrastructures, compromised servers, or sources that could be blocked relatively quickly. Residential proxies blur that line. Malicious traffic can appear more legitimate because it emanates from real user connections distributed across multiple countries, providers, and access networks.
Nokia also highlights another shift: AI-driven automation. The assisted generation of code and the industrialization of botnet chains like Kimwolf are accelerating evasion techniques. Attackers now have not only greater raw capacity but also better tools to vary patterns, rotate infrastructure, and narrow the window for effective defense.
| Modern DDoS Changes | Defense Impact |
|---|---|
| Attacks lasting seconds or minutes | Reactive mitigation may activate too late |
| Multi-terabit bursts | Require distributed defense and high network capacity |
| Rapid IP rotation | Challenging for static lists and manual blocks |
| Residential proxies | Malicious traffic appears to come from real users |
| Compromised subscriber devices | Operators must manage both inbound and outbound threats |
| AI-assisted techniques | Increase attackers’ speed of adaptation |
| Need for clean telemetry | Operator AI and machine learning systems rely on reliable data |
Continuous protection across the network
Deepfield Genome Shield is presented as a continuously active, always-updated protection solution applied at network scale. It combines multiple intelligence sources, including Secure Genome’s visibility over more than 5 billion internet endpoints, with Deepfield Defender’s capabilities to compile and automatically enforce policies across the entire network.
The goal is not only to detect an attack when it already saturates a link but also to maintain large, dynamic threat feeds, update them continuously, and enforce real-time protection. This is particularly critical for operators and service providers because DDoS is no longer just an ingress problem; outgoing threats from compromised subscriber devices participating in attacks against third parties must also be controlled.
Reddot Technologies is one of the first operators to deploy Genome Shield. According to Nokia, the company uses it to safeguard its infrastructure from incoming attacks while managing threats originating from compromised devices within its own network. This dual approach is essential: a modern operator must prevent DDoS from affecting their clients and also stop their network from being exploited for attacks elsewhere.
The solution aims to cut or disrupt botnet command and control at the network edge before the attack fully impacts targets. Operationally, this means bringing defense closer to where it can be applied with lower latency and better insight into the traffic.
From reactive scrubbing to carrier-grade automation
For a long time, much of DDoS defense relied on detecting an attack, redirecting traffic to a cleaning center, filtering malicious content, and returning clean traffic. While still useful in many scenarios, this approach can fall short when attacks change form in seconds, last less than a manual intervention, or leverage thousands of residential sources.
Nokia envisions Genome Shield as an evolution toward carrier-grade automation—a defense designed for operators that need to act continuously, at scale, and with minimal errors. In national networks, large hosting providers, or internet exchanges, protecting an isolated service is not enough. Ensuring availability for multiple clients with varied traffic profiles and rapidly changing threats is essential.
The company emphasizes the importance of delivering clean security telemetry. Often overlooked, this is critical in the AI era: if an operator’s AI and machine learning systems are fed incomplete, noisy, or maliciously contaminated data, their decisions can worsen. Network protection not only blocks attacks but also enhances the quality of data used for automation and analysis.
| Deepfield Genome Shield Elements | Function |
| Dynamic threat intelligence | Maintain updated IP feeds against botnets and residential proxies |
| Secure Genome | Provides visibility over more than 5 billion endpoints |
| Deepfield Defender | Automatically compiles and enforces policies throughout the network |
| Always-on protection | Reduces reliance on manual response after attack detection |
| Edge defense | Enables proactive action before critical services are impacted |
| Clean telemetry | Enhances analysis, automation, and operator AI systems |
| Inbound and outbound threat coverage | Protects services and prevents misuse of compromised devices |
Why it matters for operators, hosting providers, and IXPs
Nokia addresses over 1,000 hosting companies, internet service providers, and internet exchange points that, according to the company, face this new generation of attacks. These organizations are particularly exposed because they handle traffic from many clients, services, and networks. An attack on part of their infrastructure can cascade into effects on applications, websites, SaaS platforms, cloud services, and end users.
The rise of AI intensifies pressure in two ways. First, attackers can leverage automation to generate code, test evasion techniques, and diversify campaigns. Second, networks supporting AI services require greater availability, bandwidth, and resilience. An AI data center, cloud platform, or operator connecting critical services cannot afford frequent DDoS disruptions.
DDoS defense, once considered a specialized crisis-only layer in many organizations, is increasingly becoming a core part of daily network operations. Availability relies not just on overprovisioned capacity but on understanding what traffic is legitimate, which sources are compromised, and how to respond before an incident occurs.
For Nokia, Deepfield Genome Shield represents its first security suite specifically tailored for the AI era. This label reflects a market trend: network security is being redesigned under the assumption that attacks will become more automated, faster, and more dispersed.
The challenge will be execution. Proactive protection solutions must be fast yet precise. Overly aggressive blocks risk impacting legitimate users; excessive caution may allow malicious traffic to pass. In operator networks, the difference can affect thousands or millions of customers.
Nokia’s launch signals a stage where DDoS defense is judged not just by maximum capacity but by intelligence, automation, continuous updates, and network-wide responsiveness. As attacks become more industrialized, so too must the defense.
Frequently Asked Questions
What is Nokia Deepfield Genome Shield?
It is Nokia’s security automation system designed to provide proactive, continuous, network-scale DDoS protection against fast and distributed threats.
How have DDoS attacks evolved?
Nokia points out that many now utilize residential proxies, rotate IPs rapidly, last seconds or minutes, and can reach bursts of multiple terabits, making traditional reactive defense more difficult.
What role does AI play in these threats?
AI can accelerate code generation, evasive technique adaptation, and campaign automation. It also increases the need for resilient networks supporting critical digital services.
Who is this solution aimed at?
Primarily operators, internet service providers, hosting companies, internet exchange points, and organizations needing distributed network-scale DDoS protection.
via: nokia