Nokia Launches Deepfield Genome Shield to Counter New AI-Driven DDoS Attacks
On Tuesday, Nokia announced the launch of Deepfield Genome Shield, a security automation platform designed to provide continuous and proactive protection against distributed denial of service (DDoS) attacks for telecommunications providers, hosting services, and cloud operators. This solution is part of the transformation in network security threats brought about by the emergence of botnets using residential proxy servers.
A Fundamental Shift in the DDoS Threat Landscape
The release highlights a strategic shift in the nature of DDoS attacks over the past twelve months. Attacks now originate from real subscriber devices, generate multi-terabit peaks within seconds to minutes, and rotate IP addresses across thousands of nodes. Botnets using residential proxy servers (estimated between 250 and 600 terabits per second) dynamically exploit millions of residential users, who are unaware that their connections are being used to generate evasive attacks impacting many national networks. AI-driven DDoS has industrialized the supply chain of residential proxy servers, while AI-assisted code generation accelerates the evolution of evasion techniques.
From Reactive Mitigation to Proactive Automation
Genome Shield replaces traditional approaches based on diversion and reactive mitigation, which Nokia deems insufficient for attacks lasting less than a minute. The platform aggregates continuously updated threat information from multiple sources, including Nokia's Secure Genome (covering over five billion internet addresses), GDTA telemetry data, and its cyber range where malware and command and control (C2) servers of active botnets generate real-time intelligence. This intelligence is compiled in Deepfield Defender as automated DDoS policies and applied as a security shield at the network level.
Four Pillars and Flexible Deployment Models
Genome Shield is structured around four axes: disruption of botnet command and control (C2) servers (blocking communications to prevent attack launches), DDoS policers (traffic suppression through proactive bandwidth limitation), customized policies (user-defined rules via open APIs), and observability (dashboards for compromised devices and emerging trends). The solution is compatible with router-level mitigation and with the Nokia 7750 Defender Mitigation System for dedicated L4-L7 cleaning. It supports on-premise, cloud-based (SaaS), and hybrid deployments with progressively scalable licensing. Initial capabilities of Genome Shield have already been introduced in Deepfield Defender and are currently being used by clients. Additional features will be rolled out through 2026.
