Nokia has introduced Deepfield Genome Shield, a new automated DDoS protection platform that the company claims is the first industry solution of its kind designed specifically for the AI era. The system targets telecom operators, hosting providers, internet exchanges, and cloud infrastructure owners who require continuous protection against rapidly evolving network threats.
Nokia says the nature of DDoS attacks has changed significantly over the past year. Whereas traffic previously came mostly from external sources, infected user devices within operator networks are now becoming the primary origin. The company estimates that such botnets globally involve around 200 million devices, which can be used without the owners' knowledge to remotely launch mass attacks.
Nokia believes the combined attack power of such botnets can already reach 250 to 600 Tbps. These new attacks originate from real user devices, generate multi-terabit traffic spikes in seconds or minutes, and rapidly change IP addresses across thousands of nodes. As a result, the traditional model of traffic scrubbing centers and post-attack reaction is increasingly inadequate, especially when an attack lasts less than a minute.
Deepfield Genome Shield is built on the Deepfield Defender platform but changes the approach to protection: instead of reacting after an incident, the system is designed to work proactively. It combines continuously updated threat intelligence from multiple sources, including the Secure Genome database with data on over 5 billion internet devices, telemetry from the Global Deepfield Threat Alliance, and results of malware and C2 server analysis in the Deepfield cyber range. This data is automatically turned into DDoS protection policies applied across the entire network.
Nokia highlights the ability to block botnet command-and-control channels even before an attack is launched as a key feature. The platform also supports active traffic throttling to suppress amplified and volumetric attacks, user-defined policies via an open API, and monitoring dashboards that track infected devices, botnet nodes, and emerging threat trends. The system relies on six categories of updated intelligence: Cloud Genome, Secure Genome, GDTA, DeepRange, community data, and commercial sources.
One of the first customers of Genome Shield is Reddot. Reddot's network infrastructure director Charlie Attum stated that after implementing Nokia Deepfield Genome Shield, the company moved from manual and reactive processes to a unified proactive security platform. According to him, blocking C2 communications at the network edge before an attack helps maintain high availability and clean traffic for clients. Nokia plans to release within 2026.