Nokia launches Deepfield Genome Shield for proactive DDoS protection

Nokia has launched Deepfield Genome Shield, a security automation system designed to deliver proactive, network-wide DDoS protection for telecommunications providers, hosting companies, internet exchange points, and cloud builders. The Espoo-based vendor says the product is a direct response to a fundamental shift in the DDoS threat landscape over the past year, driven by the rise of residential proxy botnets that the company estimates now encompass approximately 200 million compromised devices and can collectively generate between 250 and 600 terabits per second of attack traffic.

Unlike traditional scrubber-based approaches, which divert and clean traffic after an attack is detected, Genome Shield is positioned by Nokia as a proactive enforcement layer that acts before attacks reach their targets. The system aggregates threat intelligence from Nokia's Deepfield Secure Genome — which the company says covers more than five billion internet endpoints — alongside telemetry from its Global DDoS Threat Alliance (GDTA) and a dedicated cyber range where live malware and botnet command-and-control (C2) infrastructure generate real-time insights. All of this is compiled into automated DDoS policies enforced across the network.

How the product works

Genome Shield extends Nokia's existing Deepfield Defender platform across four functional areas: Botnet C2 Disruption, which blocks command-and-control communications before attacks can be launched; DDoS Policers, which apply proactive rate-limiting against amplification and volumetric traffic; Custom Policies, enabling user-defined rules via open APIs; and an Observability layer providing dashboards covering compromised devices and emerging threat trends.

The product is compatible with both router-based edge mitigation and Nokia's own 7750 Defender Mitigation System, and supports on-premises, cloud (SaaS), and hybrid deployment models with pay-as-you-grow licensing. Red Dot Technologies — referred to in Nokia's release as "Reddot" — is named as among the first operators to deploy it.

"By implementing Nokia Deepfield Genome Shield, we have transitioned from reactive, manual workflows to a proactive, unified security platform," said Charlie Attoum, Network Infrastructure Director at Reddot. "Disrupting botnet command-and-control at the network edge, before attacks hit, ensures maximum uptime and clean traffic."

Jeff Smith, Nokia Deepfield's Vice-President and General Manager, described residential proxy botnets as having "invalidated 25 years of assumptions about how attacks work", citing the challenge of maintaining dynamic, large-scale IP threat feeds and enforcing protection against them continuously at network speed.

Market context

The DDoS mitigation market has become crowded, with established players including Cloudflare, Akamai, Radware, and Arbor Networks (now part of NETSCOUT) competing across carrier, enterprise, and cloud segments. Nokia's angle — deep integration with router and transport infrastructure already deployed in operator networks — differentiates Genome Shield from pure overlay or scrubbing-centre approaches, though the durability of that advantage depends on how quickly cloud-native competitors can match telemetry depth at similar scale.

The threat landscape Nokia describes aligns with broader industry observations. Sub-minute, high-volume bursts from distributed residential sources are increasingly difficult for threshold-based detection to catch in time, and botnets such as those Nokia names — including Kimwolf — represent the industrialisation of this attack vector. The company's claim that AI-assisted code generation is accelerating evasion-technique development adds a further layer of urgency that regulators and standards bodies are beginning to acknowledge: the EU's NIS2 Directive, which came into force across member states in October 2024, places explicit obligations on essential-service operators and internet infrastructure providers to maintain incident-response and threat-intelligence capabilities commensurate with the evolving threat environment.

Nokia says initial Genome Shield capabilities are already live within Deepfield Defender deployments, with additional features rolling out across the remainder of 2026. The company is targeting a customer base it describes as more than 1,000 hosting companies, service providers, and internet exchange points.