Nokia has announced the launch of Nokia Deepfield Genome Shield, the industry’s first security automation system that delivers proactive, always-on DDoS protection for telecommunications providers, hosting companies, internet exchange points, and cloud builders in the AI era. Genome Shield addresses the fundamental shift in DDoS threats driven by the emergence of residential proxy botnets, which now comprise approximately 200 million compromised devices worldwide.
The DDoS threat landscape has shifted over the past 12 months. Attacks now come from real subscriber devices, deliver multi-terabit bursts that last seconds to minutes, and rapidly rotate IPs across thousands of nodes. Residential proxy botnets — estimated at 250–600 Tbps - are used to dynamically leverage large numbers of residential users who are unaware their connections are used to generate evasive attacks impacting many national networks. Traditional scrubber-based diversion and reactive mitigation can’t respond quickly enough to these sub-minute attacks. Automated, AI-driven DDoS has industrialized the residential proxy supply chain used by botnets like Kimwolf, while AI-assisted code generation is accelerating the evolution of evasion techniques.
Nokia Deepfield Genome Shield introduces a new class of proactive, network-wide security automation that extends Deepfield Defender to address previously unaddressable use cases. The solution has been shaped through close engagement with customers and the wider security community as part of ongoing efforts to combat DDoS and botnet-driven threats. It shifts protection from reactive mitigation to proactive enforcement leveraging existing network infrastructure. Genome Shield aggregates continuously updated threat intelligence from multiple sources, including Nokia Deepfield Secure Genome® (spanning over five billion internet endpoints), GDTA telemetry, and Deepfield’s cyber range, where live malware and botnet command-and-control (C2s) generate real-time insights. All of this intelligence is compiled in Deepfield Defender into automated DDoS policies and enforced as a security shield across the network.
“Protecting our infrastructure from inbound DDoS attacks while managing compromised subscriber devices requires carrier-grade automation. By implementing Nokia Deepfield Genome Shield, we have transitioned from reactive, manual workflows to a proactive, unified security platform. Disrupting botnet command-and-control at the network edge, before attacks hit, ensures maximum uptime and clean traffic. This deployment guarantees that when clients connect to Reddot, they are choosing a network engineered for absolute security and peace of mind,” said Charlie Attoum, Network Infrastructure Director at Reddot.
“The past year has fundamentally changed DDoS security. Residential proxy botnets have invalidated 25 years of assumptions about how attacks work and how to defend against them. The hard problem today is maintaining dynamic, massive IP threat feeds and enforcing protection against them in real time, at network scale, continuously and automatically. Genome Shield is the industry's answer to that challenge. It combines several intelligence sources, including our unique cyber range and Secure Genome's visibility into more than five billion internet endpoints, with automated policy compilation and enforcement across the entire network. For the more than 1,000 hosting companies, service providers, and internet exchange points that face this new generation of threats, Genome Shield delivers the commercial, scalable answer,” said Jeff Smith, Vice-President and General Manager of Nokia Deepfield.
Genome Shield extends Deepfield Defender's existing DDoS countermeasure portfolio with network-wide automated enforcement, organized across four pillars: Botnet C2 Disruption, which blocks command-and-control communications so attacks cannot be launched; DDoS Policers, which suppress amplification and volumetric traffic through proactive rate limiting; Custom Policies, enabling user-defined rules via open APIs for easy integration; and Observability, providing dashboards for compromised devices, botnet endpoints, and emerging security trends.
Genome Shield requires Nokia Deepfield Defender and is compatible with both router-based edge mitigation and with the Nokia 7750 Defender Mitigation System (DMS) for dedicated L4-L7 DDoS scrubbing. It supports on-premises, cloud-based (SaaS), and hybrid deployment models with flexible pay-as-you-grow licensing.
Initial capabilities of Genome Shield have already been introduced within Nokia Deepfield Defender and are in use by customers today. Additional features will be rolled out throughout 2026.
Source: Nokia Press Release
