Hetzner strengthens DDoS protection across European data centers with Nokia Deepfield Defender

Objective

Headquartered in Gunzenhausen, Germany, Hetzner is one of Europe's largest data center operators, with hundreds of thousands of servers in service across owned facilities in Nuremberg and Falkenstein in Germany, Helsinki in Finland, and additional locations in the United States. Since its founding in 1997, the company has built its reputation on combining innovative technology, attractive pricing, and reliable IT infrastructure for private and business customers across Germany, Europe, and beyond.

As artificial intelligence workloads drive unprecedented demand for data center capacity, robust network security has become essential infrastructure for the AI era. Hetzner needed a way to protect GPU servers, high-performance computing clusters, and cloud resources powering AI applications across Europe — without sending traffic outside its own network and without sacrificing the data sovereignty its customers expect.

Cyber attacks were also growing more sophisticated, outpacing the static thresholds and manually-tuned baselines of legacy DDoS tools.

In-network mitigation was a hard requirement. Performing DDoS protection inside Hetzner's own infrastructure — rather than redirecting traffic to external scrubbing centers — preserves data sovereignty, supports compliance with European data protection requirements, and aligns with Hetzner's ISO 27001 certification.

After extensive testing, Hetzner selected Nokia Deepfield Defender to strengthen DDoS protection across its entire European data center infrastructure. Deepfield Defender's AI-driven detection and zero-touch automation eliminate the manual baseline configuration and threshold tuning that legacy DDoS solutions require, allowing the system to continuously adapt to evolving network conditions and new attack vectors without operator intervention.

Deepfield Defender correlates real-time network telemetry — including IPFIX IE315 uncached traffic samples for the fastest standards-based detection — with Nokia Deepfield Secure Genome threat intelligence feed, which tracks the security context of more than five billion IP addresses worldwide. The deployment implements edge-based mitigation on Hetzner's existing Juniper routers via standard protocols such as BGP Flowspec and NetConf, filtering the majority of attack traffic before it enters the network. For complex application-layer attacks, traffic is redirected to Nokia 7750 Defender Mitigation System for industry-leading scrubbing capacity.

The Defender deployment builds on the existing partnership between Hetzner and Nokia, under which Hetzner recently upgraded its data centers and core network with Nokia 7750 SR-1x routing technology. Coverage extends to Hetzner's peering connections — the critical interconnection points where networks exchange traffic — ensuring DDoS attacks are blocked at the network's outermost edge.

The Nokia deployment delivers:

• AI-driven, zero-touch DDoS detection that continuously adapts without manual threshold or baseline configuration
• Multi-layer mitigation — edge filtering on existing Juniper routers, with redirection to the Nokia 7750 Defender Mitigation System for complex application-layer attacks
• Multi-vendor flexibility through standard protocols such as BGP Flowspec and NetConf, supporting edge mitigation across mixed-vendor router platforms
• In-network mitigation that preserves data sovereignty and supports compliance with European data protection requirements and ISO 27001
• Real-time global threat intelligence from the Deepfield Secure Genome feed, tracking the security context of more than five billion IP addresses worldwide
• Protection at peering points, blocking malicious traffic at the network's outermost edge before it reaches customer workloads
• Protection for GPU servers, high-performance computing clusters, and cloud resources powering AI applications across Europe

The result is automated, scalable DDoS defense that keeps legitimate customer traffic flowing without interruption while neutralizing increasingly sophisticated attacks at machine speed. By embedding security directly into the network fabric and operating across multiple router platforms, Hetzner gains both the precision of network-native defense and the freedom to evolve its infrastructure on its own terms. As data centers carry larger AI training and inferencing workloads, the operational impact of network disruption grows accordingly — and Deepfield Defender positions Hetzner's infrastructure for the continuous growth and evolving security requirements of the AI supercycle.