Deepfield Genome Shield

Deepfield Genome Shield is a proactive security automation and orchestration platform that delivers continuously updated, always-on, network-wide protection against modern DDoS attacks and broader security threats. 

The DDoS threat landscape has fundamentally shifted: attacks now originate from inside the network — residential proxy botnets of roughly 200 million compromised subscriber devices, capable of delivering DDoS tsunamis (1–10+ Tb/s bursts) that arrive in minutes.  

Traditional detect-then-divert mitigation was built for spoofed, multi-hour attacks from outside the network and is structurally too slow for sub-minute bursts; it also cannot address compromised devices attacking outward from within (outbound DDoS). 

Genome Shield extends Deepfield Defender to close that gap: it aggregates threat intelligence from six continuously updated sources, compiles it into automated security policies, and enforces them in the data plane of the routers operators already run — no diversion, no detour, no added latency — turning the network into a self-defending protection mechanism against both inbound and outbound threats.
 

.

Genome Shield is built specifically for the residential proxy botnet era, in which roughly 200 million compromised subscriber devices launch non-spoofed attacks using real IP addresses from behind home firewalls and NAT. Rather than waiting to detect and divert, it enables Deepfield Defender to pre-position continuously enforced protection across the network, so that the network can respond to bursty, sub-minute attacks that would otherwise defeat reactive detect-then-divert models. Genome Shield’s dynamic threat feed infrastructure delivers real-time protection against thousands of constantly changing malicious IP addresses at line speed — solving the filter-scale problem that defeats conventional defenses — while continuously updated rules disrupt botnet and residential proxy command-and-control (C2) at the source (Nokia estimates that over 99 percent of C2 malicious traffic is blocked). Critically, it protects in both directions, addressing inbound DDoS and the outbound threats from compromised subscriber devices that legacy products were never designed to handle.

A DDoS tsunami is a hyper-volumetric attack that arrives in massive bursts of 1–10+ Tb/s, ramping up within minutes (or seconds), lasting only minutes, and often recurring in waves. Unlike the spoofed, multi-hour attacks of the past, these bursts are non-spoofed, give defenders almost no warning, and are over before traditional cloud-diversion or off-ramp scrubbing can ramp up. That timing mismatch is exactly why Genome Shield's pre-positioned, continuously enforced protection is required: defense must be already in place when the wave hits, not activated after detection.

Genome Shield is a software platform that requires Deepfield Defender and can be deployed on-premises, in the cloud or in a hybrid model. It requires no new dedicated security appliances, because it enforces through the network's own existing points. Edge mitigation is performed at line rate by Nokia routers (7750 SR with FP4/FP5 silicon, 7730 SXR with FPcx, and 7250 IXR) or third-party routers such as Cisco and Juniper, and can be combined with the Nokia 7750 DMS for dedicated scrubbing (up to 2.8 Tb/s per system). Policies are pushed using standard enforcement protocols — NETCONF for granular filtering, FlowSpec for interoperability and BGP RTBH for bulk discard — and the whole system is managed through the Deepfield Defender GUI and REST API.

Yes. It can be deployed with Deepfield Defender and your existing Nokia or third-party router edge, and optionally with the Nokia 7750 DMS, enabling you to move from reactive mitigation to proactive, always-on protection without re-architecting the network.