Deepfield Defender

Protect your network with an AI-driven DDoS security solution tailored for service providers, cloud builders and new digital enterprises.

In a world where cyber threats are continuously evolving, Nokia Deepfield Defender provides a robust and scalable solution to protect your network against DDoS attacks. Our AI-driven platform ensures real-time threat detection and automated mitigation, keeping your services secure and operational.

Deepfield Defender, a software application, combines network data (telemetry, DNS, BGP, etc.) with Nokia’s patented Deepfield Secure Genome® - a cloud-based, up-to-date data feed that tracks the security context of the internet. 

Deepfield Secure Genome® is a cloud-based, up-to-date data feed that tracks the security context of the internet. It’s a “security map of the internet,” updated hourly, and with detailed visibility into over 5 billion IPv4 and IPv6 addresses, tracking internet traffic over 30 categories and deploying more than 100 Machine Learning rules (ML) for automatic classification and precise allocation of applications and flows into security-related traffic types and categories, Secure Genome “knows” intricate security details of the internet (e.g., details about prior attacks, insecure servers, and compromised IoT devices that can be used for DDoS attacks).

The DDoS threat landscape has undergone a significant transformation in recent years, rendering traditional security measures ineffective. The proliferation of insecure and compromised IoT devices, along with multi-gigabit connectivity in the access layer, has created a vast army of potential bots, enabling malicious parties to exploit the increased bandwidth and connectivity and new generations of attacks with unprecedented ease. Network owners and operators – from enterprises to CSPs to cloud builders can no longer rely on traditional, static security solutions to protect against new generations of DDoS attacks; a new, more intelligent, agile and automated approach to DDoS security is needed to stay ahead of these evolving threats.

Nokia Deepfield’s approach to DDoS security combines petabyte-scale big data IP analytics (provided by Deepfield Defender) with the power of advanced network routers (such as Nokia Service Routers and Service Interconnect Routers) and next-generation DDoS mitigation systems (such as 7750 Defender Mitigation System) to fight DDoS with unprecedented scale, efficiency and cost-efficiency.

Deepfield Defender identifies and mitigates DDoS attacks in real-time, using advanced algorithms that adapt to new threats. Our system rapidly scales to match the size of the attack, ensuring minimal disruption to your network.
 

• AI-driven analysis: Continuously learns and evolves to provide accurate threat detection.
• Scalable defense: Handles attacks of any size, from small-scale disruptions to massive, coordinated assaults.
• Real-time mitigation: Instantly neutralizes threats without human intervention.
   

Deepfield Defender correlates knowledge from Deepfield Secure Genome with the telemetry information obtained from the network (e.g., flow-based information and sampled mirrored packets) to detect DDoS faster and more accurately. Using artificial intelligence and machine learning (ML) algorithms, we create peacetime traffic models and raise DDoS threat alerts when we observe real-time anomalies. With knowledge about the larger internet security context and real-time, network-wide insight into network traffic, we are able to detect DDoS threat patterns as they happen—with much improved accuracy and speed.

Deepfield Defender considers the network's actual mitigation capabilities, overlooking all types of mitigation instruments and systems—from the network itself (when network-based mitigation is used) to additional scrubbing and mitigation systems that may be at the network’s disposal. Using AI-based decision trees and deep learning models, the most optimal mitigation strategy for a DDoS attack or a combination of DDoS attacks is created in seconds, so that precise filtering and mitigation strategies can be applied to mitigation systems such as programmable routers like Nokia FP4/FP5-based IP routers, or dedicated next-generation scrubbers like 7750 Defender Mitigation System. 

The Nokia DDoS security solution integrates DDOS protection into the network, continuously monitoring traffic and detecting anomalies that could signify a DDoS attack. To automate DDoS protection and scale your defense to petabyte levels, Defender delivers optimized auto-mitigation. This allows DDoS attacks to be mitigated automatically, without supervision and manual tuning options. Extensive reports and customization options allow for further optimization, streamlining and automation of security workflows. 

As an option to its core functionality, Deepfield Defender provides an extensive set of features that allow service providers to become a managed DDoS security service provider (MSSP) and offer a managed security service to their customers.

Service providers can use Deepfield Defender to provide premium DDoS protection services to their customers in the form of managed DDoS security services, effectively optimizing their network security while creating new revenue streams. When Deepfield Defender is used to enable DDoS Protection as a Service (DDoS-aaS) via Managed Security Service Provide portal functionality, service providers can enhance their services with added and customizable security services such as Basic protection (automatically included for all customers) and Premium protection (Enhanced protection for select customers such as high-risk industries (finance, gaming, cloud providers), while offering detailed insights and reporting to their premium customers via customizable user interfaces (UIs).