Deepfield Defender

The Nokia DDoS security solution

Nokia Deepfield’s approach to DDoS security combines petabyte-scale big data IP analytics (provided by Deepfield Defender) with the power of advanced network routers (such as Nokia Service Routers and Service Interconnect Routers) and next-generation DDoS mitigation systems (such as 7750 Defender Mitigation System) to fight DDoS with unprecedented scale, efficiency and cost-efficiency. 

Deepfield Defender, a software application, combines network data (telemetry, DNS, BGP, etc.) with Nokia’s patented Deepfield Secure Genome®- a cloud-based, up-to-date data feed that tracks the security context of the internet. With detailed visibility into over 5 billion IPv4 and IPv6 addresses, tracking internet traffic over 30 categories and deploying more than 100 Machine Learning rules (ML) for automatic classification and precise allocation of applications and flows into security-related traffic types and categories, Secure Genome “knows” intricate security details of the internet (e.g., details about prior attacks, insecure servers, and compromised IoT devices that can be used for DDoS attacks).

Deepfield Defender correlates knowledge from Secure Genome with the information obtained from the to detect DDoS faster and more accurately and drive agile network-based mitigation using advanced IP routers (such as Nokia FP4/FP5/FPcx-based IP Routers) or dedicated mitigation system - Nokia 7750 Defender Mitigation System (DMS).

Using advanced AI/ML algorithms, Deepfield Defender calculates the optimal mitigation strategy for a particular DDoS attack (or multiple concurrent attacks) and instructs routers or DMS in real time to apply these filters and neutralize DDoS attacks.

Deepfield Defender is a foundation for Nokia’s next-generation DDoS detection and mitigation solution. Leveraging rich telemetry and programmability of the IP network itself, Deepfield Defender offers significant benefits over legacy (appliance-based or DPI-based) approaches: better scalability, improved accuracy of DDoS detection (with lower false positives) and more efficient and rapid DDoS mitigation in the most cost-efficient manner, delivering holistic, 360-degree DDoS security required for 5G, cloud, and IoT era. 

Real-time DDoS detection

Built for service providers and large enterprises, Deepfield Defender provides real-time DDoS detection and can orchestrate a variety of mitigation options, from traditional appliances and scrubbing centers to advanced, network-based DDoS protection. 

Accurate DDoS detection with Deepfield Secure Genome

We base our real-time detection on the ability to spot known DDoS threat patterns as they happen – for example, by having a better, larger internet security context and network-wide perspective of all traffic, including unusual patterns or disproportional traffic volumes for specific traffic types. Using artificial intelligence and machine learning (ML) algorithms, we create peacetime traffic models and raise DDoS threat alerts when we observe real-time anomalies. Our detection capabilities are greatly enhanced with our Deepfield Secure Genome. This unique knowledge base contains up-to-date information about internet-related security and the prior history of DDoS activity globally. 

Protect all customers, not just a select few  

Deepfield Defender can create extended protection for all your users, subscribers, infrastructure, and systems. Additional flexibility is achieved using protection groups that prioritize certain users or infrastructure elements. For example, your financial customers may require a much higher level of protection than your residential broadband subscribers.  

Scalable and efficient network-based protection

Deepfield Defender delivers the most robust and comprehensive distributed denial of service (DDoS) protection scheme against all types of DDoS traffic, combining detection capabilities with advanced packet processing features of high-performance routing elements, such as Nokia FP4/FP5-equipped Service Routers.

Scale protection, not costs - with a next-generation DDoS mitigation platform

Our new addition to the DDoS security solution, 7750 Defender Mitigation System, provides additional flexibility in choosing your optimal approach to DDoS mitigation, packing 2.8 Tb/s of DDoS processing capacity into a 2RU compact form factor. 

Stop DDoS traffic before it impacts your customers and services

Our next-generation approach to DDoS security makes your network and services more immune to DDoS threats by combining and automating DDoS monitoring and detection with network-based protection and auto-mitigation. We can quickly detect new types of DDoS attacks as they evolve.

Through the advanced processing capabilities of our FP4/FP5/FPcx-powered IP routers and 7750 Defender Mitigation System, you can drop, isolate and remove DDoS traffic without impacting your customers or your business.

This “self-defending network” security scenario features tight integration and closed-loop automation between Deepfield DDoS analytics and context-aware DDoS protection performed by the edge IP routers. It removes the DDoS traffic from the network with minimal impact on all other network services and users.

Automate your DDoS protection

To automate DDoS protection and scale your defense to petabyte levels, Defender delivers optimized auto-mitigation so DDoS attacks can be mitigated automatically, with supervision and manual tuning options. Extensive reports and customization options allow for optimization, streamlining and automation of security workflows.

Elevate your security game with a managed security service offer

As an option to its core functionality, Deepfield Defender provides an extensive set of features that allow service providers to become a managed DDoS security service provider (MSSP) and offer a managed security service to their customers.