Skip to main content

Deepfield Defender

Stop DDoS traffic before it impacts your customers and services

Deepfield Defender uses big data analytics to detect distributed denial of service (DDoS) threats in real time. It allows you to stop relying on myopic, sampled-and-aggregated views of the network, collected at specific network interfaces. Instead, you get holistic perspective on DDoS threats across the whole network, as they happen.



Real-time DDoS detection

Built for service providers and large enterprises, Deepfield Defender provides real-time DDoS detection and facilitates a variety of mitigation options, from using traditional appliances and scrubbing centers to advanced, network-based DDoS protection. It can be deployed in hybrid scenarios where network-based volumetric DDoS protection is complemented with an appliance-based approach for application layer (Layer 4–Layer 7) attacks.

Accurate DDoS detection with Deepfield Secure Genome

We base our real-time detection on the ability to spot known DDoS threat patterns as they happen – for example, by observing an unusual or disproportional volume of traffic for specific traffic types. We also use the ratio-based heuristics for the most common network protocols. Using machine learning (ML), we create peacetime traffic models and raise DDoS threat alerts when we observe real-time anomalies. Our detection capabilities are greatly enhanced with our Deepfield Secure Genome – a unique knowledge base that contains the up-to-date information about internet-related security such as lists of secure and insecure endpoints for creation of DDoS allow/block lists.

Protect all customers, not just select few  

With Deepfield Defender, you can create extended protection for all your users, subscribers or infrastructure and systems. Additional flexibility is achieved using protection groups that can prioritize certain groups of users or infrastructure elements. For example, your financial customers may require a much higher level of protection than your residential broadband subscribers.  

Scalable and efficient network-based protection

Deepfield Defender delivers the most robust and comprehensive distributed denial of service (DDoS) protection scheme against the most damaging DDoS traffic – volumetric DDoS attacks. This type of protection combines the Deepfield platform’s DDoS detection capabilities with advanced packet processing features of high-performance routing elements, such as Nokia FP4-equipped Service Routers.

Stop DDoS traffic before it impacts your customers and services

Our next-generation approach to DDoS security makes your network and services more immune to DDoS threats by combining and automating DDoS monitoring and detection with network-based protection and auto-mitigation. We can quickly detect new types of DDoS attacks as they evolve.  

Through the advanced processing capabilities of our FP4-powered Service Routers, you can drop, isolate and remove DDoS traffic without impacting your customers or your business.

This “insight-driven network security” scenario features tight integration and a closed-loop automation between Deepfield DDoS analytics and context-aware DDoS protection performed by the edge IP routers. It removes the DDoS traffic from the network with minimal impact on all other network services and users.

Automate your DDoS protection

To allow automation of DDoS protection and scaling to petabyte-levels, Defender delivers auto-mitigation, so most damaging DDoS attacks can be mitigated automatically, with options for supervision and manual tuning. Extensive reports and customization options allow for optimization, streamlining and automation of security workflows.

DDoS in 2021

Nokia Deepfield Network Intelligence Report: DDoS activity and trends in 2021

DDOS thumbnail

What our customers are saying

Exponential-e: How Nokia Deepfield is helping Exponential-e to scale cost effectively and protect their network

Ready to talk?