Deepfield Defender

The Nokia DDoS security solution

Nokia Deepfield’s approach uses big data IP analytics, combining network data (telemetry, DNS, BGP, etc.) with Nokia’s patented Deepfield Secure Genome™.

Secure Genome is a cloud-based, up-to-date data feed that tracks the security context of the internet. With detailed visibility into over 5 billion IPv4 and IPv6 addresses, tracking internet traffic over 30 categories and deploying more than 100 Machine Learning rules for automatic classification and precise allocation of applications and flows into security-related traffic types and categories, Secure Genome “knows” intricate security details of the internet (e.g., details about prior attacks, insecure servers, and compromised IoT devices that can be used for DDoS attacks).

When this information is correlated with the information from the network, it allows Deepfield Defender – a software-only based system - to detect DDoS faster and more accurately and drive agile network-based mitigation using advanced IP routers (such as Nokia FP4/FP5-based Service Routers).

Using advanced AI/ML algorithms, Deepfield Defender calculates the optimal mitigation strategy for a particular DDoS attack (or multiple concurrent attacks) and instructs routers in real time to apply these filters and neutralize DDoS attacks.

Deepfield Defender is a cornerstone for the next-generation DDoS detection and mitigation solution. Leveraging rich telemetry and programmability of the IP network itself, Deepfield Defender delivers significant benefits over legacy (appliance-based or DPI-based) approaches: better scalability, improved detection (with lower false positives) and cost efficiency, and full traffic visibility, delivering holistic, 360-degree DDoS security required for the era of the cloud, IoT and 5G.

Real-time DDoS detection

Built for service providers and large enterprises, Deepfield Defender provides real-time DDoS detection and can orchestrate a variety of mitigation options, from traditional appliances and scrubbing centers to advanced, network-based DDoS protection. 

Accurate DDoS detection with Deepfield Secure Genome

We base our real-time detection on the ability to spot known DDoS threat patterns as they happen – for example, by having a better larger internet security context and network-wide perspective of all traffic, including unusual patterns or disproportional traffic volumes for specific traffic types. Using artificial intelligence and machine learning (ML) algorithms, we create peacetime traffic models and raise DDoS threat alerts when we observe real-time anomalies. Our detection capabilities are greatly enhanced with our Deepfield Secure Genome. This unique knowledge base contains up-to-date information about internet-related security and prior history of DDoS activity globally. 

Protect all customers, not just a select few  

Deepfield Defender can create extended protection for all your users, subscribers, infrastructure, and systems. Additional flexibility is achieved using protection groups that can prioritize certain groups of users or infrastructure elements. For example, your financial customers may require a much higher level of protection than your residential broadband subscribers.  

Scalable and efficient network-based protection

Deepfield Defender delivers the most robust and comprehensive distributed denial of service (DDoS) protection scheme against all types of DDoS traffic, combining detection capabilities with advanced packet processing features of high-performance routing elements, such as Nokia FP4/FP5-equipped Service Routers.

Stop DDoS traffic before it impacts your customers and services

Our next-generation approach to DDoS security makes your network and services more immune to DDoS threats by combining and automating DDoS monitoring and detection with network-based protection and auto-mitigation. We can quickly detect new types of DDoS attacks as they evolve.  

Through the advanced processing capabilities of our FP4/FP5-powered Service Routers, you can drop, isolate and remove DDoS traffic without impacting your customers or your business.

This “self-defending network” security scenario features tight integration and closed-loop automation between Deepfield DDoS analytics and context-aware DDoS protection performed by the edge IP routers. It removes the DDoS traffic from the network with minimal impact on all other network services and users.

Automate your DDoS protection

To automate DDoS protection and scaling to petabyte levels, Defender delivers optimized auto-mitigation, so DDoS attacks can be mitigated automatically, with supervision and manual tuning options. Extensive reports and customization options allow for optimization, streamlining and automation of security workflows.