Skip to main content

Deepfield Defender

Protection against multi-terabit DDoS attacks

Deepfield Defender uses big data analytics to detect distributed denial of service (DDoS) threats in real time. It allows you to stop relying on myopic, sampled-and-aggregated views of the network, collected at specific network interfaces. Instead, you get holistic perspective on DDoS threats as they happen.

Real-time DDoS detection

Built for service providers and large enterprises, Deepfield Defender provides real-time DDoS detection and can facilitate a variety of mitigation options, from using traditional appliances and scrubbing centers to advanced, network-based DDoS protection. It can be deployed in hybrid scenarios where network-based volumetric DDoS protection is complemented with an appliance-based approach for application layer (Layer 4–Layer 7) attacks.

Accurate DDoS detection with Deepfield Secure Genome

We base our real-time detection on the ability to spot known DDoS threat patterns as they happen – for example, by observing an unusual or disproportional volume of traffic for related protocol flows. We consider the ratio-based heuristics for the most commonly used network protocols. Using these heuristics, we baseline the communication patterns for common message–acknowledgement–response messages and raise DDoS threat alerts when we observe real-time anomalies. We also enhance our detection capabilities with our Deepfield Secure Genome – a unique internet-based database that contains the lists of secure and insecure endpoints for creation of DDoS allow/block lists.


Create custom protection groups

With Deepfield Defender, you can create protection groups for network protection strategies that can differentiate between specific users, subscribers or systems. For example, your financial customers may require a much higher level of protection than your residential broadband subscribers.

Learn more


Nokia Deepfield Defender

Ready to talk?