Deepfield Genome

Enrich network insights with detailed internet and security context

Deepfield Genome

Our Deepfield Genome data feeds provide detailed and continuously updated maps of the internet service delivery chains and security

The internet is growing to support more IP endpoints, higher traffic volumes, greater geographical reach, distributed network architectures and more autonomous systems. It’s also transforming to meet the demands of a greater number and variety of systems, end devices and applications.

The dawn of the cloud, 5G and IoT era is bringing a great consolidation of traffic-originating domains. Today, a handful of these domains generate and distribute almost 90 percent of all internet traffic. Most of that traffic is encrypted.

With the Deepfield Genome data sets, you get comprehensive insight to help you better understand the traffic that passes across your network – from the internet to your subscribers, and equip you to better protect your network, services and subscribers from distributed denial of service (DDoS) attacks.

Deepfield Cloud Genome™

Deepfield Cloud Genome® is Nokia-proprietary, internet-based and cloud-hosted software data feed that tracks, maps and analyzes billions of internet endpoints and flows to provide a dynamic supply map of the internet. It provides full visibility into the ways that applications and content are delivered from all internet sources to your network and across your network to your subscribers.

Deepfield Secure Genome™

Deepfield Secure Genome complements the Deepfield Cloud Genome by maintaining a live data feed with up-to-date information on potential distributed denial of service (DDoS) threats, and secure and insecure (allow/block) internet sources, destinations and traffic patterns.

Datasheet

Nokia Deepfield Cloud Genome datasheet

Nokia Deepfield Cloud Genome® maps the global internet to provide unprecedented visibility for service providers, webscale companies and large digital enterprises.

Datasheet

Nokia Deepfield Secure Genome

Nokia Deepfield Secure Genome maps the global internet to provide unprecedented security insights to service providers, webscale companies and large digital enterprises

The “magic” behind Deepfield Cloud Genome

Using our cloud-based servers, we constantly crawl the internet, gathering information about billions of IPv4 and IPv6 addresses, content delivery network (CDN) domains and network systems across the internet. We map these endpoints into traffic categories (over 30 of them), and allocate them into content and application domains, ISPs, major service provider domains, etc.

Using this up-to-date list of endpoints of the global internet, we maintain a supply map for all internet-based content and applications.

This information “feeds” our network insight and analytics applications – service providers get it as regular updates that enrich their Deepfield deployments, and provide additional, deep context to better understand the traffic in their networks.

Deepfield Cloud Genome can greatly enhance your network flow-based, Border Gateway Protocol (BGP)-based and DNS-based information. It can help you map and categorize internet traffic - including encrypted or CDN traffic that is otherwise invisible to systems based only on traditional deep packet inspection (DPI).

Infographic

Enrich your visibility of internet content, applications, services and security with Nokia Deepfield Genome

Detailed Internet security context to drive improved DDoS protection

Similar to Deepfield Cloud Genome, Deepfield Secure Genome contains internet-security related data about network IP addresses and flows. It tracks and maintains the knowledge base that includes details on traffic that resembles DDoS patterns but are not threats (allowlist data), and also data related to compromised, malicious or insecure network sources and IP flows (blocklist data).

The latest technologies used for internet-wide content distribution may resemble DDoS behavior. This could cause security systems to identify “false positives” and take corrective actions. New, distributed and sophisticated DDoS techniques make detection harder and increase the potential for “false negatives” – passing of DDoS traffic as legitimate.

Deepfield Secure Genome helps improve real-time DDoS threat detection and with this detailed internet security context, you can significantly reduce the number and impact of false positives and false positives, and detect real threats with greater agility and accuracy.

Deepfield Secure Genome “feeds” our Deepfield Defender application, empowering service providers and enriching their Deepfield DDoS deployments with up-to-date internet security details.