Nokia Deepfield Genome: A foundation for deep network, services and security insights

Understanding the complex and ever-changing internet ecosystem, as well as how internet content, applications, and services are delivered, is critical for optimizing your network. Deepfield Cloud Genome® is Nokia's proprietary, cloud-based intelligence feed that continuously scans and maps the entire internet, providing you with unparalleled visibility into the global digital supply chain.

• Global, real-time mapping: Cloud Genome continuously crawls billions of IPv4 and IPv6 addresses, CDN domains, and network systems to create a dynamic, real-time “service delivery map” of the internet.
• Unprecedented visibility: Provides deep insight into how internet applications, services and content are delivered from source to subscriber, including encrypted and CDN traffic invisible to traditional Deep Packet Inspection (DPI.)
• Granular traffic categorization: Automatically classifies traffic into over 30 categories, allocating IP addresses to content domains, ISPs, and major service providers.
• Enhanced network intelligence: Enriches your existing network data (flow, BGP, DNS) with critical context, enabling comprehensive network intelligence and observability.

In a world of escalating cyber threats, proactive DDoS security requires more than just reactive measures. Deepfield Secure Genome provides a continuously updated, global intelligence feed that serves as an “internet security map,” empowering Deepfield Defender to detect and mitigate threats with unparalleled accuracy.

• Real-time threat intelligence: An hourly-updated, cloud-based data feed tracking the security context of over 5 billion IPv4/IPv6 addresses.
• AI-driven precision: Leverages over 100 Machine Learning (ML) rules for automatic classification and tagging of IP addresses, to help distinguish legitimate traffic from malicious threats.
• Accurate DDoS detection: Significantly improves real-time DDoS threat detection, reducing false positives and negatives by providing a detailed internet security context.
• Foundation for a proactive defense: Maintains a knowledge base of allow list and blocklist IP addresses, infected IoT devices, latest botnets, and many other security-related data to facilitate more intelligent and automated mitigation strategies.

Using our cloud-based servers, we constantly crawl the internet, gathering information about billions of IPv4 and IPv6 addresses, content delivery network (CDN) domains and network systems across the internet. We map these endpoints into traffic categories and allocate them into content and application domains, ISPs, major service provider domains, etc.

Using this up-to-date list of IP endpoints of the global internet, we maintain a supply map for all internet-based content and applications.

This information “feeds” our network insight and analytics applications – service providers get it as regular updates that enrich their Deepfield deployments, and provide additional, deep context to better understand the traffic in their networks.

Deepfield Cloud Genome can greatly enhance your network flow-based, Border Gateway Protocol (BGP)-based and DNS-based information. It can help you map and categorize internet traffic, including encrypted or CDN traffic that is otherwise invisible to systems based solely on traditional deep packet inspection (DPI).

Like Deepfield Cloud Genome, Deepfield Secure Genome contains internet security-related data, including information about network IP addresses and flows. It tracks and maintains in its knowledge base details on IP addresses whose traffic exhibits anomalies or resembles DDoS patterns but are not threats (allowlist data), as well as data related to compromised, malicious, or insecure network sources and IP flows (blocklist data).

The latest technologies used for internet-wide content distribution may resemble DDoS behavior. This could cause security systems to identify “false positives” and take corrective actions. New, distributed, and sophisticated DDoS techniques make detection more challenging and increase the potential for “false negatives” – passing DDoS traffic without warning and flagging it as legitimate.  

Deepfield Secure Genome helps improve real-time DDoS threat detection. With this detailed internet security context, you can significantly reduce the number and impact of false positives and detect real threats with greater agility and accuracy.

Deepfield Secure Genome “feeds” our Deepfield Defender application, empowering service providers and enriching their Deepfield DDoS deployments with up-to-date internet security details.