Genome Shield responds to the fundamental change that DDoS threats have undergone, driven by the emergence of residential proxy botnets, which currently have approximately 200 million compromised devices worldwide.
The DDoS threat landscape has changed in the last 12 months. Attacks now originate from real subscriber devices, generate bursts of several terabits lasting from seconds to minutes, and rapidly rotate IP addresses across thousands of nodes. Residential proxy botnets—estimated at 250 to 600 Tbps—are used to dynamically exploit large numbers of unsuspecting residential users whose connections are being used to generate evasive attacks that impact many national networks. Traditional scrubber-based diversion and reactive mitigation cannot respond quickly enough to these sub-minute attacks. Automated, AI-driven DDoS attacks have industrialized the residential proxy supply chain used by botnets like Kimwolf, while AI-assisted code generation is accelerating the evolution of evasion techniques.
Nokia Deepfield Genome Shield introduces a new class of proactive, network-wide security automation that extends Deepfield Defender to address previously untapped use cases. The solution was developed in close collaboration with customers and the broader security community as part of ongoing efforts to combat DDoS attacks and botnet-driven threats. It shifts protection from reactive mitigation to proactive enforcement by leveraging existing network infrastructure. Genome Shield aggregates continuously updated threat intelligence from multiple sources, including Nokia Deepfield Secure Genome® (covering more than five billion internet endpoints), GDTA telemetry, and Deepfield CyberRange, where active malware and botnet command and control (C2) systems generate real-time information. All of this intelligence is compiled into automated DDoS policies within Deepfield Defender and applied as a network-wide security shield.
“Protecting our infrastructure against incoming DDoS attacks while managing compromised subscriber devices requires carrier-grade automation. By deploying Nokia Deepfield Genome Shield, we’ve moved from reactive, manual workflows to a proactive, unified security platform. Disrupting the command and control of botnets at the network edge, before attacks reach their destination, ensures maximum uptime and clean traffic. This deployment guarantees that when customers connect to Reddot, they’re choosing a network designed for absolute security and peace of mind,” said Charlie Attoum, director of network infrastructure at Reddot.
“The past year has dramatically changed DDoS security. Residential proxy botnets have invalidated 25 years of assumptions about how attacks work and how to defend against them. The big challenge now is maintaining dynamic and massive IP threat sources and applying protection against them in real time, at network scale, continuously and automatically.” Genome Shield is the industry's answer to that challenge. It combines multiple intelligence sources, including our unique CyberRange and Secure Genome's visibility across more than 5 billion internet endpoints, with automated policy building and enforcement across the network. "For the more than 1,000 hosting companies, service providers, and internet exchange points facing this new generation of threats, Genome Shield offers a commercially viable and scalable solution," said Jeff Smith, vice president and general manager of Nokia Deepfield.
Genome Shield expands Deepfield Defender’s existing DDoS countermeasure portfolio with automated, network-wide enforcement, organized around four pillars: Botnet C2 Disruption, which blocks command and control communications to prevent attacks from being launched; DDoS Policers, which suppresses amplification and volumetric traffic by proactively limiting the rate; Custom Policies, which enable user-defined rules via open APIs for easy integration; and Observability, which provides dashboards for compromised devices, botnet endpoints, and emerging security trends.
Genome Shield requires Nokia Deepfield Defender and supports both router-based perimeter mitigation and the Nokia 7750 Defender Mitigation System (DMS) for dedicated L4-L7 layer DDoS cleanup. It supports on-premises, cloud-based (SaaS), and hybrid deployment models with flexible pay-as-you-grow licensing.
