“The DDoS threat environment has undergone more change during the past twelve months than at any point in the previous twenty-five years.”

This Appledore research note examines the latest changes to Nokia Deepfield’s Genome Shield, responding to a structural shift in the DDoS threat landscape with serious implications for telcos: attack traffic now originates inside operators’ own networks, from an estimated 200 million compromised residential devices, monetised by a multi-billion-dollar residential-proxy economy that AI demand is actively expanding.

The note explains why “detect-then-divert” architectures struggle against sub-minute, network-internal attacks, and sets out the outbound-traffic problem the report argues most commercial tools were never designed to address. It places Genome Shield in competitive context — alongside NetScout’s smart-data pivot and cloud services from Cloudflare and Akamai — and weighs where Nokia’s approach is genuinely differentiated against where its weaknesses lie. For competitive and market-intelligence teams, the note offers an objective perspective of an emerging capability category and the questions operators should be asking of any vendor in it.

In this extended Research Note based on detailed briefings, we explore the fundamental architectural shift that Nokia Deepfield is making – in our view the most architecturally consequential DDoS-defense announcement in years – and how Nokia maintains a defensible moat around its proposition.