As 5G adoption accelerates, so do the security challenges that come with it. Attackers are leveraging AI to increase the speed and sophistication of distributed denial-of-service (DDoS) attacks, forcing security teams to adopt advanced automation, machine learning, and real-time intelligence to stay ahead. The rise of 5G is also introducing new vulnerabilities as more traffic shifts from traditional wireline to mobile networks.
The conversation highlights how NETSCOUT is addressing these threats by combining deep packet inspection with AI-driven security measures. As Darren Anstee explains, cyberattacks are evolving rapidly, requiring organizations to detect and mitigate threats faster than ever. From geopolitical DDoS attacks to gaming-related disruptions, bad actors are finding new ways to exploit vulnerabilities. This session provides a crucial look at how AI-driven security strategies are becoming essential in defending networks in the 5G era. Watch now to gain key insights into the future of cybersecurity and how businesses can prepare.
Steve Saunders:
Welcome back to FNTV at MWC25. I'm Steve Saunders. Let's talk about security. Well, with me, I have Darren Anstee from Netscout and Mitch Wagner from Fierce Network. Hi guys.
Darren Anstee:
Hi.
Mitch Wagner:
Hello. Hello.
Steve Saunders:
So Darren, have any of the recent security attacks or threats caused Netscout to change the way that it is protecting its customers networks?
Darren Anstee:
Yeah, I mean, we tend to specialize in the area that I focus on in distributed denial of service attacks, and we've seen a lot of change in those attacks over the past couple of years. More sophistication, more persistent attacks from nation-state affiliated adversaries, those kinds of things, targeting a broader range of organizations on a broader range of endpoints. So that has really driven us to focus on automation, on threat intelligence, on how we use AI in both of those things. And it's also driven us to kind of spread the way in which we can do this across both wireline and mobile environments because we're seeing those same problems kind of move in parallel now.
Steve Saunders:
Is AI playing a role in the products and the way that you protect those networks against denial or service attacks?
Darren Anstee:
Yeah, the way that we build our threat intelligence uses a lot of AI. So we gather a kind of unique data set from about 500 service providers, a couple of thousand enterprises from all around the world. And then we refine that into a set of actionable intelligence that we push back to our customers every three hours. And that intelligence allows them to understand where attacks are coming from right now so that they can more proactively detect and then mitigate those attacks. And then we're also building AI into the products themselves around being able to analyze attack traffic, figure out whether configuration changes are needed to deal with attacks as they evolve, those kinds of things.
Steve Saunders:
I mean that's really interesting. But aren't the attackers also using AI?
Darren Anstee:
They are. So what you see in all kinds of cyber threats today is there is this kind of constant adaption where we put new defenses in place, the attackers adapt to circumvent those defenses and so on and so forth. I think more recently what has happened is that that whole cycle has accelerated, and that's why the drive towards automation, the drive towards using more intelligence, the drive towards using AI, it's kind of become essential in the way that the products operate.
Steve Saunders:
It's a sort of game of AI one-upmanship really, isn't it?
Darren Anstee:
Yeah, but it's AI in terms of the automation side of things, that's how attackers tend to be using it, or they are... Although they are using it now to evade things like capture. But it's very much the automation. It's not the kind of Gen AI that you see being talked about in some places now.
Steve Saunders:
That's really interesting. Are you hearing anything on AI security issues, Mitch?
Mitch Wagner:
Yeah, AI is making everything move faster than humans can react to. It takes AI to defend the network, to detect the attacks as they come in and react to them fast enough to defend. And yes, attackers are using AI too, so it's becoming a war of the machines against the machines.
Steve Saunders:
Yeah, that sounds ominous to me. It's ringing various worrying alarm bells for me. But Darren, have you always used AI in your products or is it a relatively new thing?
Darren Anstee:
We've used machine learning for a long time, so if you look at the way that our products analyse internet traffic, detect anomalies with an internet traffic, that is machine learning fundamentally. We've recently started engineering AI in because of the need to automate the way in which we refine intelligence and analyse traffic. So that's a relatively recent introduction for us over the last, I suppose, two, three years.
Steve Saunders:
Yeah. Okay. I mean, we're at a mobile show, we're at a show which is mainly the cornerstone of it is 5G, isn't it? Does 5G present any unique challenges as far as the security biome?
Darren Anstee:
Again, coming back to our area of DDoS. Yes. So traditionally, most of our customers deployed our products across their wireline networks and their backbone networks. They were looking for attacks coming in from the rest of the internet or attacks coming from their wireline subscribers. And those attacks have escalated as edge connectivity speeds have grown. So as people have moved from ADSL to fiber to DOCSIS 4, those kinds of things, the volumes of bad traffic increase very dramatically.
What we've seen is that as fixed wireless access accelerates around the world onto 5G services, a lot of the bad infrastructure that was on wireline is moving onto mobile as well. So compromised consumer IoT, exploitable CPE, those kinds of things, gaming related DDoS attacks. They're now coming to mobile networks with fixed wireless access services. So a lot of our customers are asking us for help in identifying those attacks, in managing those attacks. And what we've done is extend the solutions that we have for the wireline world into mobile. And we've done that by borrowing technology from another division of Netscout, which is all about service assurance within mobile networks. We're the market leader, so we've taken that tech, added it to our security tech, and that gives us the visibility that we need there.
Steve Saunders:
That's really interesting. Mitch, Cisco recently brought out a report which said that security was the number one concern of its customers when deploying AI. And do you think that that's the number one concern for customers, or do you think staying in business is the number one concern for customers?
Mitch Wagner:
I think staying in business clearly requires security. It's one or the other. Yeah.
Steve Saunders:
It's one and the same. But have you seen much of the show about security?
Mitch Wagner:
Yeah, we're seeing quite a bit. The threats are constant and people can't take security for granted. They have to be sure to be proactive and stay on top of attacks before they come in.
Steve Saunders:
Yeah, so it's a pretty consistent theme across everybody you're talking to?
Mitch Wagner:
Absolutely, yes.
Steve Saunders:
And how does... A lot of companies like Cisco will say, "We'll provide security for you." How does Netscout differentiate itself in that? Is it around the speciality of DDoS?
Darren Anstee:
It's around a couple of different specialities. So DDoS being one of them, we have a unique capability there. We are the market leader there. All of the service providers on the vast majority of them around the world use our solutions. And that gives us a unique perspective on how threats are evolving and how to deal with those threats. So that's one side. The other kind of unique that we have is that Netscout has 40 years of deep packet inspection experience. So that's traditionally been used in our service assurance products, but increasingly now we're seeing our customers using that in security because we have an ability through something called smart data to provide very rapid access into packet forensics, into analytics based on packet forensics, all of those kinds of things. And that's obviously very important when you're trying to triage a threat, when you're trying to understand what's going on within a next-gen data center to really get to the bottom of where the problems might be, where the dependencies are.
Steve Saunders:
But you're primarily involved in the defense of your customer's networks. Can you also see where the attacks are coming from, specifically?
Darren Anstee:
When it comes to the DDoS side of things, yeah, you can identify the source IP addresses that they're coming from, but that doesn't necessarily tell you where the attacks were originated because it might be a bot, might be an open proxy.
Steve Saunders:
There's a lot of ways to hide.
Darren Anstee:
It might be that the traffic is being reflected from something.
Steve Saunders:
Is there any progress being made on attacking the problem at source? Actually finding the organizations individuals or even governments that are responsible for this stuff and getting them to knock it off?
Darren Anstee:
So again, I think-
Steve Saunders:
I mean, that wouldn't be terribly good for your business.
Darren Anstee:
Well, you say that, but there are two parts to that. So in terms of takedown of the kind of the DDoS services that are out there and botnets that are out there, yes, that is happening, but it tends to have very transient impact. Something else will take their place very, very quickly.
Where we are starting to focus more is on what we call DDoS suppression. So if you look at things like DDoS, historically it's been all about defending a target. Now we're seeing a lot of eyeball networks. So networks have a lot of subscribers on them. They're becoming more concerned about the volumes of attack traffic coming from their own subscriber basis because that attack traffic can have an impact within their networks. So they're becoming more interested in being able to detect the top offenders within their networks so that they can do something about that. And we are adding capability into our products to enable them to do that so that they can see who those top offenders are, what they're doing, who are they targeting, so that they can get on top of that problem. And that does tend to suppress the problem more at source.
Steve Saunders:
Why do people launch DDoS attacks? Is it just to be annoying?
Darren Anstee:
No, unfortunately not. So there are a number of different motivations behind DDoS. In terms of volume of attacks, gaming is probably still the number one. You'd be astonished at how much gaming-related DDoS there is going on out there. It tends to be fairly low-level. There's just a lot of it. The second one is probably geopolitics. So everyone has seen in the media the attack campaigns around Ukraine, around Russia, around Israel, around anybody that came down on one side of the other of any of those countries over the last couple of years. What's less apparent is that pretty much any election now, any protest anywhere in the world, in any country probably has some level of DDoS associated with it. So geopolitics is a huge motivator for DDoS now. It's a big, big driver.
Steve Saunders:
And in the current geopolitical situation, I think-
Darren Anstee:
It's not getting any better.
Steve Saunders:
You're going to have your hands full, but good business for Netscout and we're happy about that. You guys have been doing this for a while, so a very trusted name in the communications industry. Mitch, Darren, thank you so much. This was really interesting.
Mitch Wagner:
Thank you.
Darren Anstee:
Thanks for the opportunity.