AI and Automation: Telcos’ New Shield Against DDoS

As 5G networks expand and fixed wireless access grows globally, telecommunications providers face an evolving threat landscape that demands new approaches to network security and data intelligence.
At Mobile World Congress 2026 in Barcelona, the convergence of 5G infrastructure and cybersecurity took centre stage. For Darren Anstee, CTO for Security at NETSCOUT, the telecommunications industry stands at a critical juncture where network visibility and automated threat detection could determine the future of service delivery.
NETSCOUT works with the majority of service providers around the world, offering a platform that addresses three core needs across the telecommunications ecosystem. For mobile operators specifically, the company provides tools that monitor customer experience and service delivery. "Many mobile operators around the world use us to ensure the experience that their customers get from the services delivered to them," Darren explains. "And, of course, if they're not working quite right, we provide automated root cause analysis."
The company's nGeniusONE gives telecommunications providers visibility into traffic patterns across their networks while detecting and mitigating DDoS attacks that threaten network availability. This capability has become increasingly vital as service providers manage growing volumes of data and increasingly sophisticated attack vectors.
Mobile networks face fixed-line threats
The expansion of 5G has blurred traditional boundaries between fixed and mobile infrastructure, creating new vulnerabilities that telecommunications providers must address. Fixed wireless access deployment has introduced risks previously confined to fixed networks into the mobile environment.
"You've got home networks – small offices, home office networks, those kinds of things – where there is vulnerable infrastructure," Darren says. "These can be compromised and leveraged for launching DDoS attacks. We've seen this for years on fixed networks and it's now on the mobile network."
Telecommunications providers are developing innovative solutions that monitor activity within these networks, integrating controls to defend against compromised home infrastructure being weaponised for attacks. According to Darren, there is a growing appreciation of this risk within the telecommunications sector as fixed wireless access continues its global rollout.
Securing autonomous telecommunications networks
While AI dominated industry conversations at MWC 2025, discussions in 2026 among telecommunications providers have shifted towards practical implementation. The focus has moved to autonomous networks, AI orchestration and ensuring data integrity as operators build out next-generation infrastructure.
"This year, I have seen more discussions as we move to autonomous networks and AI orchestration and making sure that the datasets that are being utilised are correct," Darren reveals. "But then, the conversation is: how do we secure those data sets? How do we secure those environments to make sure that nothing bad is happening?"
NETSCOUT has spent the past three years investing in an AI-driven threat intelligence pipeline that processes data from hundreds of service providers worldwide. This global telecommunications perspective enables the company to detect attack patterns across geographies and identify reused botnet infrastructure in near real-time.
For telecommunications operators building their own AI systems, data quality has emerged as a critical concern. "Everybody is starting to think now about how they build out AI platforms that ingest data," Darren says. "But the data has to be compact. There has to be a high signal to noise ratio."
NETSCOUT's approach across its enterprise, service provider and DDoS product sets prioritises data integrity. "Our data means we have great data of what's going on out there," Darren adds. "Garbage in, garbage out – that hasn't changed since the 1990s."
Telecommunications infrastructure under increasing attack
According to NETSCOUT's latest DDoS Threat Intelligence Report, nearly half of all attacks now use multi-vector approaches, blending multiple methods to create greater disruption for telecommunications networks. The democratisation of attack tools means that sophisticated campaigns no longer require technical expertise.
"This means that you can say, 'I would like to attack you during business hours tomorrow, tell me what services are available, generate me an optimised set of attack vectors and carry out the attack,'" Darren details. "You don't need to understand anything about what it's doing – you just need to tell it what it was you wanted it to do."
This accessibility, combined with persistent hacktivist activity, has created sustained pressure on telecommunications infrastructure. NETSCOUT currently tracks more than a hundred groups using DDoS attacks to make political or ideological statements. Even after law enforcement takedowns, these groups resurface within days, often targeting telecommunications providers due to their high-profile status.
"These groups are generating a lot of activity," Darren says. "They've got disparate infrastructures, different ways of generating the attacks, different targeting methodologies. They're very resilient."
However, Darren suggests that telecommunications providers with appropriate technologies, threat intelligence and processes can effectively defend against these threats. "It's not going away, but it is a well-understood threat," he says. "So, if you've got the right technologies, the right threat intelligence, the right processes, you can defend against it with the right solutions."


