NETSCOUT's Darren Anstee on AI, DDoS Attacks & Hacktivism

At this year’s MWC in Barcelona, talk of 5G, AI and cyber security reflected a growing sense of urgency. 

As networks become more connected and intelligent, the threat landscape is evolving at pace.

For Darren Anstee, CTO for Security at NETSCOUT, staying ahead of attackers depends on deep visibility, intelligent automation and high quality data.

NETSCOUT’s approach spans three core capabilities.

“On the enterprise side, we’re all about helping our enterprise customers ensure that their networks, their services and their applications are working in the way that they want them to, giving them visibility that they can use both within our products and within any other AI platforms that they might be building out,” he says.

For service providers, the objective is similar but operates at global scale.

“Many mobile operators around the world use us to ensure the experience that their customers get from the services delivered to them,” Darren says. “And, of course, if they’re not working quite right, we provide automated root cause analysis.

At the centre sits nGeniusONE, the company’s security platform.

“This is where we work with the majority of service providers around the world and many large enterprises to give them visibility of the traffic going in and out of their networks, and also an ability to detect and then mitigate distributed denial of service (DDoS) attacks, which are obviously a primary threat to the availability of internet‑facing infrastructure,” Darren adds.

5G expansion and emerging network risks

As 5G adoption accelerates, the traditional divide between fixed and mobile networks is disappearing.

This convergence is introducing new vulnerabilities, particularly as fixed wireless access expands into homes and small offices.

“You’ve got home networks – small offices, home office networks, those kinds of things – where there is vulnerable infrastructure,” he explains.

“These can be compromised and leveraged for launching DDoS attacks. We've seen this for years on fixed networks and it’s now on the mobile network. 

Security teams are becoming more aware of this shift. 

“We now have solutions that look at what’s going on within those networks and integrate so that those behaviours can be controlled to defend our customers.”

AI, data integrity and security operations

While AI dominated headlines at previous industry events, Darren notes that the 2026 conversation is more grounded.

“This year, I have seen more discussions as we move to autonomous networks and AI orchestration and making sure that the datasets that are being utilised are correct,” Darren reveals. 

“But then, the conversation is: how do we secure those data sets? How do we secure those environments to make sure that nothing bad is happening? Obviously, if it does, bad things will happen.”

NETSCOUT has invested heavily in an AI driven threat intelligence pipeline, analysing data from hundreds of service providers worldwide.

This enables near real-time detection of attack patterns, including reused botnet infrastructure across regions and campaigns.

For security teams building their own AI platforms, data quality remains a critical challenge.

“Everybody is starting to think now about how they build out AI platforms that ingest data,” he says.

“But the data has to be compact. There has to be a high signal to noise ratio. 

“That’s one of the things that we really specialise in here at NETSCOUT – whether that’s our enterprise, service provider product sets or our DDoS products. Our data means we have great data of what’s going on out there. Garbage in, garbage out – that hasn’t changed since the 1990s.”

The democratisation of DDoS attacks

NETSCOUT’s latest threat intelligence findings reveal a sharp rise in multi vector DDoS attacks, with nearly half of all incidents now combining multiple techniques for maximum disruption.

At the same time, attack tools are becoming increasingly accessible. 

Darren says: “This means that you can say, ‘I would like to attack you during business hours tomorrow, tell me what services are available, generate me an optimised set of attack vectors and carry out the attack.’

“You don’t need to understand anything about what it’s doing – you just need to tell it what it was you wanted it to do. This is one of the things that’s driving that democratisation and the increase in numbers of more sophisticated attacks.”

This democratisation is driving both the volume and complexity of threats.

Hacktivist groups in particular remain highly active, with NETSCOUT tracking over a hundred groups using DDoS campaigns to amplify political or ideological messages.

Even when disrupted, these groups tend to reappear quickly with new infrastructure and tactics.

“These groups are generating a lot of activity,” Darren says. “They’ve got disparate infrastructures, different ways of generating the attacks, different targeting methodologies. They’re very resilient. 

“It’s not going away, but it is a well-understood threat. So, if you’ve got the right technologies, the right threat intelligence, the right processes, you can defend against it with the right solutions.”