MWC 2026: NETSCOUT, DDoS and Automation in Cyber Threats

At this year’s Mobile World Congress (MWC) in Barcelona, conversations around 5G, AI and security underscored a familiar challenge: as connectivity and intelligence advance, so too do cyber threats. 

For Darren Anstee, CTO for Security at NETSCOUT, the key to staying ahead lies in visibility, automation and the integrity of data itself.

NETSCOUT, he explains, operates across three intertwined capabilities.

“On the enterprise side, we’re all about helping our enterprise customers ensure that their networks, their services and their applications are working in the way that they want them to, giving them visibility that they can use both within our products and within any other AI platforms that they might be building out,” he says.

For the service provider and mobile world, the mission is similar.

Darren adds: “Many mobile operators around the world use us to ensure the experience that their customers get from the services delivered to them. And, of course, if they’re not working quite right, we provide automated root cause analysis.

Then there is nGeniusONE.

“This is where we work with the majority of service providers around the world and many large enterprises to give them visibility of the traffic going in and out of their networks, and also an ability to detect and then mitigate DDoS attacks, which are obviously a primary threat to the availability of internet‑facing infrastructure,” adds Darren.

5G and fixed-network mobile threats

As 5G adoption accelerates, the boundary between fixed and mobile infrastructure is fading. 

Fixed wireless access is growing globally, which Darren flags is bringing with it a new class of risks.

“You’ve got home networks – small offices, home office networks, those kinds of things – where there is vulnerable infrastructure,” he explains. “These can be compromised and leveraged for launching DDoS attacks. We've seen this for years on fixed networks and it’s now on the mobile network. 

“We’re seeing a growing appreciation of that risk. We now have solutions that look at what’s going on within those networks and integrate so that those behaviours can be controlled to defend our customers.”

AI’s place in security

While AI dominated MWC headlines last year, Darren notes that the 2026 conversation is more grounded. 

“This year, I have seen more discussions as we move to autonomous networks and AI orchestration and making sure that the datasets that are being utilised are correct,” reveals Darren. 

“But then, the conversation is: how do we secure those data sets? How do we secure those environments to make sure that nothing bad is happening? Obviously, if it does, bad things will happen.”

NETSCOUT has spent the past three years investing in an AI-driven threat intelligence pipeline, designed to process data from hundreds of service providers worldwide. This global perspective enables the company to detect patterns across attack types and geographies – identifying reused botnet infrastructure almost in real time. 

Darren adds: “This allows us to get a picture of the infrastructure that’s being used now for different types of attacks and campaigns.

For Darren, it’s this refinement of data quality that is vital as enterprises race to build their own AI systems. 

“Everybody is starting to think now about how they build out AI platforms that ingest data,” he says. “But the data has to be compact. There has to be a high signal to noise ratio. 

“That’s one of the things that we really specialise in here at NETSCOUT – whether that’s our enterprise, service provider product sets or our DDoS products. Our data means we have great data of what’s going on out there. Garbage in, garbage out – that hasn’t changed since the 1990s.”

Democratised DDoS and the rise of easy attack tools

NETSCOUT’s latest DDoS Threat Intelligence Report paints a sobering picture of this evolving threat. 

The company’s research found that nearly half of all attacks are now multi-vector – blending multiple methods for greater disruption. 

This means that tools once confined to experts have been automated, making it possible for anyone to launch highly sophisticated campaigns. 

Darren details: “This means that you can say, ‘I would like to attack you during business hours tomorrow, tell me what services are available, generate me an optimised set of attack vectors and carry out the attack.’

“You don’t need to understand anything about what it’s doing – you just need to tell it what it was you wanted it to do. This is one of the things that’s driving that democratisation and the increase in numbers of more sophisticated attacks.”

It is this accessibility, coupled with the persistence of hacktivist groups, that has fuelled a surge in activity. 

NETSCOUT now tracks more than a hundred groups leveraging DDoS to make political or ideological statements. Even after takedowns, groups resurface within days.

“These groups are generating a lot of activity,” Darren says. “They’ve got disparate infrastructures, different ways of generating the attacks, different targeting methodologies. They’re very resilient. 

“It’s not going away, but it is a well-understood threat. So, if you’ve got the right technologies, the right threat intelligence, the right processes, you can defend against it with the right solutions.”