1. /
  2. DeepSight Security Intelligence Products
Global threat and vulnerability intelligence enables organizations to enhance security and take proactive control of information.

Overview

Cyber Security: DeepSight™ Intelligence
DeepSight Intelligence collects, analyzes and delivers cyber-threat information through a customizable portal and datafeeds, enabling proactive defensive actions and improved incident response.

DeepSight Intelligence protects enterprises by creating better-informed security operations teams and by providing the tools for a faster, more accurate identification of threats and their remediation.

By using Symantec’s DeepSight Intelligence – recognized by industry analysts as a leader in the market – you can build on existing investments in security technologies to create a robust, scalable information security program that more effectively uses your current operational resources and tools.
DeepSight Intelligence is available through:

DeepSight Intelligence portal – an intuitive web-based portal
DeepSight Intelligence datafeeds to automate the delivery of threat data to existing security infrastructure
Concentration on adversary threat intelligence. With the explosion in cyber-related threats, organizations are increasingly seeking to focus their resources on the adversaries and threats specifically targeting their high value assets. We have resources dedicated to understanding the adversary ecosystem and providing detailed intelligence on the tactics, techniques and procedures to better identify and disrupt their activities.

Key Benefits of DeepSight™ Intelligence

Detailed, tailored and accurate intelligence. With visibility from the attack surface to adversaries behind the attacks, DeepSight Intelligence provides in-depth threat intelligence as well as context on current and emerging threats in order to identify and block threats before they impact your critical systems.
React faster to changes in your threat environment. The combination of threat, vulnerability and reputation information allows businesses to define threat alerts based on their individual IT infrastructure and security policies, enabling the adjustment of the security planning and responses as needed.
Improve IT security staff’s efficiency and productivity. Having a single data source that is focused only on relevant threats and business-relevant issues allows your IT staff to respond effectively, freeing up time for other projects.
Other related products from Symantec Cyber Security:

Managed Security Services
Managed Incident Response

Global Security Intelligence

Symantec’s Global Intelligence Network (GIN) is a massive archive of security data; we monitor, analyze and process more than 10 trillion security events per year worldwide. This means taking big data that comes from various streams and finding the common threads that connect them that comprise an attack. Finding these indications of compromise and correlating them allows us to design new methods of detection and prevention.
The importance of incorporating global security intelligence into a security program should not be underestimated. The best way to protect your network from threats is to understand what and who is likely to attack you, and also to learn what newly identified vulnerabilities may be exploited to attack your network.
Shift from reactive security. Traditional security solutions, although effective, only identify threats as they hit the enterprise. Adding visibility into the global threat landscape can enable a more proactive security policy to be implemented. Trying to keep pace with the threat landscape and to aggregate threat data from numerous sources makes identifying relevant threats and prioritizing mitigation actions more than full-time tasks.
Breadth and depth of data. The GIN offers visibility into empirical, real-world customer data from enterprises and consumers, Symantec .cloud meta-data, forums, vendors, honeynets and other third-party data combined with the largest collection of end-point sensors in the industry.
DeepSight Intelligence collects, analyzes and delivers cyber threat information collected by the Symantec Global Intelligence Network (GIN). The Symantec GIN has global visibility into the threat landscape including big data from:
  • More than 41.5 million attack sensors in 157 countries
  • An extensive anti-fraud community of enterprises, security vendors and more than 50 million end users
  • More than 8 billion emails per month from 5 million decoy accounts
  • Over 13 billion web requests a day

Portal

The DeepSight Intelligence portal supports your proactive security posture, helping to minimize the effects of current and future cyber-attacks by providing business-centric threat information to your analysts.

Our big-data approach to information gathering ensures comprehensive global visibility by examining millions of events from around the world; we aggregate and correlate unfiltered alerts generated by both Symantec’s vast installed base of security solutions, as well as those of partner organizations.

By analyzing the threat information from this proprietary Global Intelligence Network (GIN), DeepSight Intelligence is able to identify traffic patterns associated with malicious activity and known threat actor behavior.

Finished intelligence is produced through the efforts of human analysts combined with computational analysis of our big data infrastructure and delivered through the DeepSight Intelligence portal.

Setting up an organizational profile on the portal allows a tailored delivery of the applicable intelligence you need for your organization, ensuring that threats and vulnerabilities are prioritized based on the potential economic impact.

Key Benefits

Global visibility. A customizable view into global threat data, including visibility into firewall, IDS and honeynet events seen across the globe can provide insight into threats and trends, often before they impact an organization or industry.
Complete threat picture. The portal provides an end-to-end picture of threats from attack surface vulnerabilities, to malware and actors behind the attacks.
Detect and mitigate. Indications of compromise and signatures will help you to detect critical threats, while mitigation strategies and remediation steps will enable a rapid response.
Customized views. Alerts and content can be easily customized to your specific needs based on your industry, technology list and geography.
Domain awareness. Organizations can be informed if use of their brand or IP address block is linked to any phishing or malicious code outbreaks.
Service levels. DeepSight Intelligence portal alerts are available at a number of different service levels; organizations can select the level that fits their needs and requirements.

Datafeeds

The Symantec Cyber Security: DeepSight™ Intelligence datafeeds automate the application of intelligence to provide additional protection for your enterprise by making existing security infrastructure smarter (Governance, risk and compliance (GRC) systems, security information and event monitoring (SIEM), DNS sinkholes, smart firewalls, etc.) DeepSight Intelligence datafeeds make your existing security investments more cost-effective and productive by applying intelligence with a secure information source that keeps third-party solutions up-to-date on the latest threats and exposures.
The DeepSight Intelligence datafeeds are delivered through a Simple Object Access Protocol (SOAP)-based web service. They offer actionable intelligence which include:
  • Malicious IPs and domains/URLs including rich context answering the security “Ws” (Who, Where, When and What).
  • Continuous updates of the latest discoveries in vulnerabilities and malware, including rich context to accelerate incident closure.

DeepSightTM Intelligence Datafeeds

DeepSight Intelligence: Security Risk Datafeed
The Symantec Cyber Security DeepSight Intelligence Security Risk datafeed offers visibility into emerging threats, malicious code and adware/spyware with complete risk ratings, disinfection and mitigation strategies to help protect against emerging threats.
DeepSight Intelligence: Vulnerability Datafeed
The DeepSight Intelligence Vulnerability datafeed provides real-time data on vulnerabilities impacting nearly 105,000 technologies from more than 17,000 vendors. Numerical urgency and impact ratings combined with Security Content Automation Protocol (SCAP) identifiers enable prioritized responsive actions to minimize risk and optimize resource utilization.
DeepSight Intelligence: Reputation Datafeeds
The DeepSight Intelligence Reputation datafeeds provide up-to-date and actionable intelligence about malicious activity on the Internet. The IPs, URLs and Domains are classified based on the observed malicious behaviors which include:
  • Attacks
  • Malware distribution
  • Phishing scams
  • Spam distribution
  • Bots infections
  • Botnet command and control server communication
The DeepSight Intelligence offers four reputation datafeeds:
  • DeepSightTM Intelligence: IP Reputation
  • DeepSightTM Intelligence: URL/Domain Reputation
  • DeepSightTM Intelligence: Advanced IP Reputation
  • DeepSightTM Intelligence: Advanced URL/Domain Reputation

Key Benefits of DeepSight Datafeeds

  • Lower the number of false positives and false negatives in your environment, reducing research and response costs.
  • Increase incident detection rates by enabling new forms of detection and protection.
  • Automate updates on new threats and vulnerabilities, with regular uploads of the latest discoveries to allow more effective risk and vulnerability management.
  • Provide rich context in operational tickets from security systems (SIEM, GRC, vulnerability management, etc.), allowing a quicker closure of incidents while lowering operational costs.

Datafeeds Delivery

  • Web Service: SOAP 1.1 or 1.2
  • Datafeed: XML version 1.0/Compression algorithm – zip – RFC 1950
  • Datafeeds format:
Datafeeds Format
  XML CEF CSV
Vulnerability    
Security Risk    
Reputation