1. /
  2. DeepSight Security Intelligence Products
Global threat and vulnerability intelligence enables organizations to enhance security and take proactive control of information.

Overview

DeepSight Security Intelligence delivers timely and relevant threat, vulnerability, and reputation intelligence enabling businesses to adjust their security posture as required based on emerging threats that might impact their critical systems. This insight is available through:
  • DeepSight Early Warning Services an intuitive web-based portal, and
  • DeepSight DataFeeds to automate the delivery of threat data to existing security infrastructure.

Symantec Global Intelligence Network

The Symantec Global Intelligence Network collects the data upon which DeepSight Security Intelligence products are based. The Global Intelligence Network has global visibility into the threat landscape, including:
  • More than 64.6M attack sensors monitoring networks.
  • Over 45,000 vulnerabilities, covering over 15,000 vendors.
  • Visibility into all ports/protocols for threat analysis and collection.
  • More than 8 billion emails a day.
  • More than 1.4 billion web requests a day.

Key Benefits of DeepSight Security Intelligence

Unsurpassed accuracy and breadth of intelligence. Incorporating enhanced global threat and vulnerability visibility helps identify and block threats before they impact your critical systems.
Adjusts an organization's response based on risk profile. The combination of threat, vulnerability and reputation information allows businesses to define alerts based on their individual IT infrastructure and security policies, enabling the adjustment of the security posture as needed.
Improves IT security staff productivity. Having a single data source that is focused only on relevant threats and issues enables IT staff to respond effectively, while freeing up time for other tasks.

Global Security Intelligence

The importance of incorporating global security intelligence into a security program should not be underestimated. The best way to protect your network from threats is to understand what and who is likely to attack you, and also to learn what newly identified vulnerabilities may be exploited to attack your network.
Shift from reactive security. Traditional security solutions, although effective, only identify threats as they hit the enterprise. Adding visibility into the global threat landscape can enable more proactive security policy to be implemented. Trying to keep pace with the threat landscape and to aggregate threat data from numerous sources makes identifying relevant threats and prioritizing mitigation actions more than full-time tasks.
Breadth and depth of data. The Symantec Global Intelligence Network offers visibility into empirical, real-world customer data, from both enterprises and consumers, including the malware that they encounter, combined with our honeypot network. This combination offers breadth of data, accurate threat detection, and fast detection of emerging threats to ensure that customer networks can be protected as soon as possible.
Symantec is recognized by IDC as the market leader in security intelligence services, with wider and more accurate data than other providers.

Early Warning Service Portal

The DeepSight Early Warning Services portal offers insight into a wide range of real-time threat and vulnerability data designed to provide organizations with the information they need to proactively protect their infrastructure. Customized alerts ensure that relevant, prioritized data is available to enterprises so that critical infrastructure can be protected against emerging threats and exploitable vulnerabilities.

Key Benefits of Early Warning Services

Truly global visibility. A customizable view into global threat data, including visibility into firewall, IDS, and honeynet events seen across the globe can provide insight into threats and trends, often before they impact an organization.
In-depth threat analysis. Analysis of emerging threats, vulnerabilities and malicious code, including mitigation strategies and remediation steps enabling a rapid response to threat outbreaks.
Customized reporting. Reports can be scheduled and customized dependent on need, covering specific ports and technologies as well as industry vertical and geography.
Brand Protection Organizations can be informed if use of their brand or IP address block is linked to any phishing or malicious code outbreaks.
Service Levels DeepSight Early Warning Services are available at a number of different service levels; organizations can select the level that fits their needs and requirements.

DataFeeds

For enterprises looking to directly integrate security intelligence into existing security solutions such as SIEM, web gateways, or other network security solutions, DeepSight DataFeeds are delivered in an XML format, enabling dynamic security policy refinement, with no IT overhead required, to protect against communication with a malicious source.

Symantec DeepSight Offers 4 DataFeeds

Symantec DeepSight Security Risk DataFeed
The Symantec DeepSight Security Risk DataFeed offers visibility into emerging threats, malicious code, and adware/ spyware with complete risk ratings, disinfection and mitigation strategies to help protect against emerging threats.
Symantec DeepSight Security Content Automation Protocol (SCAP) Vulnerability DataFeed
The Symantec DeepSight Vulnerability DataFeed provides real-time data on vulnerabilities impacting nearly 105,000 technologies from more than 14,000 vendors. Numerical urgency and impact ratings combined with SCAP identifiers enable responsive actions to be customized to minimize risk and optimize resource utilization.
Symantec DeepSight IP Reputation DataFeed
The Symantec DeepSight IP Reputation DataFeed provides up-to-date and actionable intelligence about malicious activity on the Internet, such as malware distribution and botnet command and control server communication. IP address activity is analyzed to identify participation in the following:
  • Attacks
  • Malware distribution
  • Phishing scams
  • Spam distribution
  • Bots infections
  • Botnet command and control server communication
Symantec DeepSight Domain and URL Reputation DataFeed
The Symantec DeepSight™ Domain and URL Reputation DataFeed focuses on domains and URLs being used for malicious activities, enabling the definition of security policy for outbound traffic from internal source.

Key Benefits of DeepSight DataFeeds

Enable Proactive Security. Only Symantec has the breadth of visibility into real-world threat intelligence, combined with the analysis expertise to inform and protect our customers from emerging threats.
Improve IT security staff productivity. Delivered as an automated feed, there is no manual threat or vulnerability research required by IT, freeing up time that can be spent on additional tasks.
Adjust organization's response based on risk profile. By leveraging real-time threat, vulnerability, and reputation information organizations can create an effective information-based decision making and response advantage to combat the increasingly hostile threat landscape.

System Requirements

  • Browser: Internet Explorer® 6 or higher, Firefox® 3.6.2 or higher, Safari® 4.0 or higher, Google Chrome® 3.0 or higher
  • Web Service: SOAP 1.1 or 1.2
  • DataFeed: XML version 1.0/Compression algorithm – zip – RFC 1950
  • SDK Microsoft: .NET framework 1.1 or higher