Analyzing the capabilities of Symantec DeepSight Intelligence

Expert Ed Tittel offers an overview of Symantec DeepSight Intelligence, which provides organizations with information and alerts on today's IT threats.

Symantec DeepSight Intelligence, formerly known as DeepSight Security Intelligence, is a cloud-based threat intelligence platform that provides data feeds for business security systems and applications, as well as a customer portal with support tools that provide early warnings and alerts, patch details and business impact information related to an environment. Using DeepSight Intelligence, customers can take a proactive approach to active and emerging threats.

DeepSight Intelligence draws from the Symantec Global Intelligence Network (GIN), a repository of big data populated by feedback from Symantec security software running on millions of customer computers and devices, as well as hundreds of thousands of sensors in over 200 countries. These software installations and sensors report vulnerabilities, event data, spam and phishing threats, decoy email accounts, and more back to Symantec -- all of which is stored in GIN databases, collectively one of the largest sources of threat intelligence in the world.

Given such a well-developed infrastructure, Symantec was one of the early entrants in the threat intelligence service arena, and is still one of the most recognizable and trusted security companies around.

Data feeds

Symantec offers DeepSight Intelligence data feeds for IP reputation, domain/URL reputation and vulnerabilities.

The IP reputation and domain/URL reputation data feeds center around IP addresses and domains/URLs that are known to be malicious. The activity may include attacks, bot participation, botnet command-and-control server communication, fraud, malware distribution, phishing scams and spam distribution. Symantec assigns hostility and confidence ratings to each IP address or domain/URL to assist organizations in prioritizing threats to their environments.

The vulnerability data feed includes Common Platform Enumeration, Common Vulnerability and Exposures, Open Vulnerability and Assessment Language, and the Common Vulnerability Scoring System, and is best used with a vulnerability management system.

Reputation data feeds are available in XML, CSV and CEF formats. Vulnerability data feeds are available in XML only. Customers choose how often they want to receive updates, such as every 15 minutes, every hour or every day.

Typical customer

DeepSight Intelligence customers tend to be larger, midmarket organizations and enterprises with in-house security staff who manage multiple perimeter and internal security devices, including security information and event management, firewalls and intrusion prevention systems.

Pricing and licensing

Each DeepSight data feed is available as a 12-, 24- or 36-month subscription via the customer portal. Prices vary depending on the number of managed users within an organization, the buying program tier and multiyear subscription discounts.

Prospective customers should note that Symantec also offers managed security services and managed incident response for a fee beyond the DeepSight Intelligence subscription. Customers who are interested in DeepSight managed security services must contact a Symantec partner for more information.


Symantec offers an online knowledge base, as well as 24/7 year-round telephone support for DeepSight Intelligence customers. The cost of support is included in the DeepSight subscription.

Next Steps

Learn the five key criteria for evaluating threat intelligence services

See how the top threat intelligence services stack up against each other

This was last published in April 2017

Dig Deeper on Risk management