Symantec (UK) Ltd

Symantec DeepSight - Managed Adversary Threat Intelligence

Symantec’s Managed Adversary & Threat Intelligence team are dedicated to understanding the adversary ecosystem providing insightful reports on adversaries including tactics, techniques and procedures, to better identify and disrupt activities.Directed Threat Research. It allows customers to submit specific questions to our analysts who provide tailored intelligence reports to that customer.


  • Access to secure DeepSight Threat Intelligence Portal
  • Briefs on adversaries, tools,techniques and procedures, incidents and attacks
  • Reports available through Symantec Deepsight Intelligence Portal
  • Covers all three threat domains: Cybercrime, Cyber Espionage, Hacktivism
  • Contextual intelligence reports detailing the most pressing security threats
  • MATI DTR: 20 tokens for specific inquiries


  • Simplify effective use of threat intelligence
  • Help the security team to better assess the impact
  • Proactively adjust your security posture to counter imminent threats
  • Shape your security strategy to anticipate adversaries actions
  • Understand threat landscape and adapt your mitigation strategies


£105000 per licence per year

Service documents

G-Cloud 9


Symantec (UK) Ltd

Paul Heath

07753 417 309

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Symantec Managed Security Services
Cloud deployment model Public cloud
Service constraints Users needs to have an internet connection and a supported web browser to access the services.
System requirements
  • Supported Web Browser
  • Internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is included in the service on a 24/7 Global basis and is available through Symantec's standard support channels.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Support is included in the service on a 24/7 Global basis and is available through Symantec's standard support channels.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Symantec provide online training and user documentation on how to use the DeepSight Intelligence Portal
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction No customer data is stored within the service so there is no requirement to extract data from the DeepSight Intelligence Portal
End-of-contract process At the end of the contract, customer access to the portal is removed and all alert notifications etc. are disabled.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Service is accessible through a standard web browser.
Accessibility testing None
What users can and can't do using the API The DeepSight Intelligence API provides REST-based access to the same security intelligence content you can find in the DeepSight Intelligence portal, but in a readily consumable JSON format.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Any user can create their own technology lists and alert monitors to reflect their requirements.


Independence of resources The DeepSight Intelligence Portal and API are elastic in nature and resources are made available to ensure no customer is impacting the operations of any other customer


Service usage metrics Yes
Metrics types Number of users with access, number of used and available API calls.
Reporting types
  • API access
  • Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data from DeepSight Intelligence Portal can be exported by any user in the format they prefer.
Data export formats Other
Other data export formats
  • PDF
  • HTML
  • Text
Data import formats Other
Other data import formats
  • CPE data in XML to create technology lists
  • CSV files with domains and URLs for brand protection

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability As an information delivery service only there are no Service Level Agreements tied to the service.
Approach to resilience Resilience information is available on request.
Outage reporting Any outages are notified via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access for management and support staff is tied to personal rights for Symantec staff.
Access restriction testing frequency Less than once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach DeepSight Intelligence Portal is governed using Symantec's internal security standards which are managed and maintained by Symantec's Global Security Office and Symantec's Sofware Security Group.
Information security policies and processes DeepSight Intelligence Portal are governed by Symantec's internal security standards which are managed and maintained by Symantec's Global Security Office and Symantec's Sofware Security Group.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components of the service are tracked through their lifetime and any change is assessed for any potential security impacts. DeepSight follows Symantec's Software Security Process, which is available on Symantec's customer trust portal, It is listed under the Security Program Summaries section.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management is managed by Symantec's Software Security Group. Symantec has a formal process for handling and managing vulnerabilities. For any externally reported issues, SSG follows the process outlined in ISO 29147, Information technology — Security techniques — Vulnerability disclosure ([ISO/IEC 29147:2014(E)]).
SSG works with the impacted team(s) to:
Recreate the environment and issue within Symantec’s labs for an expedited resolution
Facilitate a prompt and accurate response
Avoid delays in new Symantec releases
By following this established process, releases are of a higher quality.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Symantec's Global Security Office, in combination with Symantec's Managed Security Services, provides the proactive monitoring of the service. Please see for more information,
Incident management type Supplier-defined controls
Incident management approach Symantec's incident management process is available from our customer trust portal, It is listed under the Security Program Summaries section.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £105000 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The free valuation of the service is identical to the paid for service. The free version is time limited to 30 days.
Link to free trial


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑