Version: 2019-09-24 Download


deepwatch Network Solutions provide monitoring and management of customer’s network security devices. deepwatch currently offers one network solution; Protect Network.

deepwatch Protect Network includes the following features and capabilities:

  • Onboarding;
  • Device Software Updates and Configuration (excluding Rule Set Updates);
  • Rule Set Changes;
  • Knowledge Management; and
  • Support & Training.

Features & Capabilities

Protect Network



deepwatch works with customer to ensure appropriate remote access to its centralized management consoles for the in-scope Network Security Devices.

Existing Infrastructure Assessment

deepwatch performs an initial review of customer’s in-scope network security devices to analyze their current configuration, including:

  • Existing Rule Set Reviews;
    Patch, Update, and License Status; and
    Configuration and Organization.

As a result of initial configuration reviews, deepwatch provides customer with a deliverable that focuses on recommendations for improvement.


deepwatch develops the appropriate governance rules with customer to identify the following:

  • Maintenance Windows;
    • Planned upgrades & configuration changes;
    • Limited to 1 window per week;
  • deepwatch integration into the Customer's change management process; and
  • Clearly define and document activities deepwatch may perform without explicit approval.

Device Software Updates and Configuration (Excluding Rule Set Updates)

deepwatch performs platform configuration and patch management on behalf of deepwatch customers for in-scope network security devices. This includes updating the platform software and firmware as well as implementing changes requested via the deepwatch portal. Customer requests are prioritized and performed during the agreed upon maintenance windows. Changes that cannot be addressed during the maintenance window are addressed at the next mutually agreed upon maintenance window.

deepwatch also reviews all requested changes and identifies any technical issues with performing any requested change prior to scheduling the proposed software update and/or configuration change during the maintenance window.

Rule Set Changes

deepwatch performs rule set changes as approved by customer during the maintenance windows Customer may request up to five (5) emergency rule set changes per month outside of the mutually agreed upon maintenance window.

deepwatch also reviews all requested changes and identifies any technical issues with performing any requested change prior to scheduling the rule set change during a maintenance window.

Knowledge Management

deepwatch’s deepstack Cloud SecOps Platform utilizes ServiceNow’s Knowledge Management functionality to provide shared Knowledge Articles between deepwatch and customers. deepwatch provides a predefined set of Knowledge Articles to customer. Additionally, custom Knowledge Articles are developed by deepwatch within ServiceNow, which notifies customer for review and approval. Knowledge Articles are reviewed at least every three (3) months during pre-defined meetings and as applicable during status meetings.

Support & Training

deepwatch serves as the primary contact for customer personnel for support of all deepwatch deepstack Cloud SecOps Platform components. In this context, deepwatch provides the support traditionally provided directly from vendors. deepwatch maintains specific support agreements with deepstack Cloud SecOps Platform component vendors in order to address and seek to resolve support related incidents in a prompt manner. deepwatch provides customer personnel with training on the deepwatch deepstack Cloud SecOps Platform and its supporting components via in-person and video-based training, as well as ServiceNow Knowledge Articles.

Responsibility Assignment Matrix (RACI Chart)

The following Responsibility Assignment Matrix (“RACI Chart”), describes the participation by deepwatch and customer in delivering deepwatch’s Protect Network solution.




Device Upgrades & Configuration R A
Network Security Device Support Cases   R  A
Device Provisioning & Deployment  C  R
Appliance Backup & Restore  C  R
Change Management (Tickets, Windows, Etc.)  R  A

R = Responsible A = Accountable C = Consulted I = Informed

Assumptions & Expectations


Customers must implement deepwatch's identity solution to access the deepstack Cloud SecOps Platform as well as any and in-scope network security devices. Customer must federate existing authentication from its identity provider or utilize deepwatch's identity solution as an identity provider in conjunction with deepwatch’s Zero-Trust remote access solution.

Centralized Management

Customer acknowledges and agrees to provide access to in-scope network security device centralized management solutions to facilitate solutions delivery.

Subscription Dependencies

Customer must hold an active deepwatch Detect Analytics subscription or execute a deepwatch Detect Analytics subscription before the start date for its deepwatch Protect Network subscription.

Network Device Dependencies

Customer is responsible for the deployment and initial configuration of the network security devices.

Customer is responsible for ensuring network security devices are able to communicate with the centralized network security device centralized management solution.


Each in-scope network security device must be on the deepwatch Supported Network Security Devices list set forth here as may be modified by deepwatch from time to time. Additionally, customer must maintain active support contracts for all in-scope network security devices from the product device vendor and add deepwatch personnel to customer’s vendor support entitlements.

Travel & Expense

Customers acknowledge and agree to follow the deepwatch travel and expense policy provided here.

Virtual Appliance Deployment Assumptions

Customer must provide a virtual machine infrastructure capable of hosting Linux virtual appliance(s) managed remotely by deepwatch. Customer must also install virtual appliance(s) on its virtual machine infrastructure, configured with at least the following specifications:

  • At least 250 GB of either solid-state drives (SSD) or spinning disk storage;
  • 4 CPU cores; and
  • 16GB of RAM.

Customer must allow outbound TCP/443 access from their environment(s) virtual appliance(s) via the Symantec Secure Access Cloud Zero-Trust solution. Customers are responsible for the virtual appliance infrastructure (host) and networking and deepwatch is responsible for the virtual appliance(s) (guest[s]).

[ Home ]