SophosLabs receives information from customers for the purpose of enhancing the detection service that we provide. We understand the importance of privacy to our customers and we ensure sensitive data from our customers is handled properly.
For example, SophosLabs Intelix is designed to delete files marked as clean while retaining samples of malicious files to enhance our understanding of the global threat landscape and provide better protection to all our customers. SophosLabs Intelix is based on a Hub and Spoke architecture. Our customer facing services (spoke) are self-contained in the region they are based. Malicious samples can be moved from a spoke to our central hub for further analysis. This prevents sensitive customer data being shared across many regions.
The purpose of this datasheet is to provide Sophos customers with information on how your privacy choices can be tailored with our offerings. In this document, we provide information about SophosLabs Intelix data handling practices, including personal information collection, use and storage.
SophosLabs Intelix Summary
SophosLabs Intelix interfaces with other Sophos products and it is accessible via API to our OEM partners and customers subscribing to the service on AWS Marketplace. The API allows customers to send samples of suspected malicious code, false positive samples and URLs to a single point at Sophos for malware detection and analysis. SophosLabs receives these samples from customers in order to enhance the detection service that Sophos provides.
Information Processed by SophosLabs Intelix
SophosLabs Intelix needs a Threat Object (for example a file, URL or e-mail) to be analyzed. The Threat Object is sometimes complimented by contextual data related to the Threat Object which contribute to the analysis (for example, Customer ID, Machine ID, file path, filename). Whilst the analysis is executed in the selected region, egress traffic, originating from the dynamic analysis of the sample, might be routed to another region.
Purpose of Information Processed by SophosLabs Intelix
SophosLabs Intelix provides actionable and relevant Threat Intelligence to customers by analyzing the Threat Object.
Information processed by SophosLabs Intelix is available to customers in the form of HTML/JSON reports that can be queried either by JobID uniquely assigned at request or via SHA256 of the Threat Object. SophosLabs uses the information provided to enhance its malware detection service.
Files which have been processed and subsequently categorized as malicious by SophosLabs Intelix are automatically routed to the SophosLabs Hub for further Threat Research analysis.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos Service Agreement.
Sub-processors
Data processing by SophosLabs Intelix is performed in AWS data centers in the region selected by the customer. Visit our Sub-processor listing to find out more about sub-processors engaged by Sophos.
Retention
Sophos applies its retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected.
- Malicious samples will be retained indefinitely in order to offer continued protection to customers.
- SophosLabs Intelix Threat Objects are retained in the respective analysis environment (spoke) for up to 30 days, whereupon clean files are deleted and malicious files are sent to the Hub.
- Threat Object metadata follows the retention period of the associated Threat Object. In some cases, SophosLabs may retain some of such metadata for up to 6 months for research purposes, regardless of whether the associated Threat Object was detected as malicious or clean.
Our Commitment to Privacy
Sophos and SophosLabs are committed to treating your personal data with the care and sensitivity it deserves as well as complying with appropriate data protection rules. Except as stated, Sophos will access data to enable it to provide the services you have signed up for.
Access
Sophos Labs or Sophos AI teams may access the data for analysis, threat detection and for continuous evolution of products and new threat detections. Suspicious files that may contain personal information are treated as follows: if the file is convicted as malicious, then they are treated as malware and will be blocked globally going forward. If these files are not convicted and are cleaned, they are permanently deleted within 60 days.
Disclaimer
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Privacy Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.