Sophos Sandstorm is an optional addition to a customer’s existing security solution. If a file received by the customer is executable, or has executable content, and is not downloaded from a safe website, the file is treated as suspicious. The security solution sends the suspicious file hash to Sandstorm to determine if it has been previously analyzed. If the hash has not been seen before, a copy of the suspicious file is sent to Sandstorm. Sandstorm detonates the file and its behaviour is monitored within the Sandstorm environment. Once fully analyzed, Sandstorm passes the threat intelligence to the security solution and the file is delivered to the user’s device or blocked, depending on whether Sandstorm determines that the file is clean or malicious.
If the file is clean, the file is deleted by Sophos. If the file is malicious, the file is retained by Sophos for the legitimate business purpose of malware detection and the development and enhancement of malware detection products.
The Sophos Sandstorm product uses latency-based routing to map the customer data to the appropriate regional data centers for analysis. The customer must configure his device so that a suitable DNS server can be used. Devices configured to use a European DNS server send data to the data center located in the Europe. Devices configured to use a US or APAC DNS server send data to the data center located in the United States of America or APAC.
Collection of Data
Where Sophos (i) receives and detonates files in order to determine whether they are clean or malicious, and (ii) has incidental access to the customer’s personal data via the provision of technical support, installation, configuration, training and other consultancy services (if any), Sophos acts as a data processor on behalf of the Customer as data controller.
Where Sophos (i) collects data about the performance of Sandstorm, (ii) retains malicious files for ongoing malware detection and protection, and (iii) collects account management, customer care and billing data to manage its relationship with the Customer, Sophos acts as a data controller.
Last updated 20 June 2018