The purpose of this datasheet is to provide Sophos customers with information on how our offerings affect their privacy considerations. In this document, we provide information about Sophos ITDR data handling practices, including personal information collection, use and storage.
PRODUCT SUMMARY
Sophos ITDR is an offering that extends the Sophos XDR foundation by incorporating identity-related data from identity providers (IdPs) into visibility, detection, posture management, and response workflows. ITDR findings and detections are ingested into the Sophos Data Lake and ITDR Platform alongside XDR data. This data is collected at frequent intervals allowing the Sophos Data Lake and ITDR platform to be queried for identity and security information.
For additional detail on XDR, please see the XDR Privacy Data Sheet.
INFORMATION PROCESSED BY SOPHOS ITDR
To use Sophos ITDR, Customers need to connect to one or more IdPs such as Microsoft Entra ID. When Customersconnect to an IdPsSophos will access the information in the IdPs via APIs and collect log data. Depending on the information in the IdPs, Sophos ITDR can process the following type of information:
- Given Name
- Surname
- Display Name
- Usernames
- Phone Numbers
- Country
- Zip code (US ONLY)
- Email addresses
- Office Location
- Region
- Role
- Department
- Entra ID Group Membership
- Domain names
- IP Addresses
- Hostnames
- Mac Addresses
- URLs
- User activity logs and detections via an IdP (e.g. Entra ID audit logs, sign-in logs, cloud access logs)
- Application logs collected via the IdPs.
PURPOSE OF INFORMATION PROCESSED BY SOPHOS ITDR
Sophos ITDR analyzes the collected data using security monitoring rules and other advanced detection technology to identify potential misconfigurations of your identity infrastructure, anomalous user activity, and leaked credentials on the dark web that may adversely affect your security posture. Sophos may analyze and process data for the benefit of the customer, resulting in threat detection and response, and future innovation.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos End User Terms of Use.
Generative AI may be used to streamline ITDR workflows and improve service quality, primarily for data investigation, summarization, and classification.
SUB-PROCESSORS
Data processed by the Sophos ITDR is hosted in AWS data centers in the region(s) selected by the customer at the time of Sophos Central account creation. Visit our Sub-processor listing to find out more about sub-processors engaged by Sophos.
RETENTION
Sophos applies its standard retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected.
Data ingested into the Sophos Data Lake will be retained according to the customer’s licensed retention period. Data in the ITDR Platform will be retained while the customer is actively licensed.
All customer data will age out of the system upon termination of the service. After this period, the data will be permanently deleted and unrecoverable.
SECURITY
Sophos secures customer information by authenticating access via username and password based on managed Active Directory group membership coupled with multi-factor authentication.
Sophos ITDR, including the Data Lake and Sophos XDR, has achieved SOC2 Type II certification to demonstrate its strong security practices, policies and internal controls environment.
OUR COMMITMENT TO PRIVACY
Sophos is committed to complying with data protection rules and protection of personal data processed. Sophos will access data only to enable it to provide the services you have signed up for.
ACCESS
Customer Access
Customers with access to Sophos ITDR can query that data using the Live Discover functionality in Sophos Central or via APIs.
Sophos Access
Sophos Engineering monitors access and telemetry for planning future roadmap strategy and retirements, product development and enhancement, troubleshooting, generating statistics and reports. Sophos Labs may evaluate this data to for research purposes to improve threat detection capabiltiies.
DISCLAIMER
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Sophos ITDR Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.