The purpose of this datasheet is to provide Sophos customers with information on how our offerings affect their privacy considerations. In this document, we provide information about the Sophos Data Lake data handling practices, including personal information collection, use and storage.
This privacy data sheet applies to XDR products use of the Sophos Data Lake and the Sophos Data Lake is a key component of the Sophos XDR offering. It stores critical information from the Intercept X Advanced with XDR endpoint and server agents, XG Firewall, Central Email and other Sophos XDR enabled products, allowing access to data even when the corresponding device is offline. For example, it can be used to investigate unusual activity on a device that is offline, has been destroyed or taken without authorization.
INFORMATION PROCESSED BY THE SOPHOS DATA LAKE
Sophos processes data that includes the following types of information in the Sophos Data Lake:
- IP Addresses
- MAC Addresses
- Processes (where command lines are captured which could contain usernames, passwords, API keys and credentials)
- Browser Addons
- File Hashes
- File Paths
- System Events and Log
- Email addresses
- Email subject data
Customers have the flexibility to define endpoint and server devices which should be excluded from sending data to the Sophos Data Lake.
PURPOSE OF INFORMATION PROCESSED BY THE SOPHOS DATA LAKE
For Intercept X Advanced with XDR Endpoint and Server customers, data stored in the Sophos Data Lake may be analyzed and processed for the benefit of the customer, resulting in threat detection and response, and future innovation.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos Service Agreement.
Data processed by the Sophos Data Lake is hosted in AWS data centers in the region(s) selected by the customer at the time of Sophos Central account creation. Visit our Sub-processor listing to find out more about sub-processors engaged by Sophos.
Sophos applies its retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected.
Data in the Sophos Data Lake will be stored for 30 days for Intercept X Endpoint and Server XDR customers.
XDR customers who have also purchased Central Firewall Reporting will be able to access up to 1 year of data in the Sophos Data Lake within Firewall Reporting. XDR customers are limited to the last 30 days of data analysis. Only customers with access to Data in the Sophos Data Lake may perform queries and investigations independently. All customer data will age out of the system upon termination of the service. After this period, the data will be permanently deleted and unrecoverable.
Sophos secures customer information by authenticating access via username and password based on managed Active Directory group membership coupled with multi-factor authentication.
The Sophos Data Lake has achieved SOC2 Type II certification and PCI DSS v3.2 attestation to demonstrate its strong security practices, policies and internal controls environment.
For information about the security protections used in the data centers where customer data resides, visit the AWS Security Documentation Center.
OUR COMMITMENT TO PRIVACY
Sophos is committed to complying with data protection rules and protection of personal data processed by the Sophos Data Lake. Sophos will access data to enhance features and services that bring benefits to the customer, and for R&D innovation of future capabilities.
Customers with access to the Sophos Data Lake can query that data using the Live Discover functionality in Sophos Central or via APIs.
Sophos Engineering monitors Data Lake access and telemetry for planning future roadmap strategy and requirements, product development and enhancement, troubleshooting, and generating statistics and reports.
SophosLabs or Sophos AI teams may access data for threat research purposes and to improve our ability to detect new threats. An exception is file submission of suspicious files that may contain personal information. If these files are convicted as malicious, then they are treated as malware and will be blocked globally going forward. If these files are not convicted and are cleaned, they are permanently deleted within 30 days.
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Sophos Data Lake Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.