Privacy Data Sheet. This Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco Threat Grid.

Transcription

1 Cisco Privacy Data Sheet This Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco Threat Grid. Overview of Cisco Capabilities Cisco offers a cloud based malware and threat intelligence sandbox solution to which customers can submit malware samples for analysis. delivers context-driven analytics to accurately identify attacks in near real time. It analyzes millions of files and correlates them against hundreds of millions of other analyzed malware artifacts. gain a global and historical view of malware attacks, campaigns, and their distribution to: Use threat score and behavioral indicators to rapidly identify, prioritize and recover from advanced malware. Provide Incident responders, Security and Network Operations Center and IT Security personnel with a threat analysis and intelligence solution that is designed to reduce time to detection and mitigation. Automate malware protection features for faster detection and response. Easily integrate premium feeds into existing security technologies such as SIEM, intrusion detection systems, gateways, and proxies to detect and block malware faster. Please see for a detailed description of. The following paragraphs describe which personal data Cisco processes to deliver its services, the location of that data and how it is secured in accordance with privacy principles, laws and regulations. 1. Personal Data Processing The tables below list the personal data used by Cisco to carry out the services and describe why Cisco processes that data. Table 1. Personal Data Processing Personal Data processed by Cisco Purpose of Processing Creating an account - Data collected is for product enablement, product use notifications, training and support only - Data collected is for product usage - Cisco Talos global threat intelligence research

2 Customer Network Host Data for product product Any data contained in files - Data collected is for product usage only Organization Administrator assigned at initial account provisioning. Customer managed user access and provisioning after that. - Data collected is for product usage only - Data collected is for product usage - Cisco Talos global threat intelligence research 2. Cross-Border Transfers: When a new customer purchases a subscription to, that customer s account information is always created, processed and stored in North America regardless of the subsequent provisioning of the customer s accounts into its chosen regional cloud (North America or the EU). For example, upon receipt of a sales order from a new EU customer, such customer s account details are created in the administrative systems in North America, even though the customer later chooses to provision to the EU Cloud. Where Table 1 above specifies that customer submitted files are processed for the purposes of Cisco s Talos global intelligence research, if personal data is included in such files, there is also a cross border transfer of such personal data to the Talos global threat intelligence data centers in the U.S. Cisco leverages Cisco and third-party colocation centers to provide services globally. North American data is backed up to a Cisco approved, co-location facility and EU data is backed up within the EU data center. Table 2. Cisco and Talos Data Center Locations Cisco and Talos Data Center Locations Interxion Deliveries Germany - Approved co-location facility. The infrastructure for Cisco runs on Cisco managed hardware in a single region (Europe) and spans multiple availability zones (AZs) EU member states. Vazata Carrollton, Texas Data Center - North American co-location hosting facility in North America Texas, USA Cisco Systems Mountain View Data Center - North American co-location hosting facility in North America California, USA Equinix California, Texas, Virginia Data Centers - Cisco Talos global threat intelligence cloud co-location facilities located in California, Texas and Virginia, USA

3 3. Access control Table 3. Access Control Personal Data processed by Cisco Who has access Provisioning & Licensing Operations, Threat Grid Operations Purpose of the access Administration of organization accounts. Creating an account and validating license entitlements and general product support and operations. Malware analysis and Threat Intelligence product function. Cisco Operations, Cisco Talos global threat intelligence research team Cisco global threat intelligence research. Customer Network Host Data for product product Any data contained in files Operations Operations Operations, Cisco Talos global threat intelligence research team Malware analysis and Threat Intelligence product function. When managing users within their organization. Malware analysis and Threat Intelligence product function. Cisco global threat intelligence research.

4 4. Data Retention/Deletion Customer Account Information Customer account detail information (e.g. name, address, contact, etc.) is currently retained indefinitely. Since this customer account information is processed in North America prior to provisioning into the respective regional clouds for the service, such customer account information is also subject to daily backup to the colocation facilities within North America. When a customer terminates its subscription of Cisco, it can specifically request that its customer account information data be purged from Cisco s data stores and backups by opening a Cisco TAC case. Samples and File Analysis Data Within the Regional Clouds: Customer submitted samples and file analysis data are retained for a period of up to twenty-four (24) months, after which they are deleted from the appropriate regional cloud data center. have the ability to self-delete samples and associated analysis via the Cisco portal or by opening a Cisco TAC case. Within the Talos Global Threat Intelligence Cloud: Samples/files that are undetermined (i.e. not known as malicious or safe) are sent to Cisco s Talos global threat intelligence team for further analysis. If a sample/file is determined to be malware, that sample/file will be retained indefinitely in the Talos data center for continued threat intelligence research. may request that such samples/files be deleted by opening a Cisco TAC case. However, customers should note that deleting such malware samples may degrade the security intelligence received from and Talos. All other samples/files that are not identified as malware will be deleted within ninety (90) days of receipt. 5. Personal Data Security Table 4. Encryption Personal Data processed by Cisco Type of Encryption Customer Network Host Data for product product Any data contained in Files Encrypted in transit, but not at rest Encrypted in transit and at rest for the regional cloud. Encrypted in transit for the Talos global threat intelligence cloud. Encrypted in transit and at rest Encrypted in transit, but not at rest Encrypted in transit and at rest for the regional cloud. Encrypted in transit for the Talos global threat intelligence cloud.

5 6. Third Party Service Providers Cisco partners with service providers who contract to provide the same level of data protection and information security that customers can expect from Cisco. Table 5. Third Party Service Providers List of Third Parties Personal Data Purpose of Third Party Access Location Security Assurance Customer submitted Files CA facility has SOC 2 Type II, ISO and SSAE16 SOC 1 Type 1 Equinix Any data contained in Files Equinix is a Cisco approved 3 rd -party colocation facility used by Talos for its global threat intelligence research. United States: California, Texas, Virginia TX facility has NIST /FISMA, ISO 27001, SOC 1 Type II, SOC 2 Type II, PCI DSS and HIPPA VA facility has NIST /FISMA, ISO 27001, SOC 1 Type II, SOC 2 Type II, PCI DSS and HIPPA. Vazata Interxion Customer submitted Files Customer Network Host Data for product product Any data contained about files Customer Network Host Data for product product Any data contained about files Cisco leverages its own cloud technology to provide malware analysis and threat intelligence capabilities for customers. Vazata is a Cisco approved 3 rd -party colocation facility used to provide services to North American customers. Cisco leverages its own cloud technology to provide malware analysis and threat intelligence capabilities for customers. Interxion is a Cisco approved 3 rd -party colocation facility used to provide services to EU customers. United States: Texas SSAE 18 SOC I Type 2 Germany ISO 27001, ISO 22301