Hi, I am completing a security questionnaire for a potential client.
One of the questions asks to provide evidence of the sharing of cyber threat information and how it is integrated into tools that our organization uses.
Example technologies or guidance for this question include STIX, Alienvault, and Cyber Threat Alliance, the last of which Sophos is a member.
I have searched the website and documentation but cannot come up with any concrete information that details how Sophos sources or updates the intel that they use to update their lists of known bad IPs, exe files etc.
Can someone please point me in the direction of some documentation that would support this? Or is that private information? Thanks
The request is a bit vague about what it's looking for, but here are a few resources that might help:
Hi There,Thank you for reaching us, Allow us to have this check and we'll get back to you.
We also consume threat intel from a wide variety of sources, including other alliances, commercial data feeds, our own crawlers and threat research, etc.
Hope this helps!