Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

make Sophos Endpoint updates by WebCID possible over HTTPS

Please make it possible to use HTTPS for WebCID updates of the product Sophos Endpoint Protection. Now only HTTP is possible, this is undesirable because authentication details (credentials) are being sent over the internet in plain text.

48 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    William de VosWilliam de Vos shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Brian WeirichBrian Weirich commented  ·   ·  Flag as inappropriate

        How is lacking this feature even remotely acceptable to Sophos staff? In the event of having a traveling employee (and these types often need access to sensitive data) we have to create another security hole, whose credentials are easily captured, ensure that account is sufficiently restricted, manage password changes of that account, and monitor the network for intrusions from that account all because Sophos--a security company--hasn't caught up with what should be BASIC to even remotely sensitive data going over the web. Besides being an inconvenience to organizations that take their security seriously, it is just plain foolish. Please implement this.

      • Paul MattiasPaul Mattias commented  ·   ·  Flag as inappropriate

        Please allow HTTPS updates for access from computers outside the Enterprise. In order to be compliant with our Sophos agreement regarding one home use installation client we needed to install a SUM in our DMZ. We use the client's AD account to determine if they can access the SUM. That way if a client's account it terminated, they can no longer receive updates. However, we are concerned with the transmission of the client plain text credentials over HTTP as anyone monitoring the line can capture that information. Please allow this feature soon!

        Thank you

      Feedback and Knowledge Base