SSL/TLS inspection in Endpoint--Threat Detection settings vs. deployment of the CA manually into the certificate store?

Question

I am testing the Sophos Intercept X Endpoint Beta and noticed the settings In Threat Protection for SSL/TLS inspection. 
 If I already have HTTPS scanning enabled in the firewall rule and the CA is deployed on the endpoint into the trusted certificate store, what does this option do? Does it automatically install the CA into the trusted certificate store? Is the certificate even needed to be installed now?

Maxim-Sophos · Answer

They're different mechanisms. The endpoint version decrypts and inspects locally. It uses a certificate included in the endpoint agent. For remote users, this is great, as it provides protection without having to backhaul their traffic through the firewall. In an office setting, the firewall provides a bit more visibility (deeper reporting, etc.) but as you know, requires deploying the certificate.

SSL/TLS inspection in Endpoint--Threat Detection settings vs. deployment of the CA manually into the certificate store?

Top Replies