This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto comply with policies

Hi,

I been using the Sophos Data Protection Suite for approximately 5 years, and presently on console 5.2.1 and endpoint 10.3

I've requested as a development enhancement through tech support several times which seems to go into a black hole.

Basically we apply tamper protection to prevent staff from disabling/altering any of the products settings.  However IT staff do need to turn off the firewall, etc to do various tests.  The problem is that they forget to turn the protection back on, and comply with the policies.

What I want on the endpoint is a pop up box when removing tamper protection, and subsequently disabling features (in otherwords, not compling with the policies).  The pop up should ask the user how long before it re-complies with policies, such as a dropdown offering 1 hour, 4 hours, upon next reboot).  A bit look the snooze option for windows updates.

This has been around in other vendor products for years, and I'm gobsacked Sophos are missing this trick!  It also leaves open a big security risk.

Does anyone know if this is on the roadmap? Or can you point me to a Sophos employee who can escalate my request, rather than putting it in the bin.  First line support seem to read off a script and not action my requests.

I look forward to anyone's response.

Thanks,

Jon

:51528


This thread was automatically locked due to age.
Parents
  • Hello Jon,

    as Jak has said, there's a poor man's implementation of this feature in the Cloud product - dunno the details though (e.g. whether it reverts to the cached policy or re-requests it - in either case it's not bullet-proof).

    I can imagine reasons why Sophos could be reluctant to implement it. Complexity is one - in addition to the pop-up you'd probably want a reminder when the time is up (so that the auto-comply doesn't kick in at an inappropriate moment), but would you want to wait "forever" if the reminder is not acknowledged? Should until reboot really be an option, or only for those who want it - then it should be configurable from SEC, into which policy should it go? Another one is the big security risk. Returning the equipment to its correct state after maintenance/troubleshooting is an integral part of the work, not some afterthought one might or might not have. If you argue that it's convenient and saves time - shouldn't the state and working of the device be checked for correctness as final step before it's returned? Isn't a SOP which does not include this step much more of a security risk than the absence of this kind of failsafe function?

    Once there was a feature request template and the requests eventually became SUGgestions their status is (like with DEFects) not externally available (at least to us Gold :smileytongue: - i.e. Basic - Support customers). UTM/Astaro has a feature board with status tags and a voting/commenting system. The Cloud Preview had a similar board. Something like this has been requested (and more or less promised) for SophosTalk but is still not available for whatever reason.

    Christian

    :51574
Reply
  • Hello Jon,

    as Jak has said, there's a poor man's implementation of this feature in the Cloud product - dunno the details though (e.g. whether it reverts to the cached policy or re-requests it - in either case it's not bullet-proof).

    I can imagine reasons why Sophos could be reluctant to implement it. Complexity is one - in addition to the pop-up you'd probably want a reminder when the time is up (so that the auto-comply doesn't kick in at an inappropriate moment), but would you want to wait "forever" if the reminder is not acknowledged? Should until reboot really be an option, or only for those who want it - then it should be configurable from SEC, into which policy should it go? Another one is the big security risk. Returning the equipment to its correct state after maintenance/troubleshooting is an integral part of the work, not some afterthought one might or might not have. If you argue that it's convenient and saves time - shouldn't the state and working of the device be checked for correctness as final step before it's returned? Isn't a SOP which does not include this step much more of a security risk than the absence of this kind of failsafe function?

    Once there was a feature request template and the requests eventually became SUGgestions their status is (like with DEFects) not externally available (at least to us Gold :smileytongue: - i.e. Basic - Support customers). UTM/Astaro has a feature board with status tags and a voting/commenting system. The Cloud Preview had a similar board. Something like this has been requested (and more or less promised) for SophosTalk but is still not available for whatever reason.

    Christian

    :51574
Children
No Data