Encrypted traffic increases - Enable HTTPS scanning
Security Life

Encrypted traffic increases - Enable HTTPS scanning

Patrizio - February 26, 2018

In this article I would like to report about the current status of "HTTP & HTTPS". We have already shown in a previous article: "HTTPS-Scanning - Why it should be enabled on Sophos " that HTTPS is being used more and more frequently in web pages. If you used to need an expensive certificate in the past, you can now get it for free thanks to "Let's Encrypt" and a few latecomers.

HTTP is becoming a thing of the past

As described in our former blog post, HTTPS has spread very quickly over the past few years. Google and Let's Encrypt are highlighted in the article, but now Apple forces iOS developers to submit server requests via HTTPS connections. In this way, connections that we as the user usually do not see are mostly encrypted.

The actual motivation to refresh this topic came from a recent blog post from the Google Security Blog. In this article, Google writes that in February 2018, 81 of the top 100 pages on the web, by default, use HTTPS.

Google helps to eliminate HTTP

As early as the beginning of 2017, Google announced that it would mark HTTP pages as unsafe. With Chrome version 68, which is due to be released in July 2018, Google is now following up its words with deeds. Every user who then uses the latest version of Chrome on the Internet will be warned about insecure HTTP pages in the future. It will look like this:

Image source: security.googleblog.com

It goes without saying that no website operator should allow his website to be classified as "unsafe" by the world's most widely used browser (desktop and mobile). With this small adjustment, Google has probably further accelerated the decline of insecure HTTP connections.

Enable HTTPS scanning

Of course, such a change also affects the security of your network. The entire web traffic on our firewall, but also on those of our customers, is already over 50% encrypted. So it is becoming more and more important to scan HTTPS, because otherwise the traffic will get into the network unchecked.

If you have a valid license for Web Protection, we strongly recommend that you enable HTTPS scanning. If you need any help, please contact us.

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.