Good Evening Check Mates!
I have been working with Tailored Safe at a few clients now for a couple of days. The concept is awesome and I'm enjoying digging in. I do have a question though. At three out of three customers I come back with IPS Protection recommendation (without hits). In other-words there are recommendations to turn on preventions with out casing risk to the org. That is great. However, moving from detect to prevent (with hits) and application discovery there are no recommendations. Is this iterative? In other words I first have to turn on the protections without hits? Then the next time I run it I will see detect to prevent "with hits?" And the next time I will see applications? Or am I missing something? I appreciate any feedback. I have reviewed sk164812 and I understand this is not a one time process, but just trying to understand what I'm seeing. I would have thought there would be some detects with hits and applications discovered on the original go-round.
Please let me know if I'm off base.