Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Christopher_To
Contributor

Tailored Safe Profiles

Hi,

I ran the Tailored Safe extension and wanted to verify if this is normal behavior.

The IPS profile that is currently being used is the "Optimized" profile.  The profile that Tailored Safe created has some discrepancies when comparing with the Optimized profile.   Protections that were being prevented are now disabled.  

Is this what is normal behavior or is Tailored Safe supposed to build upon whatever IPS profile was being used prior to running the extension?

Thanks,

Chris

0 Kudos
Reply
2 Replies
G_W_Albrecht
Champion
Champion

This needs a weekly run of Tailored Safe. After running the analysis, you will have the following choices:

  1. Blade Status and configuration: you will be advised to enable blades and change configuration for best practice. 
  2. Protections with no hits: you will be advised to move them to prevent, and can choose to do so. This action will enable you to maximize prevention with no business impact.
  3. Protections with hits: you will receive a list of protections with hits, and will have the option to decide which (if any) protections you would like to change to Prevent mode.
  4. Applications Discovery: you will see a list of applications that are in use in your network. You may select the applications of your choice. Based on these, all IPS protections protecting against the chosen assets will be enforced on detect.

A new profile will now be generated, and you will receive a full report showing a summary of the process. (sk164812)

0 Kudos
Reply
Christopher_To
Contributor

Hi G_W_Albrecht,

Yes, I understand that a new profile is created.  I am wondering if it is normal behavior for the new profile to have IPS protections disabled when they weren't disabled in the "Optimized" profile that is currently being used.  Please see attached screenshots on my original post.

0 Kudos
Reply