This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christopher_To
Collaborator
‎2020-09-29 12:48 PM

Tailored Safe Profiles

Hi,

I ran the Tailored Safe extension and wanted to verify if this is normal behavior.

The IPS profile that is currently being used is the "Optimized" profile.  The profile that Tailored Safe created has some discrepancies when comparing with the Optimized profile.   Protections that were being prevented are now disabled.  

Is this what is normal behavior or is Tailored Safe supposed to build upon whatever IPS profile was being used prior to running the extension?

Thanks,

Chris

Preview file
20 KB
Preview file
17 KB
0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-09-30 01:30 AM

This needs a weekly run of Tailored Safe. After running the analysis, you will have the following choices:

  1. Blade Status and configuration: you will be advised to enable blades and change configuration for best practice. 
  2. Protections with no hits: you will be advised to move them to prevent, and can choose to do so. This action will enable you to maximize prevention with no business impact.
  3. Protections with hits: you will receive a list of protections with hits, and will have the option to decide which (if any) protections you would like to change to Prevent mode.
  4. Applications Discovery: you will see a list of applications that are in use in your network. You may select the applications of your choice. Based on these, all IPS protections protecting against the chosen assets will be enforced on detect.

A new profile will now be generated, and you will receive a full report showing a summary of the process. (sk164812)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Christopher_To
Collaborator
‎2020-09-30 12:27 PM
In response to G_W_Albrecht

Hi G_W_Albrecht,

Yes, I understand that a new profile is created.  I am wondering if it is normal behavior for the new profile to have IPS protections disabled when they weren't disabled in the "Optimized" profile that is currently being used.  Please see attached screenshots on my original post.

0 Kudos
Jesse
Contributor
‎2021-03-23 12:59 PM

Did you get this figured out? I'm seeing the same thing, protections being disabled that were previously enabled and in Prevent mode, when creating new TS profiles.

0 Kudos
Christopher_To
Collaborator
‎2021-03-25 06:30 AM
In response to Jesse

Hi Jesse,

No, unfortunately I have not figured this out.  I have not really used Tailored Safe since that time, and from what I gathered from CP it is still a very new feature that still needs kinks to be worked out.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events