IDP not registering anything - is that good or bad?

SecCon
SecCon Posts: 51  Ally Member
So my USG40W has been running in "production" for a couple of weeks and the one and only "protection" thing I am paying for, besides the FW, is IDP.

I have enables IDP Statistics from start, even several days before Zyxel_Stanley mentioned it in another thread, I quote his post:

@SecCon

The IDP service will scan all the passed packets and compare with the system database to prevent the threats passing through the network. 

This mechanism brings some overhead to the system more or less. It is normal behavior.

You can enable IDP statistics function.

It will list all of history that IDP detected and blocked history in this page.



It has scanned almost half a million of sessions in that time (482.227) and registered nothing.

As comparison (I really don't know how relevant) my Log has registered 284 Security Policy Control events from only the last TWO HOURS (ACCESS BLOCK) .

Am I so fortunate that IDP is out of a job? How can that be?


Answers

  • CHS
    CHS Posts: 113  Ally Member
    edited May 26
    SecCon 
    In my office, there are 40~50 staff working in this building.
    Here is IDP history view on my device.
    It looks there is no intrusion or related vulnerability in your network till now. You may monitor it for longer time.

  • SecCon
    SecCon Posts: 51  Ally Member
    CHS said:
    SecCon 
    In my office, there are 40~50 staff working in this building.
    Here is IDP history view on my device.
    It looks there is no intrusion or related vulnerability in your network till now. You may monitor it for longer time.
    You seem to have 4,7 million sessions there and 10 times the amount of users. I guess you are right, long term is the idea...  what is the time span? 1700 severe events? Is that due to user interaction or something else?

Security Highlight