Considerations

Although your scan configuration plays an important role in your Vulnerability Management scan time and performance, other variables can affect the scan time and performance. The following table describes each variable that you should consider when trying to improve your scan time and performance:

Variable Impact on Scan Time Impact Description
Scan configuration High

Your scan configuration specifies the depth of your scan. In general, increasing the depth of your scan increases the total scan time. Consider the following when planning your scan depth:

  • What type of port scanning is Tenable Vulnerability Management performing?

  • What ports are Tenable Vulnerability Management scanning?

  • What vulnerabilities are you scanning for?

  • Are you running credentialed scans?

  • Are you performing malware checks, filesystem checks, or configuration audits?

You can use Tenable-provided templates to perform both targeted and all-encompassing checks. You can create custom policies to customize all possible policy settings.

Scanner resources available High

The number of IP addresses you can assess simultaneously via a network scan largely depends on two things:

  • The resources available to your internal Nessus scanners

Increasing one or both of these factors is the fastest way to improve your rate of simultaneous assessment and overall scan time. However, large enterprise networks often have infrastructure or technology limitations that prohibit increasing these resources beyond a certain maximum. Your Nessus scanners should meet the hardware requirements whenever possible, but exceeding the minimum requirements lets your scanners assess more targets faster.

Note: You cannot modify some cloud scanner settings.

Type of assessment Medium

You have various options available for assessing assets in your environment. While the correct scan configuration can vary depending on your environment, you should build the most efficient scan configuration for your organization's assets or environment. For example:

Number of live hosts Medium

Scanning a dead host takes less time than scanning a live host. A distribution of IP addresses with a low number of associated hosts takes less time to scan than a distribution of IP addresses with a higher number of hosts.

You can choose to scan an entire range of IPs, or target specific ones, depending on the use case for that particular scan job. For more information, see General.

Target configurations Medium Scanning a locked-down system with few exposed network services takes less time than complicated target configurations. For example, a Windows server with a web server, database, and host intrusion prevention software takes more time to scan than a Windows 11 workstation.
Scanner proximity to targets Medium

Tenable recommends placing your scanners close to your targets, connected with minimum latency (for more information, see the following Tenable blog article). Latency has an additive effect on every packet exchanged between a scanner and its target. The largest impacts tend to be network latency and simultaneous plugin checks.

For example:

  • Scanning through routers, VPNs, load balancers, and firewalls can impact the fidelity of your scan results by blocking ports that should be open or by auto-responding to closed ports.

  • Scanning numerous hosts behind a single piece of network infrastructure can increase the load on your equipment, given the large number of sessions exchanged between scanner and host.

Time of day and week Low In many environments, there are periods of time where infrastructure load is higher. Scheduling assessments outside of these windows can improve scan performance.

Target resources

Low The resources available to the scan target can impact scan time as well. A public-facing system (a system with load) takes longer to scan than an idle backup system.