Considerations
Although your scan configuration plays an important role in your Vulnerability Management scan time and performance, other variables can affect the scan time and performance. The following table describes each variable that you should consider when trying to improve your scan time and performance:
Variable | Impact on Scan Time | Impact Description |
---|---|---|
Scan configuration | High |
Your scan configuration specifies the depth of your scan. In general, increasing the depth of your scan increases the total scan time. Consider the following when planning your scan depth:
You can use Tenable-provided templates to perform both targeted and all-encompassing checks. You can create custom policies to customize all possible policy settings. |
Scanner resources available | High |
The number of IP addresses you can assess simultaneously via a network scan largely depends on two things:
Increasing one or both of these factors is the fastest way to improve your rate of simultaneous assessment and overall scan time. However, large enterprise networks often have infrastructure or technology limitations that prohibit increasing these resources beyond a certain maximum. Your Nessus scanners should meet the hardware requirements whenever possible, but exceeding the minimum requirements lets your scanners assess more targets faster. Note: You cannot modify some cloud scanner settings. |
Type of assessment | Medium |
You have various options available for assessing assets in your environment. While the correct scan configuration can vary depending on your environment, you should build the most efficient scan configuration for your organization's assets or environment. For example:
|
Number of live hosts | Medium |
Scanning a dead host takes less time than scanning a live host. A distribution of IP addresses with a low number of associated hosts takes less time to scan than a distribution of IP addresses with a higher number of hosts. You can choose to scan an entire range of IPs, or target specific ones, depending on the use case for that particular scan job. For more information, see General. |
Target configurations | Medium | Scanning a locked-down system with few exposed network services takes less time than complicated target configurations. For example, a Windows server with a web server, database, and host intrusion prevention software takes more time to scan than a Windows 11 workstation. |
Scanner proximity to targets | Medium |
Tenable recommends placing your scanners close to your targets, connected with minimum latency (for more information, see the following Tenable blog article). Latency has an additive effect on every packet exchanged between a scanner and its target. The largest impacts tend to be network latency and simultaneous plugin checks. For example:
|
Time of day and week | Low | In many environments, there are periods of time where infrastructure load is higher. Scheduling assessments outside of these windows can improve scan performance. |
Target resources |
Low | The resources available to the scan target can impact scan time as well. A public-facing system (a system with load) takes longer to scan than an idle backup system. |