Performance

Use the following sections to begin optimizing your performance. Tenable strongly recommends using Professional Services Health Checks to optimize Tenable Security Center for your specific environment and organizational processes.

Before beginning performance optimization, confirm that your Tenable Security Center and scanner deployments meet the environment requirements described in the General Requirements Guide.

Tenable Security Center

  • Very large deployments should designate instances as scanning tier or reporting tier instances. For more information, see Tiered Deployments.
  • If you have complex reporting requirements, consider offloading certain functions to applications designed to handle very large amounts of data with frequent access requests (for example, a SIEM).
  • For standalone instances and reporting tier instances, allocate 128 GB of RAM for every 100,000 active IP addresses (for example, for 150,000 IP addresses, allocate 192 GB of RAM).
  • If you do not use specific static disk locations (for example, trend data), you can use mount points to offload them to larger, slower storage.
  • Unless specially recommended or assisted by Tenable Support or Professional Services, comply with these resource recommendations for all of your Tenable Security Center instances:
    • 500 or fewer Tenable Security Center user accounts
    • 50 or fewer concurrent Tenable Security Center user account sessions
    • 50 or fewer organizations
    • 250 or fewer attached scanners

    • 200 or fewer repositories

      Note: Generally, several smaller repositories perform better than one large repository (for example, five repositories with 5000 IP addresses each generally perform better than a single repository with 25,000 IP addresses).

  • In Tenable Security Center 5.11 or later, disable creation of sample content (for example, sample dashboards and assets) if they are not needed.

Scanners

  • Confirm your Tenable Nessus scanner network placement is optimal for the scanner's environment, considering the information in Assessment Scanning Methods.
  • Enable Tenable Nessus scanner event logging and monitor the logs for signs of performance issues related to overloaded scans.
  • In high performance environments (for example, environments where scans must finish by specific deadlines), dedicate hardware resources to Tenable Nessus either through physical systems or with dedicated resource pools in virtual environments.
  • Review and consider the implications described in Variables Impacting Scan Time.