Variables Impacting Scan Time
There are many variables in your configurations and environment that can impact your scan performance. The following list summarizes the most common variables to consider when planning your deployment.
Tip: Tenable recommends contacting Professional Services to jointly architect a successful large deployment of Tenable.sc.
Your rate of simultaneous assessment
The number of IP addresses you can assess simultaneously depends on two things:
Increasing one or both of these is the fastest way to improve your rate of simultaneous assessment and overall scan time. However, large enterprise networks often have infrastructure or technology limitations that prohibit increasing these values beyond a certain maximum.
Since Tenable.sc sends jobs to Tenable Nessus scanners in chunks and there are eight IP scan segments, you may want to consider setting Max Simultaneous Hosts Per Scan to a multiple of eight.
Note: Real-world performance is highly dependent on your local environment.
|Your Tenable Nessus environment specifications||
Tenable Nessus scanners should meet the hardware requirements whenever possible.
In rare cases, you may need to install a Tenable Nessus scanner on in an underpowered environment. In this case, limit the scan targets the underpowered Tenable Nessus scanner is responsible for.
Similarly, when deploying Tenable Nessus on a virtual machine, assume a 20% decrease in performance and adjust your specifications. Do not deploy Tenable Nessus on an over-utilized or over-subscribed virtual infrastructure, as scan performance will suffer and you may experience data corruption.
|Your Tenable Nessus scan settings||The scan engine has many parameters that are used to modify the scan engine runtime operation. These parameters range from the number of simultaneous hosts scanned to the number of concurrent open TCP sessions. These parameters are meant to allow customers to individually tune the engine parameters to best fit their network by tuning the performance up or down.|
|Your Tenable.sc scan policy configuration||
Your scan policy configuration specifies the depth of your scan. In general, increasing the depth of your scan increases the time to run the scan. Consider the following when evaluating your scan depth:
You can use Tenable-provided templates to perform targeted checks. You can create custom policies to customize all possible policy settings.
|Your scanner's proximity to your targets||
Tenable recommends placing your scanners close to your targets, connected with minimum latency. Latency has an additive effect on every packet exchanged between a scanner and its target. The largest impacts tend to be network latency and simultaneous plugin checks.
|Your number of live hosts||Scanning a dead host takes less time than scanning a live host. A distribution of IP addresses with a low number of associated hosts takes less time to scan than a distribution of IP addresses with a higher number of hosts.|
|Your target configurations||Scanning a locked-down system with few exposed network services takes less time than complicated target configurations. For example, a Windows server with a web server, database, and host intrusion prevention software takes more time to scan.|
|Your target resources||
The resources available to the scan target can impact scan time as well. A public-facing system (a system with load) takes longer to scan than an idle backup system.