Variables Impacting Scan Time

There are many variables in your configurations and environment that can impact your scan performance. The following list summarizes the most common variables to consider when planning your deployment.

Tip: Tenable recommends contacting Professional Services to jointly architect a successful large deployment of

Variable Impact

Your rate of simultaneous assessment

The number of IP addresses you can assess simultaneously depends on two things:

  • The number of available Tenable Nessus scanners
  • Your Max Simultaneous Hosts Per Scan setting in the scan policy

Increasing one or both of these is the fastest way to improve your rate of simultaneous assessment and overall scan time. However, large enterprise networks often have infrastructure or technology limitations that prohibit increasing these values beyond a certain maximum.

Since sends jobs to Tenable Nessus scanners in chunks and there are eight IP scan segments, you may want to consider setting Max Simultaneous Hosts Per Scan to a multiple of eight.

Note: Real-world performance is highly dependent on your local environment.

Your Tenable Nessus environment specifications

Tenable Nessus scanners should meet the hardware requirements whenever possible.

In rare cases, you may need to install a Tenable Nessus scanner on in an underpowered environment. In this case, limit the scan targets the underpowered Tenable Nessus scanner is responsible for.

Similarly, when deploying Tenable Nessus on a virtual machine, assume a 20% decrease in performance and adjust your specifications. Do not deploy Tenable Nessus on an over-utilized or over-subscribed virtual infrastructure, as scan performance will suffer and you may experience data corruption.

Your Tenable Nessus scan settings The scan engine has many parameters that are used to modify the scan engine runtime operation. These parameters range from the number of simultaneous hosts scanned to the number of concurrent open TCP sessions. These parameters are meant to allow customers to individually tune the engine parameters to best fit their network by tuning the performance up or down.
Your scan policy configuration

Your scan policy configuration specifies the depth of your scan. In general, increasing the depth of your scan increases the time to run the scan. Consider the following when evaluating your scan depth:

  • What type of port scanning is being performed?
  • What ports are being scanned?
  • What vulnerabilities are you scanning for?
  • Are you running credentialed scans?
  • Are you performing malware checks, filesystem checks, or configuration audits?

You can use Tenable-provided templates to perform targeted checks. You can create custom policies to customize all possible policy settings.

Your scanner's proximity to your targets

Tenable recommends placing your scanners close to your targets, connected with minimum latency. Latency has an additive effect on every packet exchanged between a scanner and its target. The largest impacts tend to be network latency and simultaneous plugin checks.

For example:

  • Scanning through routers, VPNs, load balancers, and firewalls can impact the fidelity of your scan results by blocking ports that should be open or by auto-responding to closed ports.
  • Scanning numerous hosts behind a single piece of network infrastructure can increase the load on your equipment, given the large number of sessions exchanged between scanner and host.
Your number of live hosts Scanning a dead host takes less time than scanning a live host. A distribution of IP addresses with a low number of associated hosts takes less time to scan than a distribution of IP addresses with a higher number of hosts.
Your target configurations Scanning a locked-down system with few exposed network services takes less time than complicated target configurations. For example, a Windows server with a web server, database, and host intrusion prevention software takes more time to scan.
Your target resources

The resources available to the scan target can impact scan time as well. A public-facing system (a system with load) takes longer to scan than an idle backup system.