Scan Distribution
Overview
The scan distribution feature improves the efficiency of scanning both for your organization’s scanners as well as the cloud scanners provided by Tenable Vulnerability Management for the platform as a whole. In the case of the scanners that belong to your organization, Tenable Vulnerability Management distributes scans as tasks across multiple scanners in the scanner group assigned to the scan, rather than assigning complete scan jobs to individual scanners. Similarly, Tenable Vulnerability Management distributes scans utilizing Tenable-provided cloud scanners as jobs across groups of scanners. Tenable Vulnerability Management breaks down those jobs into tasks and funnels them down to scanners within the groups.
In both cases, this effectively allows multiple scans to run simultaneously, eliminating bottlenecks that might otherwise occur if scans were staggered one after another on individual scanners. As the requirements of your organization grow, scan performance is less likely to degrade. Even when scans are assigned to a specific scanner, those scans are broken down into tasks that can be run simultaneously, allowing the scanner to complete the scan job more efficiently.
As scanners complete the tasks, Tenable Vulnerability Management immediately reflects the results. The results that were already obtained are not lost if the scan is canceled. If a scanner crashes during the scan, or a problem is encountered with a target, the other tasks run as normal.
Each scan task accounts for the scanning of 120 IP addresses; the last scan task of a scan job may account for less than 120 IP addresses (for example, Tenable Vulnerability Management splits a scan job of 300 IP address into two 120 IP address tasks and a 60 IP address task).
How the Scan Distribution Feature Works
When scan jobs are created, the jobs are placed either directly in the job queue of a scanner (if that scanner was specified in the scan), or into the job queue of a scanner group.
Interacting with Scans
Because of the way the scan distribution feature breaks down scans into tasks that can be completed asynchronously, there is some nuance to the way you can interact with scans.
Scanner Groups
You can create scanner groups in order to take advantage of the scan distribution feature with your organization’s scanners. Scanner groups maximize the efficiency of your scans by spreading out tasks across the individual scanners you assign to the group, rather than dedicating a single scanner to complete a whole job.
Scan Results
You can view scan results live, as scanners complete tasks. Each time a task completes, Tenable Vulnerability Management updates scan results with new data. If a scan fails or is interrupted, Tenable Vulnerability Management retains the already completed results, though the scan reflects that the process was not completed.
If a job is assigned to multiple scanners and one of those scanners happens to fail, the tasks dispatched to the other scanners are still completed.