Optimizing Cycle Duration, Scan Windows, And Subtasks - IBM Proventia Network Enterprise Scanner User Manual

Chapter 9: Understanding Scanning Processes in SiteProtector

Optimizing Cycle Duration, Scan Windows, and Subtasks

Introduction
Calibration
considerations
Discovery cycle
duration
Assessment cycle
duration
Size of scan
windows
132
Background scanning jobs persist throughout a scan cycle, but are active only during open
scan windows. The efficiency of background scanning relies on carefully calibrating the
following:
quantity of IP addresses and assets to scan
●
the duration of the scan cycle
●
the sizes of discovery and assessment subtasks and the size of the smallest scan
●
window
If a subtask does not finish during a scanning window, one of the following occurs:
If another scan window is available during the same scan cycle, the subtask starts
●
from the beginning and runs again in its entirety at the beginning of the next open
scan window. The repeated subtask scans every asset in the subtask, including any
that the previous subtask already scanned.
Subtasks that carry over to another scan window during the same scan
Important:
cycle always start from the beginning, repeating any scanning that occurred in that
subtask before the scan window closed.
If no more scan windows are available during the scan cycle, the unscanned assets in
●
the subtask, as well as any unscanned assets in the rest of the job, remain unscanned.
New scan cycles always start from the beginning of the command job
Important:
even if any tasks or subtasks from the previous scan cycle did not finish.
Determining the optimal duration for your discovery refresh cycle depends on how
frequently you add or change the assets on your network.
If your network changes frequently, you should scan more frequently.
●
If your network is fairly stable, you could scan less frequently.
●
Determining the optimal duration for your assessment refresh cycle depends on how
important it is for you to scan every asset during every scan cycle. Consider the following:
If you define a refresh cycle
for a group that contains...
critical assets only
assets with different levels of
criticality
Table 48: Refresh cycle sizing considerations
You define scan windows for each day in multiples of hours. The shortest possible scan
window is one hour; the longest is 24 hours. If a refresh cycle is too short, it does not scan
all of the assets during the cycle. If a scan window is too short to finish subtasks, it may
rerun subtasks that were nearly complete. To achieve the optimal balance, do the
following:
Then...
it is probably important to your network security that you scan
each asset during the cycle.
you may be less concerned if the scan cycle does not scan all the
assets with lower criticality.
IBM Internet Security Systems