Table of Contents
Advertisement
Introducing Background Scanning
Introduction
Importance of
network monitoring
models
Vulnerability
management needs
Previous models
Approach to
background
scanning
Reasons to use
background
scanning
Key concepts
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
What does it mean to say that Enterprise Scanner is based on a model in which
vulnerability detection is treated more like a network monitoring task than it is in earlier
vulnerability management models? By adapting the network monitoring model to
vulnerability management, Enterprise Scanner provides a highly flexible scanning
environment that automatically maintains the viability of your vulnerability information.
Network monitoring systems run continuously, always providing timely information
about the security posture of your network. For the most part, you set the system up, and
it gathers the information you need to ensure your network's security. When network
monitoring is in place, you can spend more time analyzing vulnerability data and less
time managing the system.
While you probably do not want to run scans constantly, you do want to scan your
network for new assets and assess your assets to detect vulnerabilities with a reasonable
frequency—without slowing down your network. You may also have a wide range of
assets, some of which are more valuable to you than others. If you cannot scan every asset
with the same frequency, you want to make sure your most critical assets receive the
needed level of attention.
In previous models of vulnerability management, you would schedule scans to run on a
specific day and to start at an exact time. Scheduled scans have the following
consequences:
The scan would start at the scheduled time and run until it finished, whether that took
●
two hours or two days.
Long running scans could interfere with your congested network times.
●
You could not prioritize scans to scan your most critical assets first.
●
Background scanning recognizes the following:
The most efficient way to scan may include long-running scans.
●
Long-running scans should not have to run during high-traffic periods when they
●
could contribute to network congestion.
Assessment priorities should focus on the most critical assets first.
●
Enterprise Scanner does not require a scan to run non-stop until it finishes. Instead, a
background scan runs during selected hours of the day over multiple days. Enterprise
Scanner manages the scan, and automatically restarts the scan based on refresh cycles that
you define. Refresh cycles may last from one day to several months.
In summary, the key concepts of background scanning are the following:
You use scanning refresh cycles to define automatically recurring scans.
●
You define hours of the day (scanning windows) during which scanning is allowed.
●
You identify critical assets that require priority attention.
●
You define locations of agents and perspectives to scan assets as network locations.
●
Introducing Background Scanning
21
Advertisement
Table of Contents
