There are some best practices that can be followed in order to have a smooth and efficient scanning of the estate. They will help in running the scans efficiently and getting the desired output sooner. Follow this article to find out some of the best practices that can be followed while scanning.
Scope size best practice
- Scope size for the appliance: If a scope contains more than 2-3K servers, it is recommended to review the a scan operation (after the initial scan) and identify if the scan operation should be split into multiple jobs and/or distribute the jobs across multiple appliances. Load balancing of the scan operation helps in faster scanning and reducing the load on a single appliance. The scan times and load can be affected by the type of targets present within the scope. Windows targets are typically more load intensive and slower than the *NIX servers.
- Range Lengths: In a Scan Scope, an IP Range up to 32k is supported. However, if a large section of the 32K scope does not contain any active servers then it would be appropriate to split the scope size into a number of smaller ranges ranges that contain only the active servers.
Scheduling best practice
To discover new endpoints and keep up to date with the existing ones, it is recommended to run scan jobs at regular intervals. The Scan Jobs can be scheduled to run repeatedly at specified intervals. Available scheduling options are minutes, hours, days, and months. Scan frequency should be based on:
The size of the scan scope (and the time taken to scan) e.g. a scan that takes two hours to complete should not be scheduled for a period less than that.
How often change occurs within your infrastructure (endpoints and applications) e.g. slowly changing estates should be scanned less often.
To avoid multiple jobs queuing or waiting to scan, the scan schedules should be modified to ensure a gap between different scheduled jobs. For optimal configuration, you could calculate the length of each scan job, before setting up schedules. That way you can schedule the jobs that don’t overlap.
Example: if a scan job takes 2 hours, schedule the other scan jobs to run at other times that do not overlap with this job.