IBM Proventia Network Enterprise User Manual - page 132
Chapter 9: Understanding Scanning Processes in SiteProtector
132
IBM Internet Security Systems
Optimizing Cycle Duration, Scan Windows, and Subtasks
Introduction
Background scanning jobs persist throughout a scan cycle, but are active only during open
scan windows. The efficiency of background scanning relies on carefully calibrating the
following:
●
quantity of IP addresses and assets to scan
●
the duration of the scan cycle
●
the sizes of discovery and assessment subtasks and the size of the smallest scan
window
Calibration
considerations
If a subtask does not finish during a scanning window, one of the following occurs:
●
If another scan window is available during the same scan cycle, the subtask starts
from the beginning and runs again in its entirety at the beginning of the next open
scan window. The repeated subtask scans every asset in the subtask, including any
that the previous subtask already scanned.
Important:
Subtasks that carry over to another scan window during the same scan
cycle always start from the beginning, repeating any scanning that occurred in that
subtask before the scan window closed.
●
If no more scan windows are available during the scan cycle, the unscanned assets in
the subtask, as well as any unscanned assets in the rest of the job, remain unscanned.
Important:
New scan cycles always start from the beginning of the command job
even if any tasks or subtasks from the previous scan cycle did not finish.
Discovery cycle
duration
Determining the optimal duration for your discovery refresh cycle depends on how
frequently you add or change the assets on your network.
●
If your network changes frequently, you should scan more frequently.
●
If your network is fairly stable, you could scan less frequently.
Assessment cycle
duration
Determining the optimal duration for your assessment refresh cycle depends on how
important it is for you to scan every asset during every scan cycle. Consider the following:
Size of scan
windows
You define scan windows for each day in multiples of hours. The shortest possible scan
window is one hour; the longest is 24 hours. If a refresh cycle is too short, it does not scan
all of the assets during the cycle. If a scan window is too short to finish subtasks, it may
rerun subtasks that were nearly complete. To achieve the optimal balance, do the
following:
If you define a refresh cycle
for a group that contains…
Then…
critical assets only
it is probably important to your network security that you scan
each asset during the cycle.
assets with different levels of
criticality
you may be less concerned if the scan cycle does not scan all the
assets with lower criticality.
Table 48: Refresh cycle sizing considerations