In any vulnerability management program, defenders are always racing against time to identify new exposures and get the latest data. The recent Nexpose Now release made this easier than ever in Nexpose, but active scans will always remain important. Over the past quarter, we’ve made major strides in improving our scan engine performance so that customers can get the data and the fixes they need fast enough to keep up with the bad guys.
This upgrade is made up of several tweaks and updates we’ve made over the last few months.
It all started in May, when we shipped an enhancement to our scan engine that reduced scan time memory utilization by 10x. This allowed us to run scans with 50 threads on a 4GB scan engine. In some instances, we had success running 100 threads on a 4GB scan engine (the default for scan templates is 10 threads)
Throughout June, we focused on improving scan performance and multi core utilization. While we initially improved scan times by another 2x, there was obviously more work to do: an engine pool of 5 engines each scanning with 10 threads took 1 hour to scan our lab, and although a single engine with 50 threads should perform the same, it was taking 6 hours. The investigation revealed several inefficiencies in the threaded call manager, which we re-wrote to give a 3x increase in scan performance.
Finally, local rock stars Aneel Dadani and Erik Castellanos identified a strange behavior associated with how our content describes Microsoft supersedence relationships that resulted in a considerable amount of additional scan log data. Fixing this resulted in a 3x reduction in scan log size, and thus improved scan performance another 2.5x!
After all these improvements, the results were impressive: for our Windows lab, comprised of about 460 Windows assets of different versions, service pack levels, and configurations, scan times improved by as much as 10x, going from 12 hours to just 1 hour and 20 minutes. Just as impressive is the fact that these scans were done with a 4GB engine running 50 threads, something that used to take customers 16GB or 64GB engines to even attempt! This will make it much easier for our customers to tweak and speed up their scan performance (and finally put to bed some of the false rumors our competitors have been spreading about our scan performance for years).
Have you noticed the performance improvements over the last month? Do you have ways we can continue to improve scanning efficiency? Let us know, and of course, if you haven’t taken Nexpose for a whirl yet, be sure to download a trial today!
Early scan (~5 hours 30 minutes)
Final Scan (~1 hour 20 mins):