Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Vulnerability Scanning Strategy and Best Practices

 

Good planning is essential for the setup of a stable and efficient JSA Vulnerability Manager scanning system in your network.

You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your Juniper Customer Support.

Analyze your network structure, and determine the best scanning configuration for your network, from both a hardware and a scanning performance perspective.

Consider the following information, which includes best practices for setting up your JSA Vulnerability Manager scanning deployment:

  • Scan policy types

    Choose the scan policy type that meets your scanning requirements and consider the time and resources that are required to complete the scan.

  • Scan duration and ports to scan

    Decide whether you need to scan all TCP and UDP ports. UDP ports take longer to scan than TCP ports.

  • Tune your asset discovery.

    Tune your asset discovery to manage your asset discovery times and effectiveness.

  • Tune your asset discovery performance.

    Adjust and optimize the speed and accuracy at which assets are discovered in your network.

  • Scanner placement in your network

    Place scanners close to the assets that you are scanning, and be aware of the impact of network latency on your scan times.

  • Web application scanning

    This scan can take a long time and be resource-intensive. If you don't need to run this scan as part of a full scan, you can exclude this scan.

  • Dynamic scanning

    You might save time by implementing dynamic scanning.

  • Network bandwidth setting

    Adjust the network bandwidth setting according to your network bandwidth and the number of assets that you can scan concurrently.

  • Network interface cards on scanners

    Use network interface cards to segment your network scanning.

  • Vulnerability management for asset owners

    Assign owners to your assets.

  • Notification of asset owners on the timing of scans.

    Ensure that asset owners are aware of scan times.

  • Triggering scans of new assets

    Trigger scans of new assets when they are added to the asset database.

  • Configure environmental risk for an asset

    Use the CVSS Environmental Score to manipulate and prioritize the risk score on selected assets.

  • External scanning FAQs

    What you need to know about setting up an external scan.