Nodeware will attempt to scan every discovered device for vulnerabilities unless they are explicitly paused from scanning or unresponsive on the network. For more information on pausing devices, see the Pausing Devices knowledge base article in the Nodeware Dashboard section.
Nodeware targets one full scan of each connected endpoint a day, meaning a host fingerprint, vulnerability scan, and if configured, a credentialed vulnerability scan. Vulnerabilities are added to the Nodeware data feed as they are published and the latest definitions are included in each scan. This means there is no need to sync or update the definitions, instead the Nodeware Sensor will download the most recent profile for the scan if it has been updated between scans. This insures the scan profiles stay inline with vendor security bulletins and published vulnerability feeds.
Devices are prioritized for vulnerability scanning based on several factors. The primary factor is whether a device is new to a network–new devices are scanned first to shorten the time from detection to getting a full security assessment of a device and the risks it poses to your network.
Secondarily, device rescan requests are considered. While Nodeware continuously scans your network, during remediation work it may be helpful to more quickly see the results of scans. This can be requested via the rescan button on the device view. For more information on rescanning a device, see the Rescanning Devices knowledge base article in the Nodeware Dashboard section.
At any given time, Nodeware can be scanning up to 4 devices in parallel. This queuing system and the slower timing of scans allows Nodeware to maintain low network utilization and avoid impacting the availability of devices.
When a device has finished scanning, another is loaded into a queue spot. Because of the methodology used in scanning, this allows the scanner to be highly available to scan new hosts as they join the network.
Scan data about a device is only retained on the Nodeware Sensor for the duration of the scan. Once a scan is complete, the data is transmitted securely to the Nodeware data store and is encrypted both in transit and at rest. The data is only decrypted and available for you to view in the Dashboard and in reports.