A computer-implemented method may include obtaining a predicted idle-state duration of a first device. The computer-implemented method may further include obtaining a value corresponding to an available processing capacity of the first device. The computer-implemented method may further include making a first determination that the predicted idle-state duration of the first device exceeds a time required to perform a security scan of the first device using the available processing capacity of the first device. The computer-implemented method may further include making a second determination to perform a security scan of the first device in response to the first determination.