Hi Karthik,
Splitting the functionality isn't the norm (and won't work as you're intending), if you deploy Discover scan configuration only to one of those servers it will only reach the 500 users connecting to that particular server and not the other 500 (and vice versa for Prevent configuration).
The Endpoint Prevent/Discover servers are mainly just connection aggregators that facilitate the communication between the agent and the Enforce server. A single server with 2 CPUs and 8GB RAM in most cases will easily be able to maintain 1000 users utilising both Prevent and Discover functionality. In a typical organisation, you'll have 2 Endpoint Detection servers (serving both functions) with one in each Data Centre - which you'll each make one as the primary and the other secondary when you generate the package or point them to a DNS alias that will perform round-robin and split the agents between the automatically.
If you have a requirement for resource intensive policies (greedy regular expression, large IDM or EDM profiles or utilising two-tier detection) with 1000 users, you'd just increase the RAM to 16GB or as needed and possibly up them to 4 cores.
Dean