Vulnerability scanners are automated tools that allow organizations to check if their networks, systems and applications have security weaknesses that could expose them to attacks. Vulnerability scanning is a common practice across enterprise networks and is often mandated by industry standards and government regulations to improve the organization’s security posture. Regular scans of your network, web servers and applications will reveal weaknesses that attackers might exploit.

Vulnerability scans can be performed from outside or inside the network or the network segment that’s being evaluated. Organizations can run external scans from outside their network perimeter to determine the exposure to attacks of servers and applications that are accessible directly from the internet. Meanwhile, internal vulnerability scans aim to identify flaws that hackers could exploit to move laterally to different systems and servers if they gain access to the local network.

Some industry standards, such as the Payment Card Industry Data Security Standard (PCI-DSS), require organizations to perform both external and internal vulnerability scans quarterly, as well as every time new systems or components are installed, the network topology changes, the firewall rules are modified, or various software products are upgraded.