Vulnerability scanning automatically identifies known vulnerabilities — comparing system configurations and software versions against CVE databases.
Credentialed (authenticated) scans find significantly more vulnerabilities than unauthenticated scans. Schedule regular scans: weekly for internet-facing, monthly for internal. Scanning ≠ pen testing (scanning identifies; pen testing exploits and proves impact). Integrate scan results into vulnerability management program.