Automatic vulnerability scanning products help an organization quickly and proactively identify vulnerabilities in systems that could be exploited by attackers. The idea is to use these tools internally in an effort to fix the weaknesses in those systems before the attackers exploit those vulnerabilities. Because these tools are automated, they can be included in regression test suites or executed on a regular basis without drawing overworked people away from other responsibilities.
Each vulnerability scanning product works differently, depending on its goal. While some look at Windows registry entries to determine if the latest patches have been applied, others attempt to exploit specific vulnerabilities against a target machine. Typically, vulnerability scanners test against known vulnerabilities.
Keep in mind, as with most tools in the security industry, vulnerability scanners are available both commercially, and as open source free/shareware. This means your attackers have vulnerability scanners to use against you as well, so an internal process to quickly address identified vulnerabilities is imperative.More on this
This was first published in November 2006