® 
Vulnerability Scan
Definition
A vulnerability scan is an automated check of systems for known security vulnerabilities. Difference from pentest: scan reports, pentest exploits.
A vulnerability scan is an automated check of systems, networks and applications for known security vulnerabilities. According to the Ponemon Institute, 60% of data breaches can be traced back to vulnerabilities for which a patch was available but had not been applied.
How does a vulnerability scan work?
A vulnerability scanner connects to the systems being tested and compares installed software versions, configurations and open ports against databases of known vulnerabilities (CVE databases). The scanner identifies missing patches, insecure configurations, default passwords and outdated software versions. Each discovered vulnerability receives a severity score based on the Common Vulnerability Scoring System (CVSS), enabling organisations to prioritise which vulnerabilities to address first. Scans can be authenticated (with credentials for deeper analysis) or unauthenticated (external perspective).
Difference from penetration testing
A vulnerability scan automatically identifies and reports vulnerabilities but does not attempt to exploit them. A pentest goes further: pentesters actually try to exploit vulnerabilities to prove what an attacker could achieve. Vulnerability scanning is broader but shallower; pentesting is deeper but more limited in scope. Both are complementary and essential for a mature security programme.
Impact on organisations
The number of published CVEs grows annually: in 2023 over 29,000 new vulnerabilities were registered. Without regular vulnerability scanning, organisations have no visibility into their vulnerable attack surface. NIS2 requires organisations in critical sectors to conduct regular vulnerability assessments. ISO 27001 requires a systematic process for identifying and treating technical vulnerabilities. PCI DSS mandates quarterly vulnerability scans by an Approved Scanning Vendor. DORA sets comparable requirements for financial institutions.
Protection
An effective vulnerability management programme combines regular scans with a structured patching process. Continuous vulnerability scanning detects new vulnerabilities as soon as they are published. Risk-based prioritisation focuses on vulnerabilities that are actually exploitable in the specific environment. A vulnerability management platform provides dashboards, trend analysis and compliance reporting. Integration with patch management tools automates the remediation process.
How DEFION helps
DEFION provides Continuous Vulnerability Management as a managed service, with the security team conducting continuous scans, prioritising vulnerabilities based on risk and delivering concrete remediation advice. External pentests validate the effectiveness of the vulnerability management programme.