What is vulnerability scanning and how often should it be performed?

Vulnerability scanning uses automated tools to identify known security weaknesses in systems, applications, and network devices by comparing configurations and software versions against databases of known vulnerabilities. Scans should be performed at minimum monthly for production systems, after any significant changes to the environment, and continuously for high-value assets using agent-based scanning. Credentialed scans that log into systems find more vulnerabilities than uncredentialed scans that test from outside.