A vulnerability is a flaw that could be exploited by a malicious actor to gain access to data they are not authorised to view. A vulnerability scanner will connect to a device, network or website and run through a database that is populated with vulnerabilities to determine whether the target specified could be exploited.
There are two main types of vulnerability scanners, these are internal and external. An Internal vulnerability scan will run inside the network and determine any flaws an attacker could use to obtain access to unauthorised information. This scan will examine all the devices that are connected to the internal network, this is inclusive of, laptops, desktops and mobile devices. Many assume that only their externally facing systems needs to be adequately secured but threats internally are still very common. For example, a disgruntled employee, targeting specific systems from the inside, malware that is downloaded from the internet or placed on onto a device.
An external vulnerability scan is conducted from outside the network in scope. This scan will look for any security flaws and misconfigurations in your perimeter defences (network firewall and router). This will then determine any flaws a malicious actor utilise to gain access to the internal network and attack devices connected internally.
It is strong advised that both scans are conducted on a regular basis to ensure that you are aware of all the threats that could be exploited.
Both types of scans will generate a report that contains the vulnerability that was found, these will be categorised from low to high, depending on the impact that can occur from it being exploited. The report will also contain remediations on how to fix the vulnerabilities, allowing you to secure the network against unauthorised access.