External vulnerability scans are run from outside an organisation’s network, targeting areas of the IT environment exposed to the internet such as firewalls, web applications, ports and networks. They unearth vulnerabilities in perimeter defenses like open ports in a network’s firewall.

On the other hand, internal vulnerability scans are run from the inside of an organiszation’s network. They detect issues such as vulnerabilities that could be exploited by a hacker who has already made it through perimeter defenses, and threats posed by malware inside a network and insider threats.