In an ideal world, you could scan for vulnerabilities instantly by pulling up the complete configuration of all computers and network devices as well as the applications that run on them. Unfortunately, no current technology does this. Furthermore, because most networks are highly heterogeneous, have clients separated by high-latency links, and have administrative zones, remote clients, and unmanaged clients, this technology is not likely to appear anytime soon. Many network administrators engage in vulnerability scanning by running a tool they downloaded from the Internet, but because they don’t have any real goals in mind or an understanding of what the tool is actually doing, ...