No. Pen testing and vulnerability scanning are two very different ways to test your systems for vulnerabilities.
Penetration testing and vulnerability scanning are often confused for the same service. A vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities. A penetration test is a detailed hands-on examination (intrusive) by a real person that tries to detect and exploit weaknesses in your system.
Vulnerability scans assess computers, systems, and networks for security weaknesses, also known as vulnerabilities. These scans are typically automated and give a beginning look at what could possibly be exploited. A good vulnerability scan can search for over 50,000 plus vulnerabilities and are required as per PCI DSS, FFIEC, and other regulations.
Vulnerability scans can be performed manually or run on a scheduled basis. It will complete in as little as few minutes to as long as several hours depending on the assets being scanned. Vulnerability scans don’t go beyond reporting on vulnerabilities that are detected.
A penetration test simulates a hacker attempting exploit vulnerabilities to get into a business system.
An certified pen tester, often called ethical hackers, search for vulnerabilities and then try to prove that they can be exploited. Using methods like password cracking, buffer overflow, and SQL injection, they attempt to compromise and extract data from a network in a non damaging way.
It really depends on the complexity of your environment and your objectives. Please see the ‘Our Approach’ section above to understand more on the steps.