One of the most important parts of a solid security program involves testing to see where your weaknesses lie. Continual improvement cannot be achieved without continual review. However, many people confuse the importance of vulnerability scanning with penetration testing. As a means of protecting an enterprise, one can never take precedence over, or replace the other. Both are equally important, and in some cases, they are suggested, if not outright directed by many standards and regulations.
Penetration testing seeks to exploit a security gap, while vulnerability scanning checks for known exposures and generates a report that can be used for risk mitigation.