Like other Vulnerability Assessment (VA) tools, automated scanning searches for known vulnerabilities in products. While it will sometimes find unknown vulnerabilities, this is usually due to similarities to known vulnerability signatures. 


beSTORM exhaustively tests the protocol implementation and will find all known and unknown vulnerabilities that relate to buffer overflow, format strings, and off-by-one vulnerabilities (currently over 95% of the known security flaws belong to one of those vulnerability types). 


Also, automated scanning is used by the end-user for scanning their network machines. beSTORM is used by the software vendor itself, to scan the product during development.