Usually if a company is concerned about vulnerabilities in there network they will hire a team to try to "hack" into there network.

The team does it exactly like a hacker would.
Port scans, fingerprinting, ect. They then report the weaknesses and vulnerablities found to the company.