As it' s said in their whitepaper CryptoNight is "a new memory-bound algorithm for the proof-of-work pricing function. It relies on random access to a slow memory and emphasizes latency dependence. As opposed to scrypt every new block (64 bytes in length) depends on all the previous blocks. As a result a hypothetical "memory-saver" should increase his calculation speed exponentially".
More info you can get by yourself
here.
So scrypt gives us ASIC-resistance, but this algo is much better at this field.
From 128KB (scrypt) to 2MB (CryptoNight) is a factor 16 increase in memory usage.
To improve ASIC-resistance further, you'd like to require hundreds of MB,
but that would make verification even slower than it already is.
Other memory-bound proofs-of-work avoid this problem (at the cost of introducing more parrallellism)
by having an asymmetry between computation and verification.
E.g. Momentum, memory-coin 2, my own Cuckoo Cycle, or Coelho's scheme
( "An (Almost) Constant-Effort Solution-Verification Proof-of-Work Protocol based on Merkle Trees" AfriCrypt 2008, Fabien Coelho)