Vendor Spotlight: Vonahi

Vonahi Security is a prominent cybersecurity consulting firm known for its innovative approach to network penetration testing. Their flagship product, vPenTest, is a SaaS platform that automates network penetration testing, making it more scalable, accurate, and efficient compared to traditional methods. This platform allows organizations to perform internal or external network penetration tests on-demand, providing real-time monitoring and detailed reports.

By automating these processes, Vonahi Security helps businesses identify vulnerabilities, exploit them to demonstrate potential impacts, and ultimately strengthen their security posture. In addition to its technical capabilities, Vonahi Security’s vPenTest platform is designed to meet compliance requirements for various regulated industries, including PCI, HIPAA, and SOC2.

The platform is backed by a team of certified consultants with extensive experience in offensive cybersecurity. This combination of automation and expert knowledge ensures that organizations can continuously assess and improve their security defenses without the high costs and time constraints associated with manual penetration testing.

Founding and Background

Vonahi Security was created with the goal of making cybersecurity more accessible, effective, and efficient through the use of automation and expert-driven services. The company was founded in May 2018 by Alton Johnson, a seasoned cybersecurity professional with years of experience in offensive security and penetration testing. His vision for Vonahi was to build an automated penetration testing service while maintaining the expertise-driven, thorough assessment methods that high-quality testing demands.

The business was set up in offices in Atlanta, Georgia, and is still in that location. While growing in functions and market share, the company hasn’t grown much in terms of size – it currently has only 24 employees. Alton Johnson was the key employee of the business as well as its CEO. He built up a career as a penetration tester and cybersecurity consultant and Vonahi Security was a progression from his independent status to hiring employees and expanding his operations.

Vonahi aims to help organizations identify security vulnerabilities in their networks, applications, and systems by offering services that are accessible and scalable for businesses of all sizes. The company is best known for its platform called vPenTest, which automates network penetration testing to make it faster, more cost-effective, and available on demand.

Vonahi Security never sought financing from investment funds during its development phase. The company was eventually sold to Kaseya Limited in April 2023.

Timeline and Evolution

Vonahi Security has seen rapid evolution since its founding in 2019, driven by its commitment to automating and modernizing cybersecurity, particularly in the domain of penetration testing. Below is a timeline of key milestones and developments in Vonahi Security’s journey:

• April 2018: Vonahi Security was officially founded in April 2018 by Alton Johnson, a cybersecurity consultant with a specialization in offensive security. The company focused on offering traditional cybersecurity services like manual penetration testing, vulnerability assessments, and social engineering campaigns.
• July 2019: The Vonahi team of cybersecurity experts started to formulate a design for an automated penetration testing platform.
• August 2019: Coding began on the new Vonahi Security penetration testing system.
• September 2019: Vonahi Security launched its flagship product, vPenTest, a fully automated network penetration testing platform. This tool allows organizations to conduct continuous or on-demand automated penetration tests.
• 2020: The company expanded its customer base for its consultancy but made slow progress in attracting subscribers for its vPenTest system.
• 2021: The vPenTest platform gained traction in the market, particularly among SMBs. The consultancy service continues to do well. User education services with phishing simulations and security awareness programs were created.
• 2022: Vonahi Security started to gain recognition within the cybersecurity industry. Vonahi develops the vPenTest platform with more comprehensive vulnerability reporting, integrations with SIEM systems, and enhanced compliance reporting.
• April 2023: Alton Johnson sells Vonahi Security to Kaseya Limited but retains the position of CEO and Principal Security Consultant.
• 2023: Partnerships with managed service providers (MSPs), cybersecurity consultancies, and other technology firms to extend the reach of its vPenTest platform. These partnerships allowed other security professionals to use Vonahi’s automation technology as part of their service offerings.
• 2024: Introduction of AI and machine learning technologies into its vPenTest platform. These advancements allowed the platform to become more sophisticated in identifying complex attack patterns, learning from previous tests.

Today, Vonahi continues to expand its suite of services beyond network penetration testing, moving into areas such as:

• Cloud penetration testing: Targeting the growing need for securing cloud environments.
• Application security testing: Focusing on the security of web and mobile applications.
• Continuous penetration testing as a service (PTaaS): Offering businesses the ability to have continuous monitoring and security assessments.
• Cybersecurity education: Catering to small and medium-sized businesses, emphasizing the importance of proactive security testing and employee awareness.

Future Outlook

As Vonahi Security continues to innovate and grow, the company is likely to focus on:

• AI and automation integration.
• Global market expansion, particularly into Europe, Asia, and Latin America.
• Compliance and regulatory reporting features for healthcare, finance, and government sectors.

Company Ownership

Alton Johnson created Vonahi when he wanted to change his working pattern from being an employee to becoming a consultant with his own company. He took on assistants and contracted independent penetration testers, creating a company, which he owned entirely. He continued to own the company 100 percent until he sold it to Kaseya in April 2023.

The terms of the acquisition were not made public, so there was no valuation for the company. It is also not clear whether Kaseya paid cash for the company or gave Johnson shares in exchange for Vonahi. Alton Johnson retained his position as CEO and Principal Security Consultant, so it is likely that he still has some form of ownership in the business.

Kaseya Limited was founded by Mark Sutherland and Paul Wong in Menlo Park, California in 2001. Since 2013, the company has been majority owned by Insight Partners, a private equity fund based in New York.

Key People

• Alton Johnson, CEO, and Principal Security Consultant: Growing up in New Orleans, Jonson became obsessed with computers and excited by hacking. He declares that he started hacking at the age of 10. The risk of hacking persuaded Johnson to switch to legitimate coding. He studied cybersecurity certification courses by distance learning while treading water in IT Help Desk jobs. Computer security training took him back to his hacking days, and Johnson took to the field of penetration testing with ease. Getting into the field professionally became easier once he gained his OSCP credentials. He built a career in cybersecurity consultancy, starting in 2011 and climbing the ladder through a series of company moves until he achieved Senior Consultant status. From that position, the only way up was to create his own business, and that was achieved when he founded Vonahi Security in April 2018.
• Jason Wells, Chief Operating Officer: Wells gave Alton Johnson his first job in cybersecurity and the two worked together at TraceSecurity from June 2011 to August 2013, when Johnson left for an Associate Consultant position elsewhere. Wells stayed with TraceSecurity, rising to the position of Chief Operating Officer in January 2016. He maintained that position until April 2019 when he became Head of Operations at Hello Outbound. Wells lists this position as current and full-time. However, he also lists on LinkedIn that his position as COO at Vonahi is also full-time. Wells became COO of Vonahi in August 2021.

Locations

The official address of Vonahi Security is in Hoschton, Georgia. However, its headquarters are housed in Atlanta Georgia. The company has few employees and most are based from home, including executives. Jason Wells, the COO, is based in Baton Rouge, Louisiana. Trang Crowley, the Chief Financial Officer, is located in Joshua Texas, the Chief Product Officer, Ky Tran, lists his allocation as Dallas, Texas, and the Chief Strategy Officer, Trammie Anderson, works from Austin, Texas.

Kaseya Limited is headquartered in Brickell, Miami, Florida. Insight Partners, the ultimate owner of Vonahi Security, is based in New York.

Vonahi Security Target Market and Customer Base

Vonahi Security primarily targets small and medium-sized businesses (SMBs) and enterprises with its automated penetration testing platform, vPenTest. The company’s focus is on making cybersecurity services more accessible, efficient, and cost-effective.

Target Market

Small and Medium-Sized Businesses (SMBs)

SMBs often have limited budgets for cybersecurity. Vonahi Security aims to provide cost-effective penetration testing solutions that are within reach of these organizations. Many SMBs do not have in-house security teams or expertise, making automated solutions like vPenTest appealing as they provide necessary assessments without requiring extensive knowledge of cybersecurity.

Small and mid-sized companies operating in regulated industries, such as healthcare and finance, need to adhere to compliance standards. The regulations require regular security assessments and vPenTest offers an accessible way to meet these requirements.

Enterprises

Larger organizations looking for scalable solutions can benefit from the automation provided by vPenTest, allowing them to conduct frequent security assessments across multiple departments or locations. Enterprises typically require ongoing assessments to maintain security in complex environments, making vPenTest’s continuous testing capabilities particularly valuable.

Larger organizations with existing security infrastructure can integrate vPenTest into their broader security practices, enhancing their overall cybersecurity posture.

Customer Base

Vonahi Security serves a range of industries, including:

• Healthcare: Ensuring patient data protection and compliance with regulations like HIPAA.
• Finance: Addressing security concerns related to sensitive financial data and regulatory requirements.
• Technology: Providing security assessments for software and technology companies that need to protect user data and intellectual property.
• Retail: Helping retail businesses secure customer payment information and comply with PCI DSS standards.

While the company initially targeted clients within the United States, Vonahi Security has been expanding its services to international markets, particularly in regions with growing cybersecurity needs.

Value Proposition

• Automation: The primary selling point of vPenTest is its ability to automate penetration testing, making it faster and less expensive compared to traditional manual testing.
• User-friendly interface: Designed for organizations without extensive cybersecurity expertise, vPenTest provides intuitive reporting and actionable insights, allowing users to easily understand and address vulnerabilities.
• Quick turnaround: Automated testing enables faster identification of vulnerabilities, allowing businesses to respond quickly to potential threats.

Marketing Strategy

• Educational content: Vonahi Security engages potential customers through educational content, webinars, and resources that raise awareness about the importance of regular security testing and the benefits of automation.
• Partnerships: Collaborating with managed service providers (MSPs) and cybersecurity consultancies to extend its reach and offer integrated services to a broader audience.
• Customer testimonials: Leveraging positive feedback and case studies from early adopters to build trust and credibility in the market.

Vonahi Product Suite

Vonahi Security offers a suite of products designed to enhance cybersecurity, primarily focused on automating penetration testing and vulnerability assessments. The key product in their suite is vPenTest, but they may also have additional tools and offerings aimed at helping organizations manage their cybersecurity risks effectively.

Here’s an overview of the main products in Vonahi Security’s product suite:

1. vPenTest

vPenTest is Vonahi Security’s flagship product, an automated penetration testing platform that aims to streamline and simplify the process of identifying vulnerabilities in an organization’s network and applications.

Key Features:

• Automated testing: Performs automated network penetration testing, reducing the time and cost typically associated with manual penetration testing.
• Continuous security assessments: Allows organizations to conduct ongoing assessments to ensure their security posture remains strong against emerging threats.
• Real-time reporting: Provides detailed reports that highlight vulnerabilities, along with actionable remediation guidance to help organizations address security issues effectively.
• User-friendly interface: Designed to be accessible for organizations without extensive cybersecurity expertise, making it easy for users to understand and manage their security assessments.

2. Consulting and Professional Services

In addition to its product suite, Vonahi Security may offer consulting and professional services, leveraging its expertise to provide tailored security assessments and guidance.

Key Features:

• Custom penetration testing: Involves manual testing by experienced security professionals to complement the automated capabilities of vPenTest.
• Security training and awareness: Offers training sessions and workshops to help organizations build a security-conscious culture and improve their overall security posture.

3. Integrations and API Access

Vonahi Security focuses on making its products versatile and integrable with other security tools and platforms.

Key Features:

• API access: Allows organizations to integrate vPenTest with existing security information and event management (SIEM) systems or other security tools, enhancing their overall security operations.
• Data export: Enables exporting of reports and data for further analysis or integration into internal systems.

4. Future Product Developments

Vonahi Security may continuously expand its product suite to address emerging cybersecurity challenges and technological advancements.

Key Features:

• Enhanced automation: Ongoing development of features that increase the automation capabilities of vPenTest and other tools.
• Expanded coverage: Future products may include offerings for specific compliance requirements or industry-specific security solutions.

Product Suite Summary

Vonahi Security’s product suite is designed to provide organizations with effective tools for managing their cybersecurity risks through automation and comprehensive assessments. vPenTest serves as the cornerstone of their offerings, while additional tools like vAssess and consulting services enhance the company’s ability to support clients in their cybersecurity initiatives. As the threat landscape evolves, Vonahi Security is likely to continue developing and expanding its product suite to meet the needs of its customers.

vPenTest is the flagship product of Vonahi Security, designed to automate the process of penetration testing for organizations of all sizes. By streamlining security assessments, vPenTest aims to make penetration testing more accessible, efficient, and effective, particularly for small and medium-sized businesses (SMBs) that may lack the resources for extensive manual testing. Here’s a detailed review of its features, benefits, usability, and overall performance.

Key Features:

• Automated network penetration testing: Scans for vulnerabilities within a network; faster and less error-prone than manual penetration testing.
• Continuous security assessments:  Allows organizations to perform ongoing assessments to keep up with the evolving threat landscape.
• Alerts: Sends notifications and alerts for any new vulnerabilities detected, ensuring timely remediation.
• Detailed reports: Insights into vulnerabilities, their severity, and recommended remediation strategies.  Reports and vulnerability data can be exported for further analysis with external tools.
• API access: Provides integration with other security tools and systems, allowing organizations to incorporate vPenTest into their broader security operations.
• Scalability: Suitable for organizations of various sizes, vPenTest can scale its assessments based on the complexity and size of the network.

The Vonahi platform utilizes advanced scanning algorithms and techniques to mimic the tactics of a human attacker. This is a cost-effective solution, especially for SMBs. It offers a more affordable alternative to traditional penetration testing services.

Comprehensive documentation and tutorials are available to guide users through the platform’s features and functionalities. vPenTest empowers organizations to conduct regular security assessments efficiently.

Other Notable Products

1. Custom Penetration Testing

Vonahi Security’s Custom Penetration Testing services offer tailored assessments designed to meet the unique security needs of individual organizations. Unlike automated solutions, these assessments are conducted by experienced security professionals who leverage their expertise to simulate real-world attacks. This hands-on approach allows Vonahi to uncover complex vulnerabilities and provide nuanced insights that automated tools might miss.

The custom nature of these engagements ensures that the testing aligns closely with the organization’s specific environment, risk profile, and compliance requirements, resulting in more relevant and actionable findings. One of the key advantages of Vonahi’s Custom Penetration Testing is the thoroughness of the assessments, which often include extensive pre-engagement planning, in-depth analysis, and detailed reporting.

The penetration testers not only identify vulnerabilities but also evaluate the potential impact of these weaknesses on the organization’s operations and data security. Comprehensive reports include practical remediation recommendations and strategies to enhance the overall security posture. This personalized approach fosters a deeper understanding of security risks and cultivates a proactive culture of security awareness within the organization. The team keeps pace with increasingly sophisticated cyber threats.

2. Training and Awareness Programs

Vonahi Security’s Training and Awareness programs are designed to equip organizations with the knowledge and skills necessary to enhance their cybersecurity posture. These programs focus on educating employees about current cyber threats, best practices for data protection, and the importance of security in their daily operations.

Training packages empower employees to recognize potential threats and respond appropriately. This helps in mitigating risks and strengthens the overall security framework. Courses ensure that all team members understand their role in safeguarding sensitive information. In addition to foundational training, Vonahi’s programs can include specialized modules tailored to specific industries or compliance requirements.

The inclusion of real-world scenarios and hands-on exercises enhances the learning experience, making it easier for employees to relate to the material and apply it in practice. By investing in comprehensive training and awareness initiatives, organizations can significantly reduce the likelihood of security incidents caused by human error.

Major Competitors

Effectively, Vonahi’s vPenTest is a vulnerability scanner and there are many rivals to this tool on the market.

Here are some of the major competitors to Vonahi Security:

1. Cobalt.io

Cobalt.io offers a penetration testing-as-a-service (PtaaS) model, connecting companies with a global community of vetted penetration testers.

• Key Strengths: The platform combines automated tools with human expertise, providing on-demand security assessments. Cobalt’s service is known for its speed and collaboration with in-house teams.
• Comparison: Unlike Vonahi’s fully automated approach with vPenTest, Cobalt emphasizes a mix of manual and automated testing, providing greater human oversight.

2. HackerOne

HackerOne is a leading bug bounty platform that connects organizations with ethical hackers who identify and report vulnerabilities.

• Key Strengths: The platform allows companies to tap into a large community of security researchers, providing continuous security testing via bug bounty programs.
• Comparison: While Vonahi focuses on automation for scalability and cost efficiency, HackerOne relies on human expertise through a crowdsourced model, offering deeper coverage but at a potentially higher cost.

3. Synack

Synack combines artificial intelligence and a global community of ethical hackers to provide continuous penetration testing and vulnerability assessments.

• Key Strengths: Synack’s model includes automated vulnerability discovery with real-time updates and human validation, ensuring a more thorough and tailored security assessment.
• Comparison: Like Vonahi, Synack emphasizes automation but supplements it with human testing, making it a more comprehensive solution, albeit typically at a higher price point.

4. Rapid7 (Metasploit)

Rapid7 is known for its comprehensive suite of security tools, including vulnerability management, incident detection, and penetration testing through the Metasploit framework.

• Key Strengths: Metasploit is widely used for manual penetration testing and vulnerability exploitation, offering flexibility for skilled security professionals.
• Comparison: While Vonahi’s vPenTest offers automated, scalable solutions ideal for small to mid-sized businesses, Rapid7’s tools (including Metasploit) are more manual and suited to organizations with in-house security expertise.

5. Qualys (Vulnerability Management)

Qualys is a leader in vulnerability management, offering cloud-based solutions for automated vulnerability scanning, asset discovery, and compliance monitoring.

• Key Strengths: Its cloud platform is widely used for vulnerability scanning and continuous monitoring across complex environments.
• Comparison: Vonahi focuses more on network penetration testing through vPenTest, while Qualys emphasizes vulnerability management and compliance, making them complementary but competing in areas of vulnerability discovery.

6. Pentera (formerly Pcysys)

Pentera offers an automated penetration testing platform that simulates real-world attacks on an organization’s network to identify vulnerabilities.

• Key Strengths: Pentera’s platform focuses on automating penetration testing in a way similar to vPenTest, delivering continuous assessments and actionable insights.
• Comparison: Pentera is a direct competitor to Vonahi as both offer automated penetration testing solutions. However, Pentera is often targeted at larger enterprises, while Vonahi caters strongly to small and medium-sized businesses (SMBs).

7. ImmuniWeb

ImmuniWeb provides a suite of cybersecurity services, including automated penetration testing, application security testing, and dark web monitoring.

• Key Strengths: ImmuniWeb combines AI-driven automation with manual testing in a hybrid approach, covering both web applications and network infrastructure.
• Comparison: Like Vonahi, ImmuniWeb uses automation to reduce costs and improve efficiency but offers more comprehensive application testing, making it a broader solution.

Spotlight Wrap Up

Vonahi’s journey from a niche penetration testing company to an industry leader in automation-driven offensive security showcases its commitment to evolving cybersecurity practices. By automating aspects of security testing while still offering expert insights, the company bridges the gap between human expertise and technological efficiency, making cybersecurity proactive and affordable for businesses at any level.