Vonahi Vendor Spotlight

Vonahi Security is a prominent cybersecurity consulting firm known for its innovative approach to network penetration testing. Their flagship product, vPenTest, is a SaaS platform that automates network penetration testing, making it more scalable, accurate, and efficient compared to traditional methods. This platform allows organizations to perform internal or external network penetration tests on-demand, providing real-time monitoring and detailed reports.

By automating these processes, Vonahi Security helps businesses identify vulnerabilities, exploit them to demonstrate potential impacts, and ultimately strengthen their security posture. In addition to its technical capabilities, Vonahi Security’s vPenTest platform is designed to meet compliance requirements for various regulated industries, including PCI, HIPAA, and SOC2.

The platform is backed by a team of certified consultants with extensive experience in offensive cybersecurity. This combination of automation and expert knowledge ensures that organizations can continuously assess and improve their security defenses without the high costs and time constraints associated with manual penetration testing.

*Note: This post has been updated with additional details provided to us directly by Vonahi’s leadership team to offer more insight into the company’s history, leadership structure, industry focus, and product functionality. This information did not influence our deeper analysis of this tool’s viability as a product for its target customers.

Founding and Background

Vonahi Security was created with the goal of making cybersecurity more accessible, effective, and efficient through the use of automation and expert-driven services. The company was founded in May 2018 by Alton Johnson, a seasoned cybersecurity professional with years of experience in offensive security and penetration testing. His vision for Vonahi was to build an automated penetration testing service while maintaining the expertise-driven, thorough assessment methods that high-quality testing demands.

The business was set up in offices in Atlanta, Georgia, and is still in that location. While growing in functions and market share, the company hasn’t grown much in terms of size – it currently has only 24 employees. Alton Johnson was the key employee of the business as well as its CEO. He built up a career as a penetration tester and cybersecurity consultant and Vonahi Security was a progression from his independent status to hiring employees and expanding his operations.

Vonahi aims to help organizations identify security vulnerabilities in their networks, applications, and systems by offering services that are accessible and scalable for businesses of all sizes. The company is best known for its platform called vPenTest, which automates network penetration testing to make it faster, more cost-effective, and available on demand.

Vonahi Security never sought financing from investment funds during its development phase. The company was eventually sold to Kaseya Limited in April 2023.

Timeline and Evolution

Vonahi Security has seen rapid evolution since its founding in 2019, driven by its commitment to automating and modernizing cybersecurity, particularly in the domain of penetration testing. Below is a timeline of key milestones and developments in Vonahi Security’s journey:

  • April 2018: Vonahi Security was officially founded in April 2018 by Alton Johnson, a cybersecurity consultant with a specialization in offensive security. The company focused on offering traditional cybersecurity services like manual penetration testing, vulnerability assessments, and social engineering campaigns.
  • August 2018: Coding began for vPenTest, the company’s automated network penetration testing platform.
  • July 2019: Chief Strategy Officer Trammie Anderson joined the company and started to formulate a user-friendly design and GTM strategy for vPenTest.
  • September 2019: Vonahi Security launched the MVP version of its flagship product, vPenTest, a fully automated network penetration testing platform. This tool allows organizations to conduct monthly, on-demand automated network penetration tests but make slow progress in attracting subscribers.
  • October 2020: The company expanded its customer base for its consultancy butand tailored vPenTest features to fit the MSP market, increasing user adoption.
  • 2021: The vPenTest platform gained traction in the market with 3x growth, particularly among Managed Service Providers who provide IT services to the SMB market. The consultancy service which includes web app, wireless network, and cloud pentesting continues to do well.
  • 2022: Vonahi Security started to gain recognition within the cybersecurity and experienced significant growth. Vonahi develops the vPenTest platform with more comprehensive reporting and enhanced compliance reporting.
  • April 2023: Alton Johnson sells Vonahi Security to Kaseya Limited but retains the position of CEO and Principal Security Consultant.
  • 2023: Partnerships with managed service providers (MSPs), cybersecurity consultancies, and other technology firms to extend the reach of its vPenTest platform. These partnerships allowed other security professionals to use Vonahi’s automation technology as part of their service offerings.
  • 2024: The company increases its headcount, launches 12 product features, and continues to focus on integrations into Kaseya’s IT Complete platform.

Today, Vonahi has narrowed its focus exclusively on delivering the industry’s best network penetration testing software and deeply integrating with other modules within Kaseya’s ecosystem: 

  • VulScan: vPenTest’s first integration with VulScan gives users a comprehensive view of their network security with results from both vulnerability scanning and penetration testing in one solution.
  • KaseyaOne Unified Login: This integration enables SSO access to vPenTest via KaseyaOne credentials, making user onboarding and offboarding a breeze for KaseyaOne admins.
  • Compliance Manager GRC: This integration automatically sends internal and external network penetration testing metrics per organization from vPenTest to Compliance Manager GRC, simplifying compliance by mapping metrics directly to regulatory requirements.

Future Outlook

As Vonahi Security continues to innovate and grow, the company is likely to focus on:

  • AI and automation integration.
  • Global market expansion, particularly into Europe, Asia, and Latin America.
  • Compliance and regulatory reporting features for healthcare, finance, and government sectors.

Company Ownership

Alton Johnson created Vonahi when he wanted to change his working pattern from being an employee to becoming a consultant with his own company. He took on assistants and contracted independent penetration testers, creating a company that he owned entirely. He continued to own the company until he sold it to Kaseya in April 2023.

The terms of the acquisition were not made public, so there was no valuation for the company. It is also not clear whether Kaseya paid cash for the company or gave Johnson shares in exchange for Vonahi. Alton Johnson retained his position as CEO and Principal Security Consultant, so it is likely that he still has some form of ownership in the business.

Kaseya Limited was founded by Mark Sutherland and Paul Wong in Menlo Park, California, in 2001. Since 2013, the company has been owned mainly by Insight Partners, a private equity fund based in New York.

Key People

  • Alton Johnson, CEO, and Principal Security Consultant: Growing up in New Orleans, Jonson became obsessed with computers and excited by hacking. He declares that he started hacking at the age of 10. The risk of hacking persuaded Johnson to switch to legitimate coding. He studied cybersecurity certification courses by distance learning while treading water in IT Help Desk jobs. Computer security training took him back to his hacking days, and Johnson took to the field of penetration testing with ease. Getting into the field professionally became easier once he gained his OSCP credentials. He built a career in cybersecurity consultancy, starting in 2011 and climbing the ladder through a series of company moves until he achieved Senior Consultant status. From that position, the only way up was to create his own business, which was achieved when he founded Vonahi Security in April 2018.

 

  • Trammie Anderson, Chief Strategy Officer: Trammie joined the company in June 2019 as Vonahi’s second employee. With an extensive background in marketing and UI/UX design in engineering and tech, she led the company’s strategies for marketing and product development for vPenTest. She also managed and oversaw accounting, financing, and HR for the company up until its acquisition. 

 

  • Jason Wells, Chief Operating Officer: Wells gave Alton Johnson his first job in cybersecurity and the two worked together at TraceSecurity from June 2011 to August 2013, when Johnson left for an Associate Consultant position elsewhere. Wells stayed with TraceSecurity, rising to the position of Chief Operating Officer in January 2016. He maintained that position until April 2019 when he became Head of Operations at Hello Outbound. Wells lists this position as current and full-time. However, he also lists on LinkedIn that his position as COO at Vonahi is also full-time. Wells became COO of Vonahi in August 2021.

 

  • Ky Tran, Chief Product Officer: Ky joined the Vonahi leadership team in January 2022. Ky has been in the tech industry for over 15 years with an extensive background in leading global service delivery teams, systems architecture and providing Chief Information Officer (CIO) consulting to businesses. His experience spans various industries, including the federal government, large enterprises, and small and medium businesses. Prior to joining Vonahi Security, Ky was virtual CIO at a Dallas-based managed IT services company for 2.5 years.

Locations

The official address of Vonahi Security is in Hoschton, Georgia. However, its headquarters are housed in Atlanta Georgia. The company has few employees and most are based from home, including executives. Jason Wells, the COO, is based in Baton Rouge, Louisiana. Trang Crowley, the Chief Financial Officer, is located in Joshua Texas, the Chief Product Officer, Ky Tran, lists his allocation as Dallas, Texas, and the Chief Strategy Officer, Trammie Anderson, works from Austin, Texas.

Kaseya Limited is headquartered in Brickell, Miami, Florida. Insight Partners, the ultimate owner of Vonahi Security, is based in New York.

Vonahi Security Target Market and Customer Base

Vonahi Security primarily targets Managed Service Providers (MSP, MSSP), small and medium-sized businesses (SMBs) and enterprises with its automated network penetration testing platform, vPenTest. The company’s focus is on making cybersecurity services more accessible, efficient, and cost-effective.

Target Market

Managed Service Providers (MSP / MSSP)

Managed Service Providers (MSPs) or Managed Service Security Providers (MSSPs) deliver essential IT and security support for various business needs, from cloud computing to infrastructure management. They’re an industry leader among companies without the internal resources to handle IT in-house. Vonahi Security empowers MSPs to offer third-party network penetration testing to their clients—at higher margins than outsourcing to traditional cybersecurity firms.

Small and Medium-Sized Businesses (SMBs)

SMBs often have limited budgets for cybersecurity. Vonahi Security aims to provide cost-effective penetration testing solutions that are within reach of these organizations. Many SMBs do not have in-house security teams or expertise, making automated solutions like vPenTest appealing as they provide necessary assessments without requiring extensive knowledge of cybersecurity.

Small and mid-sized companies operating in regulated industries, such as healthcare and finance, need to adhere to compliance standards. The regulations require regular security assessments and vPenTest offers an accessible way to meet these requirements.

Enterprises

Larger organizations looking for scalable solutions can benefit from the automation provided by vPenTest, allowing them to conduct frequent security assessments across multiple departments or locations. Enterprises typically require ongoing assessments to maintain security in complex environments, making vPenTest’s continuous testing capabilities particularly valuable.

Larger organizations with existing security infrastructure can integrate vPenTest into their broader security practices, enhancing their overall cybersecurity posture.

Customer Base

Vonahi Security serves a range of industries, including:

  • Healthcare: Ensuring patient data protection and compliance with regulations like HIPAA.
  • Finance: Addressing security concerns related to sensitive financial data and regulatory requirements.
  • Technology: Providing security assessments for software and technology companies that need to protect user data and intellectual property.
  • Retail: Helping retail businesses secure customer payment information and comply with PCI DSS standards.

While the company initially targeted clients within the United States, Vonahi Security has been expanding its services to international markets, particularly in regions with growing cybersecurity needs.

Value Proposition

  • Automation: The primary selling point of vPenTest is its ability to automate network penetration testing, making it faster and less expensive compared to traditional manual testing.
  • User-friendly interface: Designed for organizations without extensive cybersecurity expertise, vPenTest provides intuitive reporting and actionable insights, allowing users to understand and address vulnerabilities easily.
  • Quick turnaround: Automated testing enables faster identification of vulnerabilities, allowing businesses to respond quickly to potential threats.

Marketing Strategy

  • Educational content: Vonahi Security engages potential customers through educational content, webinars, and resources that raise awareness about the importance of regular security testing and the benefits of automation.
  • Partnerships: Collaborating with managed service providers (MSPs) and cybersecurity consultancies to extend its reach and offer integrated services to a broader audience.
  • Customer testimonials: Leveraging positive feedback and case studies from early adopters to build trust and credibility in the market.

Vonahi Product Suite

Vonahi Security primarily focuses on its core product, vPenTest, which automates network penetration testing.

Here’s an overview of the main products in Vonahi Security’s product suite:

1. vPenTest

vPenTest is Vonahi Security’s flagship product, an automated network penetration testing platform that aims to streamline and simplify the process of identifying vulnerabilities in an organization’s internal and external network.

Key Features:

  • Automated testing: Performs automated network penetration testing, reducing the time and cost typically associated with manual penetration testing.
  • Continuous security assessments: Allows organizations to conduct ongoing assessments to ensure their security posture remains strong against emerging threats.
  • Real-time reporting: Provides detailed reports that highlight vulnerabilities, along with actionable remediation guidance to help organizations address security issues effectively.
  • User-friendly interface: Designed to be accessible for organizations without extensive cybersecurity expertise, making it easy for users to understand and manage their security assessments.

2. Integrations and API Access

Vonahi Security focuses on making its products versatile and integrable with other security tools and platforms.

Key Features:

  • API access: Allows organizations to integrate vPenTest with existing security information and event management (SIEM) systems or other security tools, enhancing their overall security operations.
  • Data export: Enables exporting of reports and data for further analysis or integration into internal systems.

3. Future Product Development

Vonahi Security may continuously expand its product suite to address emerging cybersecurity challenges and technological advancements.

Key Features:

  • Enhanced automation: Ongoing development of features that increase the automation capabilities of vPenTest and other tools.
  • Expanded coverage: Future products may include offerings for specific compliance requirements or industry-specific security solutions.

Product Suite Summary

Vonahi Security’s product suite is designed to provide organizations with effective tools for managing their cybersecurity risks through automation and comprehensive assessments. vPenTest serves as the cornerstone of their offerings, while integrations with other Kesaya products will help to enhance the company’s ability to support clients in their cybersecurity initiatives. As the threat landscape evolves, Vonahi Security is likely to continue developing and expanding its product suite to meet the needs of its customers.

Flagship Product: vPenTest

Vonahi Security vPenTest

vPenTest is the flagship product of Vonahi Security, designed to automate the process of network penetration testing for organizations of all sizes. By streamlining security assessments, vPenTest aims to make penetration testing more accessible, efficient, and effective, particularly for small and medium-sized businesses (SMBs) that may lack the resources for extensive manual testing. Here’s a detailed review of its features, benefits, usability, and overall performance.

Key Features:

  • Automated network penetration testing: Scans for exploitable vulnerabilities within a network; faster and less error-prone than manual penetration testing.
  • Monthly security assessments:  Allows organizations to perform monthly assessments to keep up with the evolving threat landscape.
  • Alerts: Sends notifications and alerts for any new vulnerabilities detected, ensuring timely remediation.
  • Detailed reports: Insights into vulnerabilities, their severity, and recommended remediation strategies.  Reports and vulnerability data can be exported for further analysis with external tools.
  • API access: Provides integration with other security tools and systems, allowing organizations to incorporate vPenTest into their broader security operations.
  • Scalability: Suitable for organizations of various sizes, vPenTest can scale its assessments based on the complexity and size of the network.

The vPenTest platform utilizes advanced scanning algorithms and techniques to mimic the tactics of a human attacker. This is a cost-effective solution, especially for SMBs. It offers a more affordable alternative to traditional penetration testing services.

Pros:

  • Faster time to insight: Quickly identifies vulnerabilities and weaknesses, allowing for faster remediation and improved security posture.
  • Accessibility: Designed for use by teams to conduct security assessments without relying heavily on specialized cybersecurity knowledge.
  • Enhanced security posture: Reduces the risk of data breaches and security incidents.
  • An intuitive user interface: Simplifies navigation and use. Users can easily initiate scans, view results, and generate reports without needing extensive training.
  • Onboarding and support: Vonahi Security provides onboarding assistance and support to help users get started and maximize the value of the platform.

Cons:

  • Not a complete solution: vPenTest should be viewed as a part of a broader security strategy. Corporate security practices also need to be established.
  • Compatibility Issues: Depending on the existing security stack, there may be challenges with integrating vPenTest into other systems or tools.

Comprehensive documentation and tutorials are available to guide users through the platform’s features and functionalities. vPenTest empowers organizations to conduct regular security assessments efficiently.

Major Competitors

Effectively, Vonahi’s vPenTest is an automated network penetration testing solution, and there are many rivals to this tool on the market.

Here are some of the major competitors to Vonahi Security:

1. Cobalt.io

Cobalt.io offers a penetration testing-as-a-service (PtaaS) model, connecting companies with a global community of vetted penetration testers.

  • Key Strengths: The platform combines automated tools with human expertise, providing on-demand security assessments. Cobalt’s service is known for its speed and collaboration with in-house teams.
  • Comparison: Unlike Vonahi’s fully automated approach with vPenTest, Cobalt emphasizes a mix of manual and automated testing, providing greater human oversight.

2. HackerOne

HackerOne is a leading bug bounty platform that connects organizations with ethical hackers who identify and report vulnerabilities.

  • Key Strengths: The platform allows companies to tap into a large community of security researchers, providing continuous security testing via bug bounty programs.
  • Comparison: While Vonahi focuses on automation for scalability and cost efficiency, HackerOne relies on human expertise through a crowdsourced model, offering deeper coverage but at a potentially higher cost.

3. Synack

Synack combines artificial intelligence and a global community of ethical hackers to provide continuous penetration testing and vulnerability assessments.

  • Key Strengths: Synack’s model includes automated vulnerability discovery with real-time updates and human validation, ensuring a more thorough and tailored security assessment.
  • Comparison: Like Vonahi, Synack emphasizes automation but supplements it with human testing, making it a more comprehensive solution, albeit typically at a higher price point.

4. Rapid7 (Metasploit)

Rapid7 is known for its comprehensive suite of security tools, including vulnerability management, incident detection, and penetration testing through the Metasploit framework.

  • Key Strengths: Metasploit is widely used for manual penetration testing and vulnerability exploitation, offering flexibility for skilled security professionals.
  • Comparison: While Vonahi’s vPenTest offers automated, scalable solutions ideal for small to mid-sized businesses, Rapid7’s tools (including Metasploit) are more manual and suited to organizations with in-house security expertise.

5. Qualys (Vulnerability Management)

Qualys is a leader in vulnerability management, offering cloud-based solutions for automated vulnerability scanning, asset discovery, and compliance monitoring.

  • Key Strengths: Its cloud platform is widely used for vulnerability scanning and continuous monitoring across complex environments.
  • Comparison: Vonahi focuses more on network penetration testing through vPenTest, while Qualys emphasizes vulnerability management and compliance, making them complementary but competing in areas of vulnerability discovery.

6. Pentera (formerly Pcysys)

Pentera offers an automated penetration testing platform that simulates real-world attacks on an organization’s network to identify vulnerabilities.

  • Key Strengths: Pentera’s platform focuses on automating penetration testing in a way similar to vPenTest, delivering continuous assessments and actionable insights.
  • Comparison: Pentera is a direct competitor to Vonahi as both offer automated penetration testing solutions. However, Pentera is often targeted at larger enterprises, while Vonahi caters strongly to small and medium-sized businesses (SMBs).

7. ImmuniWeb

ImmuniWeb provides a suite of cybersecurity services, including automated penetration testing, application security testing, and dark web monitoring.

  • Key Strengths: ImmuniWeb combines AI-driven automation with manual testing in a hybrid approach, covering both web applications and network infrastructure.
  • Comparison: Like Vonahi, ImmuniWeb uses automation to reduce costs and improve efficiency but offers more comprehensive application testing, making it a broader solution.

Spotlight Wrap Up

Vonahi’s journey from a niche penetration testing company to an industry leader in automation-driven offensive security showcases its commitment to evolving cybersecurity practices. By automating aspects of security testing while still offering expert insights, the company bridges the gap between human expertise and technological efficiency, making cybersecurity proactive and affordable for businesses at any level.