Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.

A customizable, vendor-agnostic tool featuring lists of automation opportunities, it’s been shared and recommended by members of the security community since its launch in January 2023, notably by Airbnb engineer Allyn Stott in his BSides and Black Hat talk, How I Learned to Stop Worrying and Build a Modern Detection & Response Program.

The SOC ACM has been compared to the MITRE ATT&CK and RE&CT frameworks, with one user saying, “it could be a standard for classification of SOAR automations, a bit like the RE&CT framework, but with more automation focus.” It’s been used by organizations in Fintech, Cloud Security, and beyond, as a basis for assessing and optimizing their security automation programs.

Here, we’ll take a closer look at how the SOC ACM works, and share how you can use it in your organization.

What is the SOC Automation Capability Matrix?

The SOC Automation Capability Matrix is an interactive set of techniques that empower security operations teams to respond proactively to common cybersecurity incidents.

It’s not a list of specific use cases related to any one product or service, but a way to think about the capabilities an organization might follow.

It offers a solid foundation for beginners to understand what’s possible with security automation. For more advanced programs, it serves as a source of inspiration for future implementations, a tool to gauge success, and a means to report outcomes.

While the tool is vendor-agnostic, it pairs well with a platform like Tines, which was developed by security practitioners to help fellow security practitioners automate their mission-critical processes.

How does the SOC Automation Capability Matrix work?

The SOC ACM is split into categories that contain automation capabilities.

Each capability comprises:

• Description – a brief overview of what the capability is doing
• Techniques – technology-agnostic ideas for how to implement the capability
• Examples – relevant workflow templates from the Tines library
• References – other research contributing to the capability

The framework reads from left to right and top to bottom within categories. While it is minimally opinionated about which capabilities bring the most value or are easier to implement, the framework is adaptable to what organizations find most valuable.

Each capability can stand alone in the matrix, but joining many capabilities together can produce many more complex and impactful outcomes.

How to use the SOC Automation Capability Matrix

Next, we’ll illustrate how to use the SOC ACM, taking phishing response as our example. Many organizations utilize multiple techniques to find and analyze suspicious messages to respond appropriately to malicious emails.

To start, here are some processes a routine phishing investigation might include:

1. Receive a phishing email or alert
2. Send a notification to the security team for processing
3. Create a ticket to track and record the analysis
4. Review the elements of the email, including attachments, links, and email message headers
5. If suspicious, delete the email and add features to blocklists
6. Send a notification to the recipient with a status update

Within the matrix capability, Phishing Alerts appear in the Alert Handling section; it mentions that many organizations implement tools like email security gateways to prevent suspicious emails from being delivered to inboxes while also generating alerts of attack campaigns that could be automated.

The capability also outlines a strategy to create a purposeful inbox for users to easily forward phishing emails that may have passed through the filters. Implementing both of these capabilities offers an opportunity to begin an automation workflow.

Once a suspicious message has been identified, either through the user reporting or generated alert, more automation capabilities become available. One recommendation is to create a location for tracking the lifecycle of each alert as soon as possible.

Utilizing the Tracking Location capability in the Issue Tracking section, we can identify where these alerts should be recorded, updated, and reported. Notice how the workflow has now moved between sections of the Automation Capability Matrix to extend the process.

With the alert and tracking location decided on, we can move towards performing a thorough analysis of the phishing alert in question. Phishing emails commonly contain potentially malicious attachments and suspicious links to capture authentication material and are typically sent from spoofed sources.

Moving into the Enrichment phase, we want to focus on utilizing a few key capabilities at a minimum: Domain Analysis for any links present in the email body, File Hash Analysis/File Analysis to look at any attachments to the email, and Email Attributes to look deeper into email headers for signs of emails from spoofed addresses.

For Enrichment opportunities, the number of options for API-driven tools and services that can be used to provide these capabilities grows exponentially. Some common options include VirusTotal for files, URLscan for domains, and EmailRep for sender information. Each of these enrichment results can be recorded in the associated tracking location identified previously to document the outcomes and provide analysts with a view into the results.

This shows how many capabilities from the same section can be applied to the same automation workflow, in this case, to provide as much information as possible to analysts.

After enrichment occurs, a verdict might be reached already, but more likely, the issue will require a quick review from an analyst. At this point, the User Interaction section becomes critical.

To start, we can use Chat Alerts to notify the security team in a Slack channel that a phishing email has arrived and a tracking issue has been created, with various enrichment details added as additional context is ready for review.

That takes care of informing the security team, but what about updating any users who might be impacted or who reported the email? Phishing response processes, in particular, are unique because many organizations actively train users to report emails they might identify as suspicious. Informing these users with a confident verdict within a short timeframe is a great way to empower operations such as getting sensitive documents signed quickly or preventing mass malware outbreaks.

To do this, we can use the User Notification capability to identify the user who reported the email and provide them with the results of the email analysis. In the case of User Interaction, it’s not only about additional notification of the security team but also extending the reach and empowering others with real-time information to make the right decisions.

At this point, a lot of activity has taken place, and we have a lot of knowledge at our disposal. While more information is always helpful, acting on it appropriately is what ultimately counts most, resulting in the remediation phase. Many of the data points (indicators) we gathered before can be used for remediation action. Depending on how the situation has played out, we could take some of the following steps:

• Domain blocklist: Add any domains and URLs identified as suspicious to a blocklist.
• File hash blocklist: Add any file hashes identified as malicious to a blocklist.
• Email deletion: Remove emails related to an attack campaign from inboxes.
• Password invalidation: Change the passwords of any users found to have submitted credentials to a phishing website.

The key to any remediation is knowing what’s possible and starting small, especially when utilizing automation to build confidence. One way to do this is to provide links or buttons that need to be manually clicked to take remediation actions, but in a repeatable manner. If you want to introduce full automation, keeping lists of suspicious domains that can be blocked provides you with great utility, minor risk, and can be fixed quickly with little overall impact when errors occur.

Looking at the process end-to-end, we have utilized the following capabilities to help automate critical actions for many cybersecurity teams:

• Phishing alerts
• Tracking location
• File hash analysis
• Domain analysis
• Email attributes
• Chat alerts
• User notification
• Domain blocklist
• File hash blocklist
• Email deletion
• Password invalidation

A significant benefit of developing these capabilities in your organization to address a single process, such as phishing, is that many of these capabilities are now available to be reused for additional purposes like malware detection or handling suspicious logins, making each subsequent automation opportunity easier.

Customizing the matrix

The SOC ACM is also available on GitHub for those who prefer to run it themselves or contribute.

This way, the SOC ACM can be fully customized to fit your needs. This includes:

• Adding new categories and capabilities
• Reorganizing according to your priorities
• Tracking automation workflows that align with these capabilities
• Exporting the configuration
• Dark and light mode

You can also assess different environments or different organizations differently by creating separate boards. For example, if your organization acquires a company with different capabilities from yours, you can use the matrix to visualize that environment completely differently.

All of this configuration can be stored locally in your browser for privacy. As well as exporting the configuration, you can import it to revive past assessments, all without a login account, and without any tracking.

The SOC ACM as a reporting tool

Teams accessing the SOC ACM on GitHub can also use the matrix to visually demonstrate where they are in their automation journey and communicate the value of their automation program to leadership and other key stakeholders.

Soon after implementing a few capabilities, teams will understand which capabilities they’re utilizing most, the associated activities, and their value, such as time saved or reduced response time. This enables them to share results with relevant teams and decide what to prioritize next.

Case study: tracking time saved and executions to show value with the SOC ACM

At the Tines Roadshow: San Francisco, the creator of the SOC Automation Capability Matrix, John Tuckner, shared how he worked with a Fintech company to assess and enhance their automation program using the matrix. They told Tuckner, “The Automation Capability Matrix helps us organize our workflows, identify which workflows are saving us the most time, and highlight future areas of opportunity.”

Highlights:

• 25 capabilities implemented and tagged
• 10 workflows utilizing Slack slash commands with 2,000 executions
• Send multifactor prompt workflows ran 721 times for 6.5 hours of time savings per month

Recommendations:

• Look at managing lists of IOCs for response capabilities, “IP list,” “domain list,” and “hash list.”
• Document and highlight the efforts made in time saved when utilizing case management.

Future state – what they’ll do differently:

• Tackling distributed alerting, user interaction via Slack
• User notification
• User response
• Updating security Slack channel and incident reporting to use a Slack bot and route reports and asks to the correct subteam
• Notify emergency resources
• Timed escalations
• Slash commands
• Add more response actions via Tines automation through our Slack bot
• Artifact gathering
• Disabling MFA device
• Asset lookup (not just endpoints, need to include cloud assets)

The SOC Automation Capability Matrix is a useful resource for teams at all stages in their automation journey, providing inspiration for their next automation builds and a means to assess their automation program.

If you’d like to explore the SOC Automation Capability Matrix in more detail, you’ll find it on Notion, hosted by the Tines team.

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security controls.

However, the evolving cyber threat landscape can challenge even the most fortified defenses. Despite the widespread adoption of the Defense-in-Depth strategy, cyber threats persist. Fortunately, the Defense-in-Depth strategy can be augmented using Breach and Attack Simulation (BAS), an automated tool that assesses and improves every security control in each layer.

Defense-in-Depth: False Sense of Security with Layers

Also known as multi-layered defense, the defense-in-depth strategy has been widely adopted by organizations since the early 2000s. It’s based on the assumption that adversaries must breach multiple defense layers to compromise valuable assets. Since no singular security control can provide foolproof protection against the wide array of cyber threats, defense-in-depth has become the norm for organizations worldwide. But if every organization uses this strategy today, why are security breaches still so common?

Ultimately, the primary reason is a false sense of security from the assumption that layered solutions will always function as intended. However, organizations shouldn’t put all their faith in multi-layered defenses — they must also stay up-to-date against new attack vectors, possible configuration drifts, and the complex nature of managing security controls. In the face of evolving cyber threats, unsubstantiated trust in defensive layers is a security breach waiting to happen.

Perfecting the Defense-in-Depth Strategy

The defense-in-depth strategy promotes using multiple security controls at different layers to prevent and detect cyber threats. Many organizations model these layers around four fundamental layers: Network, Host, Application, and Data Layers. Security controls are configured for one or more layers to maintain a robust security posture. Typically, organizations use IPS and NGFW solutions at the Network Layer, EDR and AV solutions at the Host Layer, WAF solutions at the Application Layer, DLP solutions at the Data Layer, and SIEM solutions across multiple layers.

Although this general approach applies to nearly all defense-in-depth implementations, security teams cannot simply deploy security solutions and forget about them. In fact, according to the Blue Report 2023 by Picus, 41% of cyber attacks bypass network security controls. Today, an effective security strategy requires a solid understanding of the threat landscape and regularly testing security controls against real cyber threats.

Harnessing the Power of Automation: Introducing BAS into the Defense-in-Depth Strategy

Understanding an organization’s threat landscape can be challenging due to the vast number of cyber threats. Security teams must sift through hundreds of threat intelligence reports daily and decide whether each threat might target their organization. On top of that, they need to test their security controls against these threats to assess the performance of their defense-in-depth strategy. Even if organizations could manually analyze each intelligence report and run a traditional assessment (such as penetration testing and red teaming), it would take far too much time and too many resources. Long story short, today’s cyber threat landscape is impossible to navigate without automation.

When it comes to security control testing and automation, one particular tool stands out among the rest: Breach and Attack Simulation (BAS). Since its first appearance in Gartner’s Hype Cycle for Threat-Facing Technologies in 2017, BAS has become a valuable part of security operations for many organizations. A mature BAS solution provides automated threat intelligence and threat simulation for security teams to assess their security controls. When BAS solutions are integrated with the defense-in-depth strategy, security teams can proactively identify and mitigate potential security gaps before malicious actors can exploit them. BAS works with multiple security controls across the network, host, application, and data layers, allowing organizations to assess their security posture holistically.

LLM-Powered Cyber Threat Intelligence

When introducing automation into the defense-in-depth strategy, the first step is to automate the cyber threat intelligence (CTI) process. Operationalizing hundreds of threat intelligence reports can be automated using deep learning models like ChatGPT, Bard, and LLaMA. Modern BAS tools can even provide their own LLM-powered CTI and integrate with external CTI providers to analyze and track the organization’s threat landscape.

Simulating Attacks in the Network Layer

As a fundamental line of defense, the network layer is often tested by adversaries with infiltration attempts. This layer’s security is measured by its ability to identify and block malicious traffic. BAS solutions simulate malicious infiltration attempts observed ‘in the wild’ and validate the network layer’s security posture against real-life cyber attacks.

Assessing the Security Posture of the Host Layer

Individual devices such as servers, workstations, desktops, laptops, and other endpoints make up a significant portion of the devices in the host layer. These devices are often targeted with malware, vulnerability exploitation, and lateral movement attacks. BAS tools can assess the security posture of each device and test the effectiveness of host layer security controls.

Exposure Assessment in the Application Layer

Public-facing applications, like websites and email services, are often the most critical yet most exposed parts of an organization’s infrastructure. There are countless examples of cyber attacks initiated by bypassing a WAF or a benign-looking phishing email. Advanced BAS platforms can mimic adversary actions to ensure security controls in the application are working as intended.

Protecting Data Against Ransomware and Exfiltration

The rise of ransomware and data exfiltration attacks is a stark reminder that organizations must protect their proprietary and customer data. Security controls such as DLPs and access controls in the data layer secure sensitive information. BAS solutions can replicate adversarial techniques to rigorously test these protection mechanisms.

Continuous Validation of the Defense-in-Depth Strategy with BAS

As the threat landscape evolves, so should an organization’s security strategy. BAS provides a continuous and proactive approach for organizations to assess every layer of their defense-in-depth approach. With proven resilience against real-life cyber threats, security teams can trust their security controls to withstand any cyber attack.

Picus Security pioneered Breach and Attack Simulation (BAS) technology in 2013 and has helped organizations improve their cyber resilience ever since. With Picus Security Validation Platform, your organization can supercharge its existing security controls against even the most sophisticated cyberattacks. Visit picussecurity.com to book a demo or explore our resources like “How Breach and Attack Simulation Fits Into a Multi-layered Defense Strategy” whitepaper.

To grow your understanding of evolving cyber threats, explore the Top 10 MITRE ATT&CK techniques and refine your defense-in-depth strategy. Download the Picus Red Report today.

Note: This article was written by Huseyin Can Yuceel, Security Research Lead at Picus Security, where simulating cyber threats and empowering defenses are our passions.

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage.

SaaS applications seem to be multiplying by the day, and so does their integration of AI capabilities. According to Wing Security, a SaaS security company that researched over 320 companies, a staggering 83.2% use GenAI applications. While this statistic might not come as a surprise, the research showed that 99.7% of organizations use SaaS applications that leverage AI capabilities to deliver their services. This usage of GenAI in SaaS applications that are not ‘pure’ AI often goes unnoticed by security teams and users alike.

70% of the most popular GenAI applications may use your data to train their models, and in many cases it’s completely up to you to configure it differently.

When examining hundreds of AI-using SaaS applications, Wing Security was able to categorize the different ways in which these applications use organizational data, as well as offer a solution to this new threat:

Data storing: In some cases, data is stored by the AI for very long periods of time; in others, it can be stored for short periods only. Storing data allows AI learning models, and future models, to continually train on it. That said, the main concern is when considering the many different types of attacks seen on SaaS applications. When an application is compromised, the data it stores might be compromised too.

Model training: By processing vast amounts of information, AI systems can identify patterns, trends, and insights that may elude human analysis. Through machine learning algorithms, AI models learn from data and adapt over time, refining their performance and accuracy, resulting in better service to their end users. On the downside, allowing these models to learn your code, patents, sales, and marketing know-how provides AI-using applications with the potential means to commoditize your organization’s competitive edge. To some, these knowledge leaks are considered more significant than data leaks

The human element: Certain AI applications leverage human validation to ensure the accuracy and reliability of the data they gather. This collaborative approach, often referred to as human-in-the-loop or human-assisted AI, involves integrating human expertise into the algorithmic decision-making process. This results in higher accuracy for the AI model, but also means a human, working for the GenAI application, is exposed to potentially sensitive data and know-how.

Leveraging automation to combat AI-SaaS risks

Wing’s recently released AI solution guarantees security teams will better adapt to, and control, the ever-growing and practically unstoppable AI usage in their organizations. Their solution follows three basic steps – Know, Assess, Control.

Know: As with many security risks, the first step is to discover them all. In the case of AI, it is not enough to simply flag the “usual suspects” or the pure GenAI applications such as ChatGPT or Bard. With thousands of SaaS applications now using AI to improve their service, discovery must include any application leveraging customer data to improve their models. As with their previous solutions, Wing is offering this first and fundamental step as a free, self-service solution for users to self-onboard and start discovering the magnitude of AI-powered applications used by their employees.

Assess: Once AI-using SaaS has been uncovered, Wing automatically provides a security score and details the ways in which company data is used by the AI: How long is it stored for? Is there a human factor? And perhaps most importantly, is it configurable? Providing a detailed view of the application’s users, permissions, and security information. This automatic analysis allows security teams to make better-informed decisions.

Control: Wing’s discovery and analysis pin-points the most critical issues to address, allowing security teams to easily understand the level of risk and types of actions needed. For example, deciding whether or not they should permit a certain application’s usage or simply configure the AI elements to better match their security policy.

The Secret: Automating All Of The Above

By automating Discovery, Assessment and Control, security teams save time on figuring out where to focus their efforts instead of spreading themselves thin trying to solve a huge and evolving attack surface. Subsequently, this significantly reduces risk.

Wing’s automated workflows also allow for a unique cross-organizational solution: By allowing users to directly communicate with the application’s admin or users, Wing prompts better-informed security solutions alongside a stronger security culture of inclusion rather than simple black or white listing.

In an era where SaaS applications are omnipresent, their integration with artificial intelligence raises a new type of challenge. On the one hand, AI usage has become a great tool for boosting productivity, and employees should be able to use it for its many benefits. On the other hand, as the reliance on AI in SaaS applications continues to surge, the potential risks associated with data usage become more pronounced.

Wing Security has responded to this challenge by introducing a new approach, aimed at empowering organizations to navigate and control the escalating use of AI within their operations, while involving the end users in the loop and ensuring they may use the AI-SaaS they need, safely. Their automated control platform provides a comprehensive understanding of how AI applications utilize organizational data and know-how, addressing issues such as data storing, model training, and the human element in the AI loop. Security teams can save precious time thanks to clear risk-prioritization and user involvement.

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.

This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in today’s security landscape.

What is network penetration testing?

Network penetration testing is a proactive approach to cybersecurity in which security experts simulate cyberattacks to identify gaps in an organization’s cyberdefense. The key objective of this process is to identify and rectify weaknesses before hackers can exploit them. This process is sometimes called “pentesting” or “ethical hacking.”

Network pentesting checks for chinks in an organization’s armor to help mitigate cyber-risks and protect against data, financial and reputational losses.

Differences between internal and external network penetration tests

Internal and external network penetration tests focus on different parts of an organization’s defense posture and are important for different reasons.

Internal network penetration tests assess the security of an organization’s internal network components like servers, databases and applications. Their objective is to identify vulnerabilities that can be exploited by an insider — a malicious employee, someone who could accidentally cause damage, or an outsider who’s already gained unauthorized access.

On the other hand, external network penetration tests look for threats from outside an organization caused by cybercriminals. They assess external-facing parts of an organization’s network, like websites and web applications, to simulate attacks that cybercriminals perform to gain unauthorized access.

It’s not a question of choosing one over the other. Internal and external network penetration tests are complementary layers of a comprehensive cybersecurity approach.

How network penetration testing works

The process of network penetration testing can broadly be divided into seven stages.

1. Defining the scope: The organization decides which systems to test using which methods and what is off-limits in collaboration with experts or penetration testers.
2. Gathering information: Testers collect information on the network, like IP addresses and domain names.
3. Detecting vulnerabilities: Testers identify vulnerabilities in the networking using various manual and automated tools and techniques.
4. Exploiting the vulnerabilities: Testers exploit the exposed security flaws to try and gain unauthorized access to systems and sensitive data.
5. Post exploitation: Testers use the information gathered in the previous stages to escalate access into systems and sensitive data to test and demonstrate the impact of a potential attack.
6. Reporting on the vulnerabilities: Testers report on identified vulnerabilities and recommend security fixes.
7. Fixing the vulnerabilities: Based on the report, the organization mitigates risks and improves its security posture.

Network penetration tests help organizations get a clear view of the effectiveness of their cyberdefense, helping them make informed and strategic security decisions.

Common misconceptions about network penetration testing

Now that we know what network penetration testing is and how it works, let’s dispel common myths.

Myth 1: Network penetration tests are a form of hacking.

While testers’ methods may be similar to those deployed by hackers, network penetration testing is an ethical process aiming to protect organizations. The same cannot be said of hacking because the intent is malicious.

Myth 2: You only need to run a network penetration test once.

Several factors determine an organization’s security, including the ever-evolving and advancing abilities of threat actors or cybercriminals and changing components in an organization’s IT infrastructure.

New threat avenues open frequently due to changes to these factors. Hence, you need to perform network penetration tests often, not just once, to keep up with the changes and identify potential vulnerabilities to mitigate risks and stay ahead of threats.

Myth 3: Network penetration tests are only for large corporations.

Small and medium businesses are prime targets for hackers because these organizations often lack the means to protect themselves efficiently. Roughly 40% of small businesses lose data due to cyberattacks, and about 60% go out of business within six months of a cyberattack. Network penetration testing can help these organizations improve their defense by identifying vulnerabilities that cybercriminals could exploit in advance.

Myth 4: Network penetration testing disrupts business operations.

The fear around network penetration testing is understandable. However, you can perform network penetration testing with minimal disruptions using advanced tools and technologies. In addition, you can request to conduct the pentest outside of business hours and on weekends.

Myth 5: Manual network penetration tests are the only way to be compliant.

Compliance requirements vary according to industries and geographies. The scope, frequency and testing requirement for network penetration testing differs for various standards. No one size fits all, and manual network penetration testing is certainly not the only way to be compliant.

Manual vs. automated network penetration testing

Network penetration testing, whether done manually or automatically, offers the clear advantage of identifying and rectifying vulnerabilities before hackers can exploit them.

With that said, both methods have their pros and cons.

Manual penetration testing is more hands-on and guided by human intuition, allowing you to explore security threats and vulnerabilities through the lens of security experts.

However, it’s also prone to human errors and inconsistencies. The methods testers use may fail to keep up with the evolution of threats. More importantly, manual network penetration testing is notoriously time-consuming and costly.

As far as automated network penetration testing is concerned, its efficacy depends on you choosing the right solution. However, if you can manage that, then automated network penetration testing can help you overcome the limitations of manual penetration testing.

Automated network penetration testing enables you to identify vulnerabilities that a malicious actor could exploit faster and more consistently. It’s also less prone to human errors and more scalable and cost-effective.

An advanced automated network penetration testing solution like vPenTest from Vonahi Security lets you continuously stay ahead of issues by running tests more frequently and enabling you to monitor your organization’s risk profile in near real-time. Improve your network and cybersecurity defenses – explore the benefits of vPenTest today at www.vonahi.io!

Protecting your business with automated network penetration testing

Given the complexity of modern IT infrastructures and the innovation of new attack methods, network penetration testing is a must-have in your cyber defense because it allows you to proactively check for vulnerabilities and fix them to prevent cyber catastrophes.

While manual penetration testing can be tedious and expensive, automated network penetration testing offers an efficient, cost-effective, and reliable alternative, allowing you to test more frequently with on-demand scheduling and monitor your network in near real-time.

In the battle for greater cybersecurity, automated penetration testing is an effective shield, helping organizations protect against downtime, reputation and financial damages and data loss incidents.

Empower your organization’s cybersecurity with Vonahi Security’s vPenTest – the industry-leading automated network penetration testing solution. Safeguard your business against cyber threats efficiently, cost-effectively, and in real-time. Join over 8,000 organizations benefiting from vPenTest. Visit Vonahi Security to secure your network and stay ahead of evolving cyber risks.

About Vonahi Security

Vonahi Security, a Kaseya Company, is a pioneer in building the future of offensive cybersecurity consulting services through automation. vPenTest from Vonahi is a SaaS platform that fully replicates manual internal and external network penetration testing, making it easy and affordable for organizations to continuously evaluate cybersecurity risks in real time. vPenTest is used by managed service providers, managed security service providers, and internal IT teams. Vonahi Security is headquartered in Atlanta, GA.