Mobile penetration testing firm Shevirah is getting new executive leadership as the company positions itself for a big enterprise push. Mark Longworth, known in the security industry as the inventor of the NetWitness technology, which was acquired by RSA in 2011, is joining Shevirah as CEO.
Shevirah, founded by Georgia Weidman, graduated from the Mach37 cyber-accelerator program in 2015. Weidman's goal with Shevirah is to build on her existing open-source Smartphone Pentest Framework to create an enterprise platform. She is looking for Longworth, using his experience and business acumen, to help push Shevirah into the enterprise.
"Longworth is really the best fit for Shevirah as he has both business experience and technical chops, which is rare to find in a top-flight executive," Weidman told eWEEK. "His claim to fame is NetWitness, which in its time started a new market, which in a way is what we're trying to do with Shevirah."
NetWitness' core innovation is the use of analytics to gain security insights. The NetWitness product line is now known as RSA Security Analytics. In contrast, Shevirah is aiming to open up the world of mobile penetration testing. With the new executive appointment, Weidman will now transition into the CTO role at Shevirah.
With Longworth at the helm, Shevirah is defining its platform, which will initially comprise three product offerings. In the summer of 2016, Longworth expects to debut a new open-source Smartphone Pentest Framework, which will enable attacks against a single target using multiple vectors.
The second product will be a Pro version that will build on the open-source product, providing users with the ability to design a testing campaign, as well as the capability to test against multiple targets. The Pro version will also include a graphical user interface as well as some reporting capabilities.
The Enterprise version of Shevirah's product will provide additional features that will make it useful for a larger organization to use. Integration with authentication systems, mobile device management, and existing Security Information and Event Management (SIEM) and incident response tools also will be part of the Enterprise edition.
The business model of building commercial extensions on top of an open-source-based product for a penetration testing tool is not a new one. Rapid7, the lead commercial sponsor behind Metasploit, which is a widely used open-source penetration testing framework, also has commercial editions.
"From the first days of the Smartphone Pentest framework I had Metasploit's success in mind," Weidman said.
Weidman added that she has always appreciated that Metasploit's core has remained open-source and that's the same approach she intends to keep with Shevirah.
With a new CEO in place, Shevirah is gearing up to fill out the rest of its operations with product management and sales personnel.
"We're looking to start booking some sales in the midyear time frame," Longworth said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.