Aviva Zacks of Safety Detective sat down with Anastasiya Manina, CEO of Dysnix, and asked her about her company’s products.
Safety Detectives: Tell me about your job at Dysnix.
Anastasiya Manina: Personally, I play the role of the manager at Dysnix, and I’m not directly related to the development part, although sometimes I’d like to try coding. I’ve always been interested in such a profession as engineering, and, with the overwhelming majority of technical specialists with whom I have ever met during my career, we easily found a common language and have been friends for many years.
I have always been very interested in the development and introduction of high technologies in everyday life. Business usually emerges from daily life challenges. I also mean those technologies that ensure safety.
SD: Tell me about some of Dysnix’s products.
AM: We build server infrastructures from scratch and optimize them to solve business problems and make the system as secure as possible from the bottom line. Actually, Dysnix is a special DevOps forces unit that masters the most complex tasks where others give up.
Our core solutions are focused on securing cloud infrastructures. As a rule, these are Terraform manifests for quick deployment of private K8s clusters with all our best security practices inside. These are also sets of network policies, VPN, p2p encryption for internal traffic, and so on.
We are very serious about the development process, that is why we integrate into CI/CD systems a check for the vulnerability of the software used, a container scanner, and a tool that analyses how much application code is vulnerable.
Of course, most of the decisions originate from the challenges we face. We have recently developed a very simple but effective way to protect the API backend from DDOS attacks using Cloudflare. When an active cyber-attack happens, we can’t use standard DDOS protection tools by Cloudflare on projects where the frontend and backend parts are segregated since it is impossible to pass the JS or Captcha challenge from the API. The developed solution allows even small companies to protect themselves from very severe DDOS attacks. I will say those small businesses are also subject to heavy cyberattacks.
SD: What types of companies are using your technology?
AM: First of all, requests come from technology startups that dominate the market and are affected by changes quickly. Enterprise needs more time to redesign the system. Decisions are taken longer, including security issues. Enterprises need much more time to approve, select implementation models, and allocate resources than companies that are developing and much more flexible. There is one more difficulty in the process of implementing changes – a lack of proven contractors. Unfortunately, there are service companies in the market that undermine customer confidence, and this affects the trust of the entire market, this also applies to reliable contractors.
As a result, many customers are trying to develop an in-house engineering department, neglecting opportunities that decent outsourcing companies provide. It is, first of all, versatile expertise and constant exchange of experience within a contractor’s team. For example, we practice working groups to solve the most complex problems without immersion in the business context. This approach significantly saves the client’s time and resources to solve a problem without risking sensitive information.
Another reason to develop an in-house engineering department is the clients’ desire to keep expertise inside a company. In some cases, it makes sense, others it doesn’t. A constant flow of tasks and a stable workload of an engineer play a key role here. If an engineer doesn’t have enough workload, a company faces significant expenses that could be avoided or reduced. In any case, each company is the one that decides how to proceed in such a situation.
SD: What is the worst cyberthreat out there?
AM: The dramatic statistics of cyberattacks in 2020 is available in the public domain. According to FinTech News:
- 43% of data breaches are cloud-based web applications
- Coronavirus blamed for a 238% rise in attacks on banks
- 80% of firms have seen an increase in cyberattacks
- 27% of attacks target banks or healthcare
- There is a cyberattack every 39 seconds
Fintech and Medtech companies are most often subject to cyberattacks in 2020.
At the same time, while working with market needs, we see that not all companies realize that this is a real threat to their own business. Even businesses that operate in such areas which are most affected by cyberattacks currently—Fintech and Medtech—are not always serious about this threat.
Even small companies are now at risk. For example, our solution that I talked about earlier—based on Cloudflare—was developed as a response to a very heavy DDOS attack that a small business of one of our clients was subjected to.
According to our assumptions, this cyberattack was carried out by its competitors.
The business became a target of cyber-attacks in the form of more than 1 billion requests per day within 2 weeks. Although this is a small business, it was outside of any areas that are at risk of cyberattacks. It is a very significant case for us.
One more case from our practice that I’d like to talk about is a cyberattack on a blockchain company that reached out to us when they were already being attacked. Cyber attackers planned a complex attack that involved social engineering. As a result, they managed to withdraw a large amount of money from the company’s accounts. When we started to try to solve this problem, their money was in the middle of the transferring process. Because we very quickly replaced all the transactions, we managed to save most of the sum.
SD: How has the Covid-19 pandemic changed cybersecurity forever?
AM: This year, there have been real “tectonic shifts” in the cybersecurity market, which forced many businesses to move work online massively, and employees have to work remotely. These are new, large-scale challenges, which sadly are not yet fully comprehended by everyone. Cyber-attacks occur only where there are vulnerabilities. Currently, the number of companies that started working online has increased dramatically.
I’d like to point out that Dysnix deals with core security issues, let’s call it. Therefore, we know firsthand about all the pitfalls of security. It is especially true of management policies of companies in the security area that sadly can sometimes make the system more vulnerable.
Of course, all this had an impact on how many information leaks occurred, compromise of users’ confidential data, which resulted in another wave of cyberattacks.
In other words, we see an avalanche-like process where very “greenhouse” closed systems enter the outside world, and they are not at all ready for so many “viruses” that are hovering around. It is an interesting process that could lead to a revolution in the network security industry.
We also see confirmation of all these actions is the increase in the number of requests from clients for our security services – this includes infrastructure audits, penetration tests, and the development of high-security infrastructures from scratch. In 2021, we see great potential for the development of such a direction as security enhancement services. Dysnix is planning to develop it and it will likely become one of the main directions.