Interview With Aleksey Lapshin – ANY.RUN

With many thanks to ANY.RUN’s CEO Aleksey Lapshin, Private Internet Access learned all about how residential VPNs are becoming more important nowadays.

Private Internet Access: What motivated you to start your company?

Aleksey Lapshin: I have seen many products out there, and quite often, they have only one goal: to achieve business purposes. Of course, it is natural but not convenient for engineers. Going after success, designers or developers stop caring for users. And just imagine a guy that works day after day, all these long hours with the software designed not for him but only for financial objectives. Employees fall into stress and suffer while working with tools that are complicated, useless, and stingy with design.

Those feelings are very relatable to me, as I used to be one of those guys. In my opinion, this situation is a real issue, and I find it disappointing and sad. I believe a person can be more productive if they feel cared for. And keeping this in mind, I got an idea for the company. Finding a solution or relief to this pain has become the key value in our product’s philosophy.

PIA: What do you love about working in cybersecurity?

AL: Cybersecurity is a very dynamic and ever-changing sphere. The constant defense and offense race certainly keeps you on your toes. You won’t stay put like in a classical business. Today there is one way to research malware, and you build a feature for it, but tomorrow a need to analyze attacks differently appears, so you create something new. These ongoing challenges motivate us to develop further, stay focused and do more.

PIA: What does your company do?

AL: Our product, ANY.RUN is a service for the analysis of malicious content. At first sight, it seems to be a usual online sandbox, but we added interaction with the virtual machine. Besides that, all data is showcased in real-time, and there is no need to wait for the end of the analysis process.

You would think that the idea is very simple. However, it goes a lot deeper. We are very careful with information that a user gets and tend to be as transparent as possible. We try not to complicate the service to keep the product’s entry bar low. On the one hand, we decrease the cost of employees for business: 90% of tasks can be completed even by junior specialists. They don’t need a bunch of certificates to finish everyday tasks, a clear and simple tool is more than enough. On the other hand, we grow the community by making cybersecurity more accessible.

PIA: Why do individuals and companies need a good VPN?

AL: In ANY.RUN, we utilize VPN to secure our perimeter. Besides that, VPN is used inside the service, and it allows launching virtual machines for analysis as if they were run in other geo-locations. Therefore, a malware analyst has an opportunity to research malicious software more properly and get much more information.

It’s worth mentioning that lately, “residential VPN” services have become more popular. We use them to get close enough to the working station of the attacked side and monitor the real situation precisely.

PIA: What are the worst cyberthreats out there today?

AL: We can talk about different trends concerning modern cyber threats here in ANY.RUN, we deal with them daily. There is even a Malware Trends Tracker that we created to monitor threat activities in real-time. Ransomware, Trojans, Loaders, Miners – some types of malware disappear, others become widespread.

But I would like to pay attention to the real threat at all times – the lack of cybersecurity awareness in the most vulnerable part of a company, such as the accounting or HR departments. The absence of basic knowledge opens a door for any cyber threat, whether trendy or old-school. And only constant training can fix it. We know that it is much harder to compromise an experienced SOC specialist than an ill-informed accountant, and the numerous names of malicious files that we can see in spam confirm this fact. Here is just a small list: “Quote request,” “Remittance Advice,” “SWIFT DETAILS,” “New Order PO119225”, “Invoice.”

PIA: How is the pandemic changing the way your company deals with cybersecurity?

AL: It’s tough to estimate the pandemic impact now. For us, as a startup, every year is a new challenge. We were able to adapt last year as well as the year before. Some departments had to reduce the budget, and others increased it due to the remote work that turned out to be a new standard.

I can note that companies have become more and more focused on the quality of service in this new reality. Startups step into the spotlight, taking it away from the big names in the industry. In general, the cybersecurity sphere tends to grow horizontally, and the pandemic even accelerated the process. And that is good news – new companies with attractive solutions are still welcome here.