Director of Product Design
During this project, I spent a lot of time coaching and/or leading efforts in a variety of areas: user discovery, interaction design, socializing / getting buy in on the final scope, and usability testing.
What is ThreatQ?
ThreatQ is a threat intelligence platform that allows a Security Operation Center (SOC) to take external threat intelligence (e.g. which hacking groups are leveraging which tools to exploit which vulnerabilities) and overlay it with their internal network.
This helps them make smarter security decisions:
- Which systems should we patch first?
- Where do we look for signs of a security breach?
- Who is currently targeting us and what are their motives?
SOC’s are seen as cost centers within a company. It’s hard to quantify all of the times your organization was NOT attacked due to all the hard work put into establishing a secure environment.
Timing is critical, the team is often short staffed, and prioritization is key.
Initial User Discovery
Through a series of calls, the team determined that:
- Customers possess a unique combination of threat intelligence data from various internal and external sources.
- Despite similar data structures, each team customizes its use to meet their unique security objectives.
- SOC Managers need to showcase the team’s value to the business through threat intelligence insights.
- Threat Analysts need a way to quickly assemble a dashboard that explains their security posture on a particular topic.
Furthermore, we encountered many examples where analysts were quick to discard unintuitive software in favor of spreadsheets and manual data manipulation.
Enabling customers to tell a story through data
We concluded that customers need the ability to create dashboards on any topic they’d like, and that the effort they’d spend to do so, can’t outweigh the value the dashboard provides.
For the initial release, we landed on four simple widgets, that would allow customers to tell a story:
- Bar Chart
- Pie Chart
Each widget would be driven by a “Data Collection” (synonymous with saved search) since our search interface is powerful enough to create useful segments of threat intelligence.
We later added a Line chart and Description widget based on customer feedback and further understanding their goals.
Adding in a Permissions Layer
Through our research, we determined that customers also needed the ability to apply access controls to these dashboards.
This introduced the concepts like:
- Dashboard ownership
- Read / write permission assignment
- Ability to share with individual users and user groups
- Reassignment of a user’s dashboards in the case they left the company
Below is the interface for managing users who have access to a particular dashboard:
Chase use cases/workflows instead of competitors
We knew we needed to shift the business’ thinking from “checking a box to say we have the feature” to solving a real problem for customers. We achieved this by incorporating customer feedback early on in the process.
Because of this, our product was flexible enough to adapt to future use cases.
A couple examples:
- When STIX 2.0 hit the market (a new way to talk about threat intel), our sales team had a strong competitive advantage because our dashboard resembled the new way to discuss data while our competitors were stuck in the past
- Our sales team was able to utilize our dashboards for tracking fraud (a use case we hadn’t planned for) for a huge financial institution which helped demonstrate our value, resulting in a $1MM sale.
- It was the highlight of that year’s “All Hands / Sales kick off” because it helped complete a story around many of our use cases
Leveraging previous work saves money
As a team, it’s important to build a catalogue of takeaways from research. Because of this, we had a jump start on the project and it sped up the recruiting process.
Prototypes are powerful influencers
Both UX and development prototypes were used to steer the conversation around effort vs. value with the business. Ultimately, I think we chose the right scope and our customers have been thanking us for it.
Our design process is working!
In 2019, our team revamped our process to better incorporate customer feedback. This gives the team a better feel for which problems to solve and the ability to gauge the effectiveness of our solutions. Customer enthusiasm is high and our dashboards have a lot of traction.
Workflows span beyond a single feature
Even though our initial release has been positively received, we are still continuing to gather customer feedback and make improvements. Our new dashboard capabilities have highlighted other inefficiencies in our application that we are actively looking to address.