Director of Product Design
During this project, I spent a lot of time coaching and/or leading efforts in a variety of areas: user discovery, interaction design, socializing / getting buy in on the final scope, and usability testing.
What is ThreatQ?
ThreatQ is a threat intelligence platform that allows a Security Operation Center (SOC) to take external threat intelligence (e.g. which hacking groups are leveraging which tools to exploit which vulnerabilities) and overlay it with their internal network.
This helps them make smarter security decisions:
- Which systems should we patch first?
- Where do we look for signs of a security breach?
- Who is currently targeting us and what are their motives?
SOC’s are seen as cost centers within a company. It’s hard to quantify all of the times your organization was NOT attacked due to all the hard work put into establishing a secure environment.
Timing is critical, the team is often short staffed, and prioritization is key.
Why customizable Dashboards?
Customer discovery work found that:
- Each customer has their own unique combination of threat intelligence data. This data comes from a mix of internal and external sources.
- There are commonalities in how the data is structured, however, each team leverages it in different ways to match their security goals.
- Threat Analysts need the ability to quickly assemble a view that explains their security posture on a particular topic.
- Threat Analysts are very comfortable manipulating data in spreadsheets and therefore if another tool is in their way, they are quick to abandon it.
- SOC Managers need the ability to demonstrate the value their team provides to the business through the lens of threat intelligence.
Yes, we could have built a custom solution for each individual customer but that wouldn’t scale.
Enabling customers to tell a story through data
We concluded that customers need the ability to create their own dashboards on any topic they’d like, and that the effort to do so, can’t outweigh the value the dashboard provides.
So for the initial release, we landed on four simple widgets, that would allow customers to tell a story:
- Bar Chart
- Pie Chart
Each widget would be driven by a “Data Collection” (aka saved search) since our search interface is powerful enough to create useful segments of threat intelligence.
We later added a Line chart and Description widget based on customer feedback and further understanding their goals.
Adding in a Permissions Layer
Through our research, we determined that customers also needed the ability to apply access controls to these dashboards.
This introduced the concepts like:
- Dashboard ownership
- Read / write permission assignment
- Ability to share with individual users and user groups
- Reassignment of a user’s dashboards in the case they left the company
Below is the interface for managing users who have access to a particular dashboard:
Chase use cases/workflows instead of competitors
We knew we needed to shift the business’ thinking from “checking a box to say we have the feature” to solving a real problem for customers. We achieved this by incorporating customer feedback early on in the process.
Because of this, our product was flexible enough to adapt to future use cases.
A couple examples:
- When STIX 2.0 hit the market (a new way to talk about threat intel), our sales team had a strong competitive advantage because our dashboard resembled the new way to discuss data while our competitors were stuck in the past
- Our sales team was able to utilize our dashboards for tracking fraud (a use case we hadn’t planned for) for a huge financial institution which helped demonstrate our value, resulting in a $1MM sale.
- It was the highlight of that year’s “All Hands / Sales kick off” because it helped complete a story around many of our use cases
Leveraging previous work saves money
As a team, it’s important to build a catalogue of takeaways from research. Because of this, we had a jump start on the project and it sped up the recruiting process.
Prototypes are powerful influencers
Both UX and development prototypes were used to steer the conversation around effort vs. value with the business. Ultimately, I think we chose the right scope and our customers have been thanking us for it.
Our design process is working!
In 2019, our team revamped our process to better incorporate customer feedback. This gives the team a better feel for which problems to solve and the ability to gauge the effectiveness of our solutions. Customer enthusiasm is high and our dashboards have a lot of traction.
Workflows span beyond a single feature
Even though our initial release has been positively received, we are still continuing to gather customer feedback and make improvements. Our new dashboard capabilities have highlighted other inefficiencies in our application that we are actively looking to address.