A1: Threat Profiles
DESIGN FOR API-DRIVEN THREAT INTELLIGENCE DATA
UX / UI DESIGN
ABOUT
Arete is an enterprise service organization focusing on mitigating and investigating cybercrimes such as ransomware and business email compromise events.
This project focused on designing user-friendly, API-powered Threat Profiles. From information architecture to UI refinement, this phase enhanced data access and usability, enabling a holistic view of individual threats for faster, informed decision-making for internal and external users of the platform.
OVERVIEW
The Cyber Threat Intelligence (CTI) team provides stakeholders with actionable insights to mitigate cyber threats. A key deliverable are Threat Actor (TA) Cards, which detail Tactics, Techniques, and Protocols (TTP) used by adversaries, aiding informed decision-making for internal and external users of A1. My goal was to automate the creation of TA Cards, transitioning from static PDFs to dynamic, up-to-date content via ThreatConnect's API. Since data is collected in ThreatConnect, this improvement aimed to enhance the CTI team's efficiency in sharing insights from tracking adversary activities and breach patterns.
RESEARCH
I conducted extensive user research to identify the needs and pain points of CTI, TA Communications Analysts, and insurance carriers. This involved creating personas and key interview questions to understand how users leverage and acquire data on adversaries. Insights from interviews and data analysis provided a comprehensive understanding of user behaviors, needs, and their overall impact on the business.
WORKFLOWS
To effectively leverage these insights, I explored various workflows from the perspectives of both primary and secondary user groups, depicting existing processes and identifying opportunities for refinement, all with the aim of achieving an ideal workflow. This exercise was pivotal in understanding the comprehensive overhaul and redesign needed to genuinely meet user requirements and needs, as well as to document and communicate these findings to stakeholders.
DESIGN ITERATIONS
Given time constraints, immediate business goals, and available resources, our team prioritized the redesign of TA Cards due to their high impact and relatively low implementation effort. Throughout the iterative design process, we continuously reassessed elements such as language, information hierarchy, and overall UI with stakeholders and user groups. This approach allowed me to identify and address inconsistencies, such as the platform's headers, ensuring a coherent and predictable user experience through ongoing refinement. During this time, I proposed renaming these revised TA cards to 'Threat Profiles,' as this language offered a more comprehensive overview of adversaries and the malware they use.
Collaborating with the development team, we integrated the UI enhancements into A1’s platform and used ThreatConnect's API to populated threat profiles with the latest adversary activities, providing comprehensive and live insights to users without access to ThreatConnect.
IMPACT
PROTOTYPE
By improving access and navigation to Threat Profiles in a two week sprint, I created a UI that empowered a wide range of stakeholders with actionable threat intelligence, significantly enhancing the overall user experience of A1. My user-centered approach and iterative design process ensured that the solution not only met user needs but also strengthened their ability to mitigate cyber threats. Additionally, I improved the creation process for Threat Profile cards, making them readily accessible and relevant.