Attack Path Visualization:
New Approach to Threat Analysis
Product feature, UX/UI
'Attack Path' empowers Kubernetes users to proactively visualize and neutralize security threats.
WHAT WE DID
Imagine you're a security analyst responding to a critical incident. An alert comes in, but instead of seeing a clear attack path, you’re left with scattered logs and disconnected data points. You have to manually piece together the attacker’s movements, a process that takes hours—valuable time that could mean the difference between containment and a major breach.
To solve this, we designed and launched Attack Path Visualization, a completely new feature that enables security analysts to map out how threats progress through a system. Before this, analysts had to manually correlate logs and alerts from multiple sources, making it difficult to see the full scope of an attack.
MY ROLE
As the lead product designer, I:
-
Conducted in-depth research to understand how analysts track attack progression.
-
Collaborated with engineers, product managers, and security teams to define key requirements for the feature.
-
Designed and prototyped an interactive visualization that made attack paths easier to analyze.
-
Led stakeholder alignment efforts to ensure buy-in from security teams and leadership.
-
Iterated on the design based on feedback from usability testing and real-world analyst workflows.
THE CHALLENGE & GOAL
The Challenge
Before this feature, analysts lacked a visual representation of how attacks unfolded. They had to rely on fragmented log data, making it time-consuming to piece together an attack’s impact and progression.
The Goal
Our objective was to build a brand-new attack visualization tool that:
-
Provided a clear, interactive attack path that visualized the sequence of events.
-
Helped analysts identify key attack entry points and lateral movements quickly.
-
Enabled faster response and mitigation by making attack structures easier to understand.
-
Integrated seamlessly into existing security workflows without disrupting investigation processes.
RESEARCH
To validate our approach, I conducted:
-
User Interviews → Engaged with security analysts to understand how they currently investigate attack paths.
-
Competitive Analysis → Reviewed other security tools to identify gaps in visual representation.
-
Threat Model Analysis → Worked with security experts to map out common attack scenarios and determine key visualization needs.
Key Findings:
-
Analysts struggled with fragmented threat data, making it hard to get a full attack picture.
-
Graph-based visualizations were highly requested as they allow for easier pattern recognition.
-
Critical path identification was essential to speed up response and containment efforts.
-
Stakeholders emphasized the need for scalability, ensuring the visualization could handle complex attack scenarios.
Stakeholder Alignment & Collaboration
-
Held working sessions with security teams to refine the attack path model and align on priorities.
-
Facilitated cross-functional discussions with engineers to ensure technical feasibility.
-
Conducted early design reviews with analysts and leadership to validate visualization approaches and ensure organizational buy-in.
WORKING PROCESS
Defining & Refining Requirements
-
Documented existing investigation workflows and pain points.
-
Defined essential data points that needed to be represented visually.
-
Partnered with engineers to ensure the visualization could process real-time attack data.
Wireframing & Prototyping
-
Explored different layout options for attack visualization (tree, radial, and linear graphs).
-
Developed interactive prototypes to simulate various attack scenarios and test usability.
-
Gathered feedback through usability testing and iterated on layouts based on analyst needs.
Iterative Design & Refinement
-
Adjusted node linking logic to ensure clarity in complex attack chains.
-
Enhanced the visual hierarchy to highlight critical attack paths.
-
Incorporated interactive tooltips for deeper context without overwhelming users.
-
Introduced dynamic filtering to help analysts focus on specific threat types or timeframes.
THE DESIGN
The Attack Path Visualization introduced a new way for security teams to analyze threats. Key design elements included:
-
Graph-Based Attack Mapping → Visually represents how threats spread across assets.
-
Critical Path Highlighting → Identifies the most important attack steps to prioritize response.
-
Node-Based Navigation → Allows users to drill down into specific attack details.
-
Live Data Integration → Updates attack paths in real time as new threats emerge.
-
Automated Attack Chain Analysis → Detects common attack techniques and flags high-risk patterns.
-
Customizable Filters & Views → Enables analysts to tailor the visualization to their investigation needs.
SUCCESS CRITERIA
To measure the impact of this new feature, we tracked:
-
Time to understand an attack → Reduced by 50% due to clearer visualization.
-
User adoption → Analysts preferred this method over manual log correlation.
-
Incident response efficiency → Teams could take action faster with clearer insights.
SUMMARY
This project reinforced the importance of:
-
Early stakeholder alignment, ensuring that all teams were aligned before development began.
-
Designing for cognitive load, ensuring that complex data remains digestible.
-
Iterative testing, refining the model based on real-world security analyst feedback.
-
Balancing usability with technical feasibility, collaborating closely with engineers to implement scalable solutions.
By introducing Attack Path Visualization, we transformed how security teams analyze and respond to threats, making attack progression clearer and response times faster than ever.
Other Projects
Side-by-Side Remediation
Perception Point Scan History
