Case Study
9.8
CVE-2023-49733
Weaponized
Threats and Vulnerabilities
Threat actors
12
Wizard Spider, APT29, Conti, APT10, REvil, LAP$U, Lazarus Group, Equation Group...
21
FTP
2022-05-25 15:33:35
OpenSSH 2.0, Firewall, Linux, cpe:/a:openbsd:openssh:7.6p1
Cybersecurity
Threat Intelligence
Customer Impact: Replaces 50% of redundant internal security tools, resulting in reduced costs for customers.
Product
Threat and Risk Intelligence
Utilizing 620+mm IPs tracked and search so organizations stay secure against threats.
Challenge
3 Months
Deadline for the MVP release while learning the intricacies of threat intelligence.
Business Impact
10MM
Revenue as of Q1 2024. ..."fastest growing product line".
Revenue
10MM
Revenue as of
Q4 2023
Customer impact
Allows 50% reduction of customer’s redundant internal security tools.
RSA 2024
Editor’s Choice Threat Intelligence:
World’s largest risk & threat
intelligence data set
Impact
Expands our customer base to threat hunters and researchers, enhancing our reputation as a threat intel leader as well as increases visibility to other product offerings.
1000’s of search results
Design a single IP search result that includes varying entities connected to it such as ports, threat actors, etc.
Accelerated timeline
3-month timeline, kickoff to V1, challenged further by my learnings on the intricacies for threat intel.
Dense data, scannable form
Our data was our competitive advantage, but proved challenging to offer in a digestible format.
Ramping up: Threat Intelligence 101
Proactive education and research on relationships between all threat intelligence entities involved.
Accessible search
A 'build as you go' model where customers select search criteria and apply conditions to their selections.
Harness data
12M+ digital footprints, 50+ billion vulnerabilities, 4.1 billion IPs scanned every 1.5 weeks across 1400+ ports.
Expand market segment
Enterprise (Incident Response Teams), Vendor Risk, Cyber Insurance, Financial Crimes Units.
Opportunity
Create a new revenue stream by capitalizing on a comprehensive data collection, expanding our customer base to threat hunters and researchers.
Expand target customers
Design beyond the technical user and include customers with equal interest but lack technical understanding.
Staying current
Threat hunter’s difficulty staying up-to-date on the latest potential threats and their increasing sophistication.
Appealing to varying customers
Design an experience that caters to, and expands, the target customer segment to include the non-technical.
Lack resources
Organizations, even with security teams, lack resources, time to conduct threat intelligence analysis.
Struggle monitoring
Organizations struggle to monitor threats and the impact they may have on their security posture.
Lack visibility
Risk management lacks visibility into their attack surface, making it hard to prioritize and manage risk.
Overview
Harnessing the Threat Intelligence Team’s comprehensive data collection and attribution infrastructure built over the course of 7 years, this Threat and Risk Intelligence product is a comprehensive outside-in view of the global attack surface by unlocking threat intel’s rich database to provide contextual insights around threat actors, ransomware, vulnerabilities, malware infections, certificates, and much more.
Its challenge: Deliver and distill down just the data that Threat Hunters should focus on.
My Role: Senior Product Design Lead
Area of Cybersecurity: Threat Intelligence, Vendor Risk
Target Customers: Threat Researcher / Hunters,
SOC Analysts, Security Engineers
Customer
Detecting the unknown unknowns and their risk to business is what keeps cybersecurity leaders from making confident decisions.
Challenges faced
How we got here
A single IP search result and all its connections, designed in a manner threat hunter is able to understand
Search results card
Search results page
Search results view includes visualizations offering customers further ways to filter down the results
Expand on a single search result, bringing in more contextualized data.
Comprehensive IP details
Design
Exploration of ways to demonstrate the depth of data to customers without sacrificing their ease to identify and and prioritize what's critical.
Additional Case Study
Suspicious IP:
111.118.51.12
Findings:
Suspicious Location
Outside Work hours
Anomalous Behavior
MITRE Pattern:
Reconnaissance - 89%
Privileged Escalation- 76%
Data Access- 76%
Recommended
identify accessed data
Show specific S3 object paths accessed via GetObject by user B_Wayne from suspicious IP 111.118.51.12.
111.118.51.12
Suspicious
API calls
GetObject
Cybersecurity
Native AI
AI Assistant
CONCEPT: A native AI Assistant partnering with security analysts and threat hunters through a full case investigation, from hypothesis to containment.
Product
Native AI
Assistant
Utilizing 620+mm IPs tracked and search so organizations stay secure against threats.
Challenge
1 Week
Deadline for the MVP release while learning the intricacies of threat intelligence.
Business Impact
80%
Revenue as of Q1 2024. ..."fastest growing product line".
Case Study
9.8
CVE-2023-49733
Weaponized
Threats and Vulnerabilities
Threat actors
12
Wizard Spider, APT29, Conti, APT10, REvil, LAP$U, Lazarus Group, Equation Group...
21
FTP
2022-05-25 15:33:35
OpenSSH 2.0, Firewall, Linux, cpe:/a:openbsd:openssh:7.6p1
Cybersecurity
Threat Intelligence
Customer Impact: Replaces 50% of redundant internal security tools, resulting in reduced costs for customers.
Product
Threat and Risk Intelligence
Utilizing 620+mm IPs tracked and search so organizations stay secure against threats.
Challenge
3 Months
Deadline for the MVP release while learning the intricacies of threat intelligence.
Business Impact
10MM
Revenue as of Q1 2024. ..."fastest
growing product line".
Impact
Create a new revenue stream by capitalizing on a comprehensive data collection, expanding our customer base to threat hunters and researchers.
Revenue
10MM
Revenue as of
Q4 2023
Customer impact
Allowed 50% reduction of customer’s redundant internal security tools.
RSA 2024
Editor’s Choice Threat Intelligence:
World’s largest risk & threat
intelligence data set
How we got here
Overview
Harnessing the Threat Intelligence Team’s comprehensive data collection and attribution infrastructure built over the course of 7 years, this Threat and Risk Intelligence product is a comprehensive outside-in view of the global attack surface by unlocking threat intel’s rich database to provide contextual insights around threat actors, ransomware, vulnerabilities, malware infections, certificates, and much more.
Its challenge: Deliver and distill down just the data that Threat Hunters should focus on.
My Role: Senior Product Design Lead
Area of Cybersecurity: Threat Intelligence, Vendor Risk
Target Customers: Threat Researcher / Hunters,
SOC Analysts, Security Engineers
Customer
Detecting the unknown unknowns and their risk to business is what keeps cybersecurity leaders from making confident decisions.
Accessible search
A 'build as you go' model where customers select search criteria and apply conditions to their selections.
Expand on a single search result, bringing in more contextualized data.
Comprehensive IP details
Expand on a single search result, bringing in more contextualized data.
Comprehensive IP details
Search results page
Search results view includes visualizations offering customers further ways to filter down the results
Search results page
Search results view includes visualizations offering customers further ways to filter down the results
A single IP search result and all its connections, designed in a manner threat hunter is able to understand
Search results card
A single IP search result and all its connections, designed in a manner threat hunter is able to understand
Search results card
Opportunity
Create a new revenue stream by capitalizing on a comprehensive data collection, expanding our customer base to threat hunters and researchers.
Expand market segment
Enterprise (Incident Response Teams), Vendor Risk, Cyber Insurance, Financial Crimes Units.
Expand target customers
Design beyond the technical user and include customers with equal interest but lack technical understanding.
Harness data
12M+ digital footprints, 50+ billion vulnerabilities, 4.1 billion IPs scanned every 1.5 weeks across 1400+ ports.
Design
Exploration of ways to demonstrate the depth of data to customers without sacrificing their ease to identify and and prioritize what's critical.
Design
Exploration of ways to demonstrate the depth of data to customers without sacrificing their ease to identify and and prioritize what's critical.
Staying current
Threat hunter’s difficulty staying up-to-date on the latest potential threats and their increasing sophistication.
Lack resources
Organizations, even with security teams, lack resources, time to conduct threat intelligence analysis.
Struggle monitoring
Organizations struggle to monitor threats and the impact they may have on their security posture.
Lack visibility
Risk management lacks visibility into their attack surface, making it hard to prioritize and manage risk.
Cybersecurity
Native AI
AI Assistant
CONCEPT: Native AI partnering with security analysts and threat hunters through a full case investigation, from hypothesis to containment.
Product
Native AI Assistant
Utilizing 620+mm IPs tracked and search so organizations stay secure against threats.
Challenge
1 Week
Deadline for the MVP release while learning the intricacies of threat intelligence.
Business Impact
80%
Reduction in MTTR (mean time to respond).
Zero-work-to-insight investigations.
Additional Case Study
Suspicious IP:
111.118.51.12
Findings:
Suspicious Location
Outside Work hours
Anomalous Behavior
MITRE Pattern:
Reconnaissance - 89%
Privileged Escalation- 76%
Data Access- 76%
Recommended
identify accessed data
Show specific S3 object paths accessed via GetObject by user B_Wayne from suspicious IP 111.118.51.12.
111.118.51.12
Suspicious
API calls
GetObject