Douglas Fisher

Making the complex simple

Home

Case Studies

About Me

Case Study

Suspicious IP:

111.118.51.12

Findings:

Suspicious Location

Outside Work hours

Anomalous Behavior

MITRE Pattern:

Reconnaissance - 89%

Privileged Escalation- 76%

Data Access- 76%

Recommended

identify accessed data

Show specific S3 object paths accessed via GetObject by user B_Wayne from suspicious IP 111.118.51.12.

111.118.51.12

Suspicious

API calls

GetObject

Cybersecurity

Native AI

Threat Intelligence

CONCEPT: Native AI partnering with security analysts and threat hunters through a full case investigation, from hypothesis to containment.

Product

Native AI

Platform

Customers partnering with AI to build a story (investigation), layer by layer. 

Challenge

1 Week

Deadline for design concept, referencing a single requirements document.

Business Impact

80%

Reduction in MTTR (mean time to respond).
Zero-work-to-insight investigations.

Reduced Investigation Time

80%

Reduction in MTTR

Lower operational costs

Allows security teams to handle more cases without adding headcount.

Higher confidence

Reduces false positives and missed true positives, improving threat detection reliability.

Impact

Measurable gains in speed, confidence, and competitive advantage while reducing time, and cutting operational costs.

Embedded intelligence

Layering in intelligence within the workflow in opportunistic ways, but in natural manner.

Implementing the ‘why’

Trust can be achieved by implementing as much ‘Why’ into the experience.

UX impact within native AI

Demonstrate the impact UX can have on the native AI-driven platform.

Competitive advantage

A leap in cyber defense offering through prediction, recommendation and continuous learning.

Opportunity

Elevate beyond current security SIEM tools by leveraging native AI as a companion for discovering signals, events, and providing predictive insights.

UX + AI + Security

Merging intelligence, not as a stand-alone feature, but embedded in the investigation workflow made simple.

Economic buyer

CISO or Deputy CISO at a Fortune 1000 company.

Daily user / technical buyer 1

SOC analysts responsible for alert triage and incident response. Faces alert fatigue, time-consuming cases.

Daily user / technical buyer 2

Threats hunters frustrated by the limitations of current search tools, difficulty in connecting data points.

What specialists DON’T want

“Don’t tell me the problem and then leave to me to figure it out, on top of all the work I already have to do.”

What specialists DO want

“I have 1000 things on my plate. Tell me what’s important and give me want I need to solve it.”

Primary champion

Director-level leading Security Operations or Detection Engineering, measured on MTTR and MITRE.

Overview

Cybersecurity specialists (Security Analysts, Threat Hunters) face a multitude of challenges during their daily operations, challenges driven specifically by the ever-evolving threat landscape fueled by the emergence of AI capabilities. This presented an opportunity to conceptualize a complex detection investigation workflow for a cyber defense platform, driven by native AI, that learns and maintains knowledge of an organization and offers predictive insights.

My Role: Design Lead

Area of Cybersecurity: Case Investigation

Customer

Customers detect threats too late or not at all, exacerbated by attackers use of AI. This results in difficulty for defenders to connect the dots efficiently.

How I got here

Bringing something new

Move away from the familiar stand-alone AI chat to where AI ‘follows’ the customer through the investigation.

Numerous core concepts

Bringing together signals, findings, IOCs, predictive insights, query suggestions, visualizations.

Challenges faced

Designing an investigation

Merging visualization (entity graphs) and timelines with query results to create a single UI for customers.

AI not as a stand-alone feature, but rather intelligence embedded throughout the product, layered in as part of design.

Design

Additional Case Study

9.8

CVE-2023-49733

Weaponized

Threats and Vulnerabilities

Threat actors

12

Wizard Spider, APT29, Conti, APT10, REvil, LAP$U, Lazarus Group, Equation Group...

21

FTP

2022-05-25 15:33:35

OpenSSH 2.0, Firewall, Linux, cpe:/a:openbsd:openssh:7.6p1

Cybersecurity

Threat Intelligence

Customer Impact: Replaces 50% of redundant internal security tools, resulting in reduced costs for customers.

Product

Threat and Risk Intelligence

Utilizing 620+mm IPs tracked and search so organizations stay secure against threats.

Challenge

3 Months

Deadline for the MVP release while learning the intricacies of threat intelligence.

Business Impact

10MM

Revenue as of Q1 2024. ..."fastest growing product line".

View Case Study

Douglas Fisher

Douglas Fisher

Case Study

Suspicious IP:

111.118.51.12

Findings:

Suspicious Location

Outside Work hours

Anomalous Behavior

MITRE Pattern:

Reconnaissance - 89%

Privileged Escalation- 76%

Data Access- 76%

Recommended

identify accessed data

Show specific S3 object paths accessed via GetObject by user B_Wayne from suspicious IP 111.118.51.12.

111.118.51.12

Suspicious

API calls

GetObject

Cybersecurity

Native AI

Threat Intelligence

CONCEPT: Native AI partnering with security analysts and threat hunters through a full case investigation, from hypothesis to containment.

Product

Native AI Platform

Customers partnering with AI to build a story (investigation), layer by layer.

Challenge

1 Week

Deadline for design concept, referencing a single requirements document.

Business Impact

80%

Reduction in MTTR (mean time to respond).
Zero-work-to-insight investigations.

Impact

Create a new revenue stream by capitalizing on a comprehensive data collection, expanding our customer base to threat hunters and researchers.

Reduced Investigation Time

80%

Reduction in MTTR

Lower operational costs

Allows security teams to handle more cases without adding headcount.

RSA 2024

Editor’s Choice Threat Intelligence:

World’s largest risk & threat
intelligence data set

How we got here

Overview

Cybersecurity specialists (Security Analysts, Threat Hunters) face a multitude of challenges during their daily operations, challenges driven specifically by the ever-evolving threat landscape fueled by the emergence of AI capabilities. This presented an opportunity to conceptualize a complex detection investigation workflow for a cyber defense platform, driven by native AI, that learns and maintains knowledge of an organization and offers predictive insights.

My Role: Design Lead

Area of Cybersecurity: Case Investigation

Additional Case Study

9.8

CVE-2023-49733

Weaponized

Threats and Vulnerabilities

Threat actors

12

Wizard Spider, APT29, Conti, APT10, REvil, LAP$U, Lazarus Group, Equation Group...

21

FTP

2022-05-25 15:33:35

OpenSSH 2.0, Firewall, Linux, cpe:/a:openbsd:openssh:7.6p1

Cybersecurity

Threat Intelligence

Customer Impact: Replaces 50% of redundant internal security tools, resulting in reduced costs for customers.

Product

Threat and Risk Intelligence

Utilizing 620+mm IPs tracked and search so organizations stay secure against threats.

Challenge

3 Months

Deadline for the MVP release while learning the intricacies of threat intelligence.

Business Impact

10MM

Revenue as of Q1 2024. ..."fastest
growing product line".

View Case Study

View Case Study

Douglas Fisher

Douglas Fisher

Implementing the ‘why’

Trust can be achieved by implementing as much ‘Why’ into the experience.

AI not as a stand-alone feature, but rather intelligence embedded throughout the product, layered in as part of design.

Design

AI not as a stand-alone feature, but rather intelligence embedded throughout the product, layered in as part of design.

Design

Designing an investigation

Merging visualization (entity graphs) and timelines with query results to create a single UI for customers.

Designing an investigation

Merging visualization (entity graphs) and timelines with query results to create a single UI for customers.

Embedded intelligence

Layering in intelligence within the workflow in opportunistic ways, but in natural manner.

Opportunity

Elevate beyond current security SIEM tools by leveraging native AI as a companion for discovering signals, events, and providing predictive insights.

What specialists DO want

“I have 1000 things on my plate. Tell me what’s important and give me want I need to solve it.”

What specialists DON’T want

“Don’t tell me the problem and then leave to me to figure it out, on top of all the work I already have to do.”

Customer

Customers detect threats too late or not at all, exacerbated by attackers use of AI. This results in difficulty for defenders to connect the dots efficiently.

Expand market segment

A leap in cyber defense offering through prediction, recommendation and continuous learning.

UX impact within native AI

Demonstrate the impact UX can have on the native AI-driven platform.

Harness data

Merging intelligence, not as a stand-alone feature, but embedded in the investigation workflow made simple.

Economic buyer

CISO or Deputy CISO at a Fortune 1000 company.

Primary champion

Director-level leading Security Operations or Detection Engineering, measured on MTTR and MITRE.

Daily user / technical buyer 1

SOC analysts responsible for alert triage and incident response. Faces alert fatigue, time-consuming cases.

Daily user / technical buyer 2

Threats hunters frustrated by the limitations of current search tools, difficulty in connecting data points.