Suspicious IP:
111.118.51.12
Findings:
Suspicious Location
Outside Work hours
Anomalous Behavior
MITRE Pattern:
Reconnaissance - 89%
Privileged Escalation- 76%
Data Access- 76%
Recommended
identify accessed data
Show specific S3 object paths accessed via GetObject by user B_Wayne from suspicious IP 111.118.51.12.
111.118.51.12
Suspicious
API calls
GetObject
Case Study
Cybersecurity
Native AI
CONCEPT: Native AI partnering with security analysts and threat hunters through a full case investigation, from hypothesis to containment.
Product
AI Protection Platform
Customers partnering with AI to build a story (investigation), layer by layer.
Challenge
1 Week
Deadline for design concept, referencing a single requirements document.
Business Impact
96%
Reduction in MTTR (mean time to respond). Zero-work-to-insight investigations.
Areas:
Discovery
Design
User Research
Tools:
Miro
Figma
Claude
Partners:
Product
Engineering
Threat Intelligence
Marketing
A Building Blocks Snapshot
Overview
Cybersecurity specialists (Security Analysts, Threat Hunters) face a multitude of challenges during their daily operations, challenges driven specifically by the ever-evolving threat landscape fueled by the emergence of AI capabilities. This presented an opportunity to conceptualize a complex detection investigation workflow for a cyber defense platform, driven by native AI, that learns and maintains knowledge of an organization and offers predictive insights.
Projected Impact
What its Aiming For
Pioneering the world’s first AI-powered defense platform that identifies, fights, and helps humans eradicate cybersecurity threats.
Customer Outcome
94%
Reduction in MTTD
Customer Outcome
96%
Reduction in MTTR
Transforming Security
Replace legacy, expensive SIEM tools and the alert fatigue they bring with and AI-native system that shifts to full attack narratives.
Collaborators
Designer and Founders
Working with Founders presented an opportunity to conceptualize a complex detection investigation workflow for a cyber defense platform, driven by native AI, that learns and maintains knowledge of an organization, offering predictive insights.
Customer Challenges
Overwhelmed, Outpaced, Under-Equipped
From the SOC analyst drowning in alerts to the threat hunter wrestling with fragmented tools, today's cybersecurity professionals are fighting an increasingly sophisticated battle with not enough time, clarity, or support.
Alert Fatigue
Buried under an endless flood of alerts, L2–L3 security analysts spends more time triaging noise than stopping real threats.
Current Tools Limitations
Forced to juggle fragmented tools and disconnected data, threat hunters loses critical time that attackers don't.
Changing Threat Landscape
As attackers evolve faster than defenses, threats that look different than they did yesterday
Threat Researcher / Hunter
Security Analyst
VP, InfoSec
CISO (Enterprise)
Security Operations
The Opportunity
Zero-Work-To-Insight
The single most important customer benefit is 'Zero\-work-to-insight' investigations that slash MTTR by 96%, without adding human head count.
Design
From Signal to Certainty
The design experience takes an L2/L3 security analyst or an experienced threat hunter from first glance at the case through investigation - confirm hypothesis, analyze initial findings, expand scope.
Intelligence Driven
An experience anchored by intelligence embedded throughout the product, most effective when you don’t even know its there.
Partnership
Designing a customer + AI partnership that builds a story (investigation), layer by layer.
AI + Data Visualization
Marrying a visualization-based UI and the agentic workflow.
Timeline
Understanding
A realistic duration of time for an incident is 3-24 hours.
Question
How can AI be presented not as a stand-alone feature, but embedded intelligence throughout the product that seamlessly surfaces through the experience?
Key Decision
Merging the data visualization (entities), timeline with query results/recommendations/prompts creates one single UI to focus on.
Case Investigation
Additional Case Study
9.8
CVE-2023-49733
Weaponized
Threats and Vulnerabilities
Threat actors
12
Wizard Spider, APT29, Conti, APT10, REvil, LAP$U, Lazarus Group, Equation Group...
21
FTP
2022-05-25 15:33:35
OpenSSH 2.0, Firewall, Linux, cpe:/a:openbsd:openssh:7.6p1
Case Study
Cybersecurity
Threat Intelligence
Customer Impact: Replaces 50% of redundant internal security tools, resulting in reduced costs for organization.
Product
Attack Surface Intelligence
Utilizing 620+mm IPs tracked so organizations stay secure against threats.
Challenge
3 Months
Deadline for the MVP release while learning the intricacies of threat intelligence.
Business Impact
10MM
Revenue as of Q1 2024. ..." the fastest growing product line".