Connecting the dots: Designing an interactive network graph for threat intelligence investigations and research

Abstract

Cyber security and threat intelligence is a constant struggle of trying to stay ahead of threats in order to mitigate risk and disrupt adversaries. Each year billions are spent to ensure this security yet enormous amounts of money still makes it to the hands of Threat Actors. Understanding the surrounding threat landscape and assessing it fast to ensure actionable intelligence is of essence for all businesses and governments.

This thesis aims to design a conceptual solution for interactive, visual representation and exploration of the data and information building up this threat landscape. This to fulfill the purpose of enhancing analyst’s and security operation’s ability to quickly form actionable intelligence in order to defend their assets.

Interviews were conducted with Threat Intelligence Analysts throughout the project. Initially to form an understanding of the domain and empathizing with their process and needs. This followed by two consecutive Create- and Evaluate phases where the analyst’s could express their thoughts about the proposed concepts and solutions.

The result was not only a design concept but also a defined General Use Case from which a set of user requirements were defined. These requirements were used as guidelines for the design concept which was visualized as a set of wireframes. The project resulted in a concept for an interactive network graph allowing users to explore and control large amounts of data in a comprehensible interface. The concept suggests both designs and interactions which will aid Threat Intelligence Analysts when conducting investigations.