Developing Visualisations to Enhance an Insider Threat Product: A Case Study
This work addresses the need for better user interfaces for security analysts in commercial insider threat products, but it is incremental as it focuses on enhancing an existing platform with visualizations.
The paper tackled the problem of limited pattern and outlier detection in an insider threat software platform by developing data visualizations, resulting in a prototype that aids analysts in discovering and understanding risky insider activity through example scenarios.
This paper describes the process of developing data visualisations to enhance a commercial software platform for combating insider threat, whose existing UI, while perfectly functional, was limited in its ability to allow analysts to easily spot the patterns and outliers that visualisation naturally reveals. We describe the design and development process, proceeding from initial tasks/requirements gathering, understanding the platform's data formats, the rationale behind the visualisation's design, and then refining the prototype through gathering feedback from representative domain experts who are also current users of the software. Through a number of example scenarios, we show that the visualisation can support the identified tasks and aid analysts in discovering and understanding potentially risky insider activity within a large user base.