top of page
Adding Real-Time Detection Features to the CDR Dashboard.png
Panoptica_logo.png

Adding Real-Time Detection Features to the CDR Dashboard

Product feature, UX/UI

This case study demonstrates how adding real-time detection capabilities can transform a traditional security dashboard into a more dynamic and responsive tool, ultimately enabling faster, more effective threat mitigation in cloud environments.

WHAT WE DID

The aim of this project was to add real-time detection features to an existing Cloud Detection and Response (CDR) dashboard, transforming it into a Real-Time CDR platform. The new feature was designed to help security teams monitor, analyze, and respond to security threats as they occur, enhancing their ability to maintain control over cloud-based assets and act quickly in response to incidents. This case study outlines the research, design, and implementation of real-time monitoring capabilities integrated into the CDR dashboard, offering a seamless experience for security analysts to detect and address threats immediately.​

MY ROLE​

As a Senior Product Designer, I led the UX/UI design for this feature, collaborating closely with the product manager, engineers, and data scientists to:

  • Define user needs and workflows related to real-time data detection

  • Conduct user needs research and competitive analysis

  • Design wireframes, high-fidelity mockups, and interactive prototypes

  • Conducted usability testing and implemented iterative improvements based on feedback.

  • Designed and refined user journeys from requirements to final design, aligning technical and UX goals.

THE CHALLENGE & GOAL 

Challenge:


Security teams need to respond to threats as they occur, but the existing CDR dashboard lacked real-time detection capabilities. Data was processed in batches, resulting in delays that hindered the team’s ability to act swiftly. Without real-time updates, analysts had to manually refresh or wait for updates, which led to inefficiencies and a risk of missing important alerts.

Goal:


The goal was to transform the existing CDR dashboard by adding real-time detection features that:

  • Enabled real-time visibility into ongoing security events, allowing analysts to monitor threats as they happened without manual updates.

  • Supported quick responses to high-priority alerts, ensuring the team could address critical issues promptly.

  • Streamlined the experience by providing immediate data and enabling real-time analysis.

  • Integrated seamlessly with the existing CDR platform, preserving familiarity while enhancing its functionality.

By adding real-time detection, we aimed to empower security teams to proactively monitor and mitigate threats with speed and efficiency.

Group 1000006248.png
RESEARCH

To understand user needs and best practices in the industry, I conducted several types of research:

  • Competitive Analysis: I examined other real-time detection tools in the security space to gather insights on user expectations, design patterns, and functional features.

  • Data Flow Study: I worked with the engineering team to understand how data was processed and the technical requirements needed to implement real-time detection within the cloud environment.

Key Insights:

 

  • Security teams need to prioritize high-severity alerts while also reducing noise.

  • Real-time detection requires a user-friendly interface that minimizes cognitive load, allowing security analysts to focus on the most pressing threats.

  • Cross-device access is important as analysts often work from multiple locations and need to monitor security events remotely.

These insights informed the design of a real-time detection interface that was easy to use and tailored to the unique needs of security professionals.

WORKING PROCESS

Ideation and Initial Concepts:


The design process began with brainstorming sessions to explore how we could integrate real-time detection features into the existing CDR dashboard. We explored different layouts, data presentation methods, and interaction patterns to ensure real-time monitoring was seamless and effective.

  • Wireframing: I created wireframes to outline the core interactions, focusing on real-time data streaming, prioritizing incidents, and incorporating live data visualizations.

  • Prototyping: We developed an interactive prototype to test the real-time detection concept. This allowed the team to visualize the live data flow and assess the feasibility of real-time updates.

 

Feedback and Iteration:

  • Internal Feedback: We presented the prototype to the product team and gathered feedback on both user needs and technical feasibility. This led to refinements, such as improving the alert filtering system to focus on high-priority incidents.

  • Cross-functional Collaboration: I worked closely with engineers and data scientists to ensure that the real-time detection feature was technically viable and scalable for cloud environments.

 

Finalization:

After incorporating feedback, I created high-fidelity mockups that integrated live streaming indicators, real-time filtering controls, and visual alerts to help analysts monitor critical events. We also ensured the design was optimized for cross-device access and responsive layouts.

MVP - live- flat view - open.png
THE DESIGN

The design of the Real-Time CDR dashboard emphasized the following key elements:

1. Real-Time Data Overview:

  • Trends Over Time: A bar chart displays spikes in incident activity over time, allowing analysts to quickly identify anomalies or patterns.

  • Real-Time Events by Severity: A widget categorizes active events by severity (Critical, High, Medium, Low), helping analysts prioritize threats.

  • Account Health Overview: Provides real-time insights into which accounts are most impacted, helping security teams allocate resources efficiently.

2. Interaction and Control Features:

  • Live Streaming Status drop down: The header features live streaming status indicators and a drop down that allows users to easily switch between real-time streaming and historical views, optimizing the experience based on monitoring needs

  • Selection Slider for Time Interval: A “15-minute” slider enables users to adjust the time range for real-time data, providing flexibility for different threat monitoring requirements.

  • Real-Time Filtering: The filtering options let users narrow the live data stream based on parameters like severity, account, or threat type.​

Group 1000006252.png
MVP - live- flat view - open.png
MVP - not live- flat view.png
3. Grouped Views for Threat Investigation:

  • Potential Threat Grouping: In one view, events are grouped by potential threat, making it easier for security teams to identify and prioritize similar types of threats across multiple assets.

  • Rule-Based Grouping: Another view organizes events by rule, helping users understand which specific security policies are frequently triggered and might require adjustments.

  • Asset-Based Grouping: This grouping enables teams to focus on the assets affected by each event, which is crucial for targeted response and mitigation.

Section 13.png
Section 3.png
Section 3-1.png
4. Asset Details and Threat Investigation:

  • Asset Details View: Selecting an incident opens a detailed view of affected assets, including information like MITRE ATT&CK techniques and threat progression.

  • Captured Evidence Visualization: The Captured Evidence tab organizes relevant data artifacts, such as process launches and file downloads, helping analysts understand the full scope of an incident.

MVP - Asset Details - Potential threats .png
MVP - Asset Details - Potential threats - open.jpg
MVP - Asset Details - Captured evidence .png
This design was focused on reducing response times, increasing visibility into ongoing threats, and enabling real-time detection and analysis with minimal user friction.
Frame 1010105083.png
SUCCESS CRITERIA

 

The following metrics were used to evaluate the success of the Real-Time CDR feature:
 

  • User Engagement: Measured by the frequency and duration of use for the real-time detection feature.

  • Incident Response Time: We anticipated a reduction in the time it takes to detect, analyze, and respond to incidents in real-time.

  • Usability Feedback: Feedback gathered through surveys and post-launch usability tests to understand any additional user needs or areas for improvement.

  • Adoption Rate: The proportion of users who actively use the real-time detection capabilities in their daily workflows.

SUMMARY

Adding real-time detection features to the existing CDR dashboard significantly improved security teams' ability to respond to threats as they occurred. By integrating real-time threat monitoring and automated response capabilities, we were able to reduce incident response times and increase situational awareness. The real-time features were seamlessly integrated into the CDR dashboard, allowing security analysts to continue their work without disruption while gaining immediate insights into active threats.

This case study demonstrates how adding real-time detection capabilities can transform a traditional security dashboard into a more dynamic and responsive tool, ultimately enabling faster, more effective threat mitigation in cloud environments.

Other Projects

Incident Response Dashboard 

Incident Response Dashboard  .png

Side-by-Side Remediation

Scan history Desktop HD Copy 4.png
bottom of page