Company:

Platform:

Kubernetes Security Dashboard (Web platform)

Role:

Product Designer

Duration:

3 months (Q1 2024)

Team:

Product Manager

Frontend Developer

2 Backend Developers Security Researcher

Product Designer (me)

Project Name

Attack Path Visualization:
New Approach to Threat Analysis

What Makes This Case Study Unique

This case study demonstrates how visualizing attack paths within Kubernetes environments can transform overwhelming security data into actionable insights—empowering DevOps and DevSecOps teams to prioritize threats, break attack chains, and strengthen their security posture with confidence.

The Impact

User clarity → Time to understand an attack Reduced by 50% due to clearer visualization.
Faster threat mitigation → Users identified and addressed critical issues more efficiently.
Adoption rate → Security teams integrated the feature into their regular workflows shortly after release.
Stakeholder confidence → Product and security leads reported stronger visibility and decision-making.

Continue reading by scrolling down click to read more about me

About Me

Single attack path main screen

1/1

Overview

An attack path is the sequence of steps an attacker takes to exploit security weaknesses, starting from an initial point of entry to the ultimate target, aiming to steal confidential data, demand ransom, or sell sensitive information. Along the way to valuable assets, attackers exploit vulnerabilities or misconfigurations in the environment to access specific resources and navigate from one to another.

The attack path is displayed as a node-graph, with each node representing a step an attacker can execute. Each node provides details about its role within the attack and the exploitable weaknesses (misconfigurations or vulnerabilities) it has.

My Role

As a product designer at ARMO, my role in this project was to conceptualize, design, and contribute to the implementation of the 'Attack Path' feature. I worked closely with cross-functional teams, ensuring that user-centric design principles were at the forefront of our efforts. My contributions influenced the design decisions that led to the feature's successful implementation.

✅ TL;DR Overview:

The ‘Attack Path’ feature distills complex threat data into an actionable visual map, helping users understand how attackers move — and what to fix first.

Pain points

ARMO Users

When a new user joins, he's presented with an overwhelming amount of information.
When an Armo user wants to improve his security, he doesn't know what action to take or what would have the most impact on his environment’s security.

General Users

The battle between organizations and cyber attackers continues to rage on. As long as threat actors can find security gaps in systems and networks to abuse and profit from, cyber attacks will continue to ensue.
Whatever solution a business chooses to bolster its security posture, it may be faced with tons of threat intelligence to sift through. Hundreds of cyber attacks per minute create massive amounts of information.

The Challenges & Goals

Help the user to understand all the ways attackers can exploit his environment

Show the user what he needs to do right away in order to break the attack path and block the attacker. 
Help the user to prioritize the issues that have the most significant impact on his security posture. 
Help the user to understand better his Kubernetes exposure level.

✅ TL;DR The Problem:

Analysts lacked a visual investigation tool to understand attack progression, forcing them to manually correlate fragmented logs, which slowed threat analysis and response.

JTBD

When I sign up for Armo, I want to know what are the attack paths (issues that can cause a breach) so I can start by fixing the issues that matter the most.
When I review an attack path, I want to get all the context
for this issue (“the big picture”) so I can understand why it’s considered risky, what the impact is, and how I can fix it.
When a new attack path arises, I want to be immediately notified so I can review it as quickly as possible (and perhaps fix it).

Attack path graph node

1/1

Research

Our journey to develop the 'Attack Path' feature began with a deep dive into understanding the unique challenges and pain points faced by DevOps and DevSecOps professionals within Kubernetes environments. We recognized that the key to effective cybersecurity in Kubernetes lay in identifying and mitigating vulnerabilities and misconfigurations efficiently. To achieve this, robust user research was essential.

User Interviews

We initiated our research by conducting in-depth user interviews with a diverse group of DevOps and DevSecOps practitioners. These interviews allowed us to gain invaluable insights into their daily workflows, security concerns, and the specific hurdles they faced in managing Kubernetes security. Users candidly shared their experiences, highlighting the need for a solution that would help them focus their efforts where it mattered most.

Competitive Analysis
To gain a comprehensive view of the cybersecurity landscape, we conducted a competitive analysis, examining similar tools and features in the market. This analysis not only informed our design process but also helped us identify opportunities to innovate and differentiate our 'Attack Path' feature.

Prototyping and Testing
Armed with user insights and a clear understanding of our users' needs, we began the process of prototyping and user testing. We created prototypes of the 'Attack Path' feature and sought feedback from users at various stages of development. Their input was instrumental in refining the feature's design and usability.

Iterative Design
The research phase was iterative, with continuous feedback loops between users and our design and development teams.
This iterative approach ensured that the 'Attack Path' feature would align seamlessly with user expectations and needs.

The culmination of this extensive research was the creation of a user-centric 'Attack Path' feature that directly addressed the challenges identified during our research phase. By prioritizing user feedback and insights, we were able to develop a tool that empowers DevOps and DevSecOps users to protect their Kubernetes environments effectively.

Working Process

Our approach to bringing the 'Attack Path' feature to life was a well-structured, user-focused process:

Wireframing and Conceptualization: We began with wireframing and conceptualizing the feature, outlining the initial user interface and flow.
Prototyping and User Testing: Interactive prototypes were created to visualize the user experience. User testing at various stages gathered crucial feedback that informed improvements.
Iterative Design: Continuous iterations based on user insights fine-tuned design details and optimized usability.
Stakeholders and development: Close collaboration among design, development, security experts, and product management ensured alignment with user needs and technical capabilities.
Accessibility and Usability: Accessibility and usability were core considerations throughout the process, ensuring inclusivity.
Finalization: After multiple iterations, we arrived at the user-centric, effective 'Attack Path' feature.

Our process reflects our commitment to delivering a valuable tool for the DevOps and DevSecOps community, addressing their specific challenges.

Design Process

In designing the 'Attack Path' feature, we prioritized user-centricity and clarity. The visual and functional elements were meticulously crafted to ensure that users could effectively understand, interact with, and benefit from the feature:

Visual Representation: The core of the 'Attack Path' feature is its visual representation of potential attack paths. We designed this visual element to be intuitive and informative. Each step an attacker could take is represented as a node in the graph, making it easy for users to follow the sequence.
Clarity of Information: We recognized the importance of clarity in security visualization. Each node in the graph contains specific details about its role within the attack and the exploitable weaknesses, be it misconfigurations or vulnerabilities. Users can quickly grasp the security context at each step.
User-Friendliness: The user interface was designed with simplicity and user-friendliness in mind. Navigating the 'Attack Path' feature is intuitive, allowing users to effortlessly interact with the graph and explore potential threats.
Empowering Users: Our design choices aimed to empower users in two crucial ways. First, by providing a clear understanding of the attack paths, users are better equipped to proactively protect their Kubernetes environments. Second, by visualizing potential vulnerabilities and misconfigurations at each step, users can prioritize their efforts effectively.
Contextual Information: Users can access context-specific information within the feature, helping them make informed decisions. Whether it's understanding a specific misconfiguration or learning how to remediate a vulnerability, the 'Attack Path' feature provides context at every level.
Consistency and Branding: The design maintained consistency with our platform's overall user interface while incorporating branding elements. This ensured that users felt at home with the feature while recognizing it as an integral part of our cybersecurity product.
User Feedback Integration: Throughout the design process, user feedback played a central role. It informed design decisions, ensuring that the feature resonated with the needs and expectations of our users.
Laptop Responsiveness: Recognizing the importance of flexibility, the 'Attack Path' feature was designed to be responsive, ensuring usability on laptops and various desktop devices.
Accessibility: Accessibility was a top priority. The feature was designed to be inclusive, accommodating users with diverse needs, and adhering to best practices in user interface design.

The design of the 'Attack Path' feature represents a careful balance between aesthetics and functionality. It places critical security information at the forefront while prioritizing user experience. Our aim was to create a tool that empowers users to take decisive actions in securing their Kubernetes environments, all within an intuitive and visually engaging interface.

✅ TL;DR The Design:

Used user research, threat modeling, and cross-functional collaboration to develop a graph-based interface with critical path highlighting, node-based navigation, and live data — making attack progression clear and actionable for analysts.

First Version

Attack path main screen - first draft

1/1

Single attack path main screen - Graph node, key assets marked - first draft

1/1

✅ TL;DR Turning Point:

When I started designing it we thought it was a linear graph, only after starting to develop it we found out there can be a lot of branching which led us to a whole redesigning process of the feature both visually and layout.

Final Version

Attack path main screen

1/1

Single attack path main screen - Graph node, key assets marked

1/1

User Feedback

After finishing designing the flow we scheduled a meeting with some of our users, we presented them with the final flow and asked for feedback.

We normally create a prototype using Figma to demonstrate the flow. After the users see the flow we ask them:

What's the overall impression?
Will they use it?
What did they like/dislike?
If they need anything else that we didn't add to this feature?

And if needed we do iterations to the design.

Attack Path - Single chain - controls 1.png

User Flow

Attack path main screen

1/1

Single attack path main screen - Graph node, key assets marked

1/1

Side-by-Side Remediation - Fixing the controls

1/1

Attack path - Success message

1/1

Attack path - Empty state

1/1