top of page

Company:

Cisco Systems.png
Panoptica_logo.png

Platform:

Cloud Detection & Response (Web platform)

Role:

Lead Product Designer

Duration:

6 weeks (Q1 2025)

Team:

Product Manager

3 Engineers

Security Analysts

UX/UI Designer (me)

Adding Real-Time Detection Features to the Cloud Detection and Response (CDR) Dashboard

This case study demonstrates how adding real-time detection capabilities can transform a traditional security dashboard into a more dynamic and responsive tool, ultimately enabling faster, more effective threat mitigation in cloud environments.

The Impact

To measure success, we tracked:​

  • Threat response time → Improved by 40% as analysts could act immediately.

  • User adoption → Analysts reported increased efficiency in identifying and mitigating incidents.

  • Reduced alert fatigue → Grouped alerts and filtering options led to fewer distractions.

  • Stakeholder satisfaction → PMs and security leads acknowledged clear gains in operational efficiency.

If you wanna read more scroll down or you can also download
What Makes This Case Study Unique

  • Deep cross-functional collaboration between design, engineering, product, and security analysts.

  • Real-time problem-solving: designing for high-stakes environments where seconds matter.

  • A strong focus on usability under cognitive load, delivering clarity without overwhelming.

  • Robust iterative UX process: research > definition > prototyping > stakeholder alignment > refinement.

What We Did

We enhanced the Cloud Detection & Response (CDR) dashboard by integrating Live Streaming and real-time threat processing capabilities. This empowered security analysts to monitor and respond to threats instantly, rather than relying on retrospective data.

My Role

As the lead product designer, I led user research, defined requirements with cross-functional teams, and designed the real-time alerting interface with a focus on usability and efficiency. I iterated based on feedback and ensured alignment between user needs and technical constraints. Collaborating with a strong team enabled valuable brainstorming and design refinement.

My role
The challenge & goal
The Challenge & Goal

The Problem:​ ​

Security teams relied on delayed data, reducing their ability to respond quickly. Analysts had to refresh logs manually or wait for periodic updates.

Goal: ​

Deliver a real-time solution that:

  • Detects threats instantly.

  • Surfaces clear, actionable alerts, reducing analyst fatigue.

  • Helps prioritize alerts efficiently and focus on the most critical threats.

  • Integrates seamlessly into existing workflows.

✅ A UX challenge centered on real-time threat detection without disrupting the analyst's focus.
Research
Research

To validate our approach, I conducted: ​

  • User Interviews with analysts to uncover real-world friction points.

  • Competitive Benchmarking of real-time security monitoring tools.

  • Feasibility Analysis with engineering on data processing constraints.

 

Key Insights:

  1. Analysts needed an intuitive way to track live threats without alert fatigue.

  2. Grouping similar threats was essential to reduce information overload.

  3. Quick-response actions (e.g., isolate an asset, dismiss) were critical to streamline triage.

  4. Analysts needed custom filters and sorting to focus on the most relevant threats.

Working process
Working Process

1. Understanding User Needs & Defining Requirements

  • Interviewed analysts to map pain points.

  • Worked with PMs to prioritize.

  • Aligned on technical feasibility with engineering.

 

2. Stakeholder Alignment & Collaboration

  • Led cross-team discussions to align goals and constraints.

  • Facilitated workshops to validate early concepts.

3. Wireframing & Prototyping

  • Created multiple UI versions.

  • Developed interactive prototypes for live-update simulation.

4. Iterative Design & Refinement

  • Gathered internal feedback.

  • Refined UI elements: event timeline, alert grouping, quick-actions.

  • Added filtering and sorting to reduce overload.

✅ The design was driven by real user insights, cross-functional alignment, and iterative prototyping — ensuring every decision was grounded in stakeholder needs and technical feasibility.
The design
The Design

The final design introduced a Live Streaming panel that dynamically updated threat events in real time. The key improvements included: ​

 

  1. Real-Time Event Timeline → A visual timeline displaying threat patterns over time.

  2. Severity-Based Event Grouping → Critical alerts are prioritized, while related threats are grouped together to reduce noise.

  3. Contextual Drill-Down Panel → Clicking an event opens an expanded view with in-depth details and evidence, allowing analysts to quickly assess and take action.

  4. Quick Action Controls → Analysts can respond to threats directly (e.g., create a ticket, isolate a machine, dismiss false positives) without leaving the dashboard.

  5. Customizable Filters & Timeframes → Users can refine event streams based on severity, asset type, and time range.

 

These changes ensured analysts could efficiently track and respond to threats in real time without overwhelming them with excessive notifications.

The header includes Live Streaming status indicators and a dropdown that allows users to switch between live streaming and historical data views. Additionally, users can adjust the time interval for real-time data display, optimizing their experience based on monitoring needs.

A “15 minutes” selection slider further customizes the time range for viewing recent events, giving users flexibility in how much real-time data is displayed.

Grouping was critical for usability and efficiency.

We introduced:​

  • Potential Threat Grouping → Groups similar threats across assets to help prioritize response.

  • Rule-Based Grouping → Organizes events by triggered rules to identify policies needing review.

  • Asset-Based Grouping → Focuses on affected assets to support targeted mitigation

✅ Introduced intuitive grouping views (by threat, rule, asset) — enabling security teams to investigate threats from multiple angles with clarity.

To provide deeper insights, we enhanced the asset details and investigation workflow:

Asset Details View → Selecting an incident opens a detailed view of affected assets, including information like MITRE ATT&CK techniques and threat progression.

Captured Evidence Visualization → The Captured Evidence tab organizes relevant data artifacts, such as process launches and file downloads, helping analysts understand the full scope of an incident.

What We Achieved 

Threat response time

Improved by 40%, as analysts could act instantly.

User adoption

Analysts reported increased efficiency in identifying and mitigating incidents.

Reduced alert fatigue

Grouped alerts and filtering options led to fewer distractions.

Summary
Summary

This project showcased:

  • The power of early stakeholder alignment

  • Importance of designing for high cognitive load

  • A UX-led approach to building real-time, high-impact features

 

By focusing on real-time visibility and efficient response actions, we significantly enhanced the effectiveness of the CDR dashboard, making security teams more proactive and responsive. Lessons learned here will inform future improvements in live monitoring and automation.

✅ This design was focused on reducing response times, increasing visibility into ongoing threats, and enabling real-time detection and analysis with minimal user friction

Other Projects

Incident Response Dashboard 

Image-1.png

Side-by-Side Remediation

Assisted Remediation - Fix the control safely.png
Feel free to read more case studies and you can also download
bottom of page