Developing Visualisations to Enhance an Insider Threat Product: A Case Study

TL;DR

This paper details the development of data visualisations to improve a commercial insider threat detection platform, enabling analysts to better identify patterns and outliers for enhanced security insights.

Contribution

It introduces a tailored visualisation design process for insider threat analysis, integrating user feedback to improve detection capabilities.

Findings

Visualisations help analysts identify risky insider activities.

Design process incorporates domain expert feedback.

Enhanced visual tools support pattern and outlier detection.

Abstract

This paper describes the process of developing data visualisations to enhance a commercial software platform for combating insider threat, whose existing UI, while perfectly functional, was limited in its ability to allow analysts to easily spot the patterns and outliers that visualisation naturally reveals. We describe the design and development process, proceeding from initial tasks/requirements gathering, understanding the platform's data formats, the rationale behind the visualisation's design, and then refining the prototype through gathering feedback from representative domain experts who are also current users of the software. Through a number of example scenarios, we show that the visualisation can support the identified tasks and aid analysts in discovering and understanding potentially risky insider activity within a large user base.