Hi, my name is Alina Anri. I’m a Product Designer.
Most of my case studies focus on desktop applications. For the best viewing experience, it’s recommended to open the portfolio on a tablet or desktop.
Overview
Develop cybersecurity solutions that protect APIs and cloud apps. Modern digital products depend on APIs, but many organizations don’t know exactly how many they have, how they work in real life, or where the risks are.
As systems get bigger, APIs pop up in microservices, internal tools, and third-party integrations, making it hard for security teams to keep track and monitor them effectively.
Problem
Many organizations run hundreds or even thousands of APIs across different environments, and a lot of them end up undocumented or poorly tracked—leaving security gaps.
Security teams often deal with scattered data, missing API inventories, and complicated logs that make investigations slow and difficult. Most tools just show raw technical info, but don’t really help teams understand risks or decide what to tackle first.
workflow
Users
The platform is used by technical security roles.
Security engineers analyze vulnerabilities and attacks.
DevSecOps engineers integrate security into infrastructure and CI/CD pipelines. Platform engineers manage API gateways and system architecture.
All users operate in environments where speed and clarity are critical for responding to incidents.
Research
Research included interviews with security engineers and analysis of real attack investigations.
Key insights showed that engineers rely heavily on logs but struggle to correlate signals across systems. Most investigations begin with traffic anomalies, and tools that reduce investigation time are highly valued. This led to a core principle: security data must show risk and context together.
Key findings
Key product areas
The interface includes several areas supporting the security workflow.
— Threat prevention dashboards show normal and malicious traffic patterns.
— Attack investigation tools provide details about incidents and attack sources.
— API discovery builds an inventory of endpoints with risk levels.
— Abuse detection identifies suspicious behavioral patterns such as scraping or automated attacks.
Key UX decisions
Several design decisions shaped the interface.
— A unified risk scoring system prioritizes critical findings.
— Investigation views include contextual metadata such as IP, request patterns, and affected endpoints.
— Logs were translated into visual analytics like charts and anomaly graphs.
— Progressive disclosure keeps advanced details accessible without overloading the main interface.
Design process
The design work began with mapping the workflows security engineers use when investigating incidents. This helped identify which data is essential at each stage of the investigation.
Based on this understanding, the interface structure for monitoring dashboards and investigation tools was modeled. Prototypes were created to test different approaches to visualizing security data.
These prototypes were reviewed with engineers and security researchers. Their feedback helped refine interaction patterns, data grouping, and visualization techniques.
Key results
Outcome
The redesigned UX of platform enables security teams to discover undocumented APIs, detect threats faster, and investigate incidents more efficiently.
Structured dashboards provide visibility into attack patterns and risk exposure, turning complex telemetry into actionable security insights.
domain
CYBERSECURITY
Teammates
PM, backend, Frontend, QA, designers
Format
ENTERPRISE SAAS
Status
Production