Clarifying threat detection for overwhelmed security teams
Superna provides data security and protection solutions for hybrid cloud environments. We help organizations, including Fortune 500s, federal agencies, and healthcare systems, protect unstructured data from ransomware attacks, data breaches, and other critical threats.
In 2023, we were losing competitive deals to better designed data security products. I redesigned our flagship product, Superna Data Security Edition. I owned research and design, established reusable patterns across the platform, and used AI-powered prototypes to validate faster with customers. The redesign became a key selling point and a defining factor in customer retention.
Timeline
April 2023 to January 2026
Team
1.6 hrs/day
given back to security teams
57%
reduction in false positive investigation time
Minutes to Seconds
time to comprehend a threat
Context
In 2023, our sales team repeatedly heard the same feedback: the interface felt dated. We were losing customers to better designed data security products. Existing customers were also missing critical threats due to interface friction.
If this continued, we'd lose our position as a leader in the enterprise security market.
Previous Interface
Discovery
We interviewed storage administrators and IT managers to understand workflows, handoffs, and decision making during incident response.
We then ran cross-functional workshops with support, engineering, sales, and product to align on user pain points and define what we needed to change first.
Affinity mapping based on personas during a workshop
Early user journey mapping
Definition
Four recurring themes based on patterns we saw during research...
Dated Interface
The visual design looked dated and reduced trust in the product capabilities.
Context Switching
Investigations required too many windows which created disorientation.
Fragmented Information
Users had to piece together one threat across disconnected screens.
Cognitive Load
Mental load reduced attention available for higher-risk threats.
Systems Thinking
Investigating a single threat meant juggling 7 windows at once.
The previous interface scattered threat information across 7 different windows. Users had to click through multiple layers and mentally piece together the story. This created significant cognitive load during critical security events.
Design Process
Our design process was scrappy.
We moved fast with limited user testing access, so every customer call had to count. I created many iterations, then selected a design that would give us the most valuable feedback.
First Iteration
Security teams responded positively, but revealed new problems.
Feedback
The Synthesis
Second Iteration
Users provided more feedback to further improve the design.
Feedback
The Synthesis
Final Solution: Progressive Disclosure
Solution
The slide-out became the core pattern for surfacing contextual information across our platform. Users could review, action, and close a threat from the slide-out without a full investigation.
Navigating Business Constraints
Users did not understand why a threat was flagged as abnormal.
We failed to tell users why we flagged behavior as abnormal. Users had to investigate and make an educated guess as to what happened.
The Constraint
The cryptic labels protected competitive advantage. Stakeholders were concerned that exposing detection logic would help competitors replicate our system.
We needed a solution that explained what each detector caught without revealing how it worked. We came up with Threat Categories that described each of our detectors in plain language. This solution didn't require backend API changes, making it easier for our development team to implement.
Final Solution: Threat Categories
Each category matches severity level (Critical, High, Medium, Low), so the label communicates what happened and the color communicates urgency.
Solution
Threat categories cut time to assess a threat from 1–2 minutes to seconds. Storage administrators made more confident decisions, reducing risk window and speeding response.
Process Innovation
AI-powered prototyping
Our Figma prototypes couldn’t keep up with the product’s complexity. Tasks like file browsing and threat investigation required realistic interactions that Figma prototypes couldn’t recreate.
We were also maintaining three separate prototypes for three different audiences. That became unsustainable for a two-person design team.
To solve this, I built a functioning prototype of our redesign. With the help of AI, I moved page concepts from Figma into functioning code.
Our Prototype library, which allowed us to demonstrate our product to different audiences.
The versioning feature allowed us to use the prototype to serve different audiences. A single prototype could show three different states of the product:
- •Now: Used with developers to show how a feature should look and behave in production.
- •Next: Shared during customer calls for UAT and beta feedback on upcoming features.
- •Future: Used in strategic discussions to show where the product was heading.
The Lightbulb Moment
The insight that pushed me to build this came from watching realistic mockups shift stakeholder opinion when presenting ideas. The closer a prototype is to the real thing, the better the feedback, and if we wanted better validation, I had to build a better tool.
I started on my own, treating it as an experiment. I rebuilt our front end in Next.js, styled prebuilt components to match our design system, and used Cursor and later Claude to move Figma screens into code. After validating the approach, I brought it to my team, and we opened a shared repository.
AI changed how we worked in the double diamond. We could build and test during the definition phase, and move faster between design and development.
An experimental feature telling users the confidence level of a threat.
An experimental feature allowing users to create custom threat triggers.
We tested high-fidelity concepts with 8+ customers. The questions customers asked were more specific and grounded in what we got in Figma demos. We could put different directions in front of users and get meaningful feedback.
Successful Partnership
Building a flexible design system with Dell
Our dated interface was costing us competitive deals. We needed to modernize while meeting strict Dell partnership requirements.
Rather than maintaining two separate design languages, we collaborated with Dell's design team to create one interface supporting both brands with minimal changes.
I documented core components like buttons, dropdowns, and slide-out panels as system patterns, not one-off feature assets.
We maintained the Dell OEM partnership with a unified design system and improved deal confidence through stronger visual trust.
Outcomes
The redesign became a key factor in customer retention and a differentiator in competitive deals. Security teams saw significant reductions in time spent investigating threats.
It shipped because the team was quick and scrappy when it came to designing, validating with users, and making trade-offs when necessary. We balanced design quality with engineering and business constraints.
1.6 hrs/day
given back to security teams
57%
reduction in false positive investigation time
Minutes to Seconds
time to comprehend a threat
What I learned
The AI prototyping process changed how I think about the space between design, engineering and product management. Getting concepts into code earlier made all of our processes faster. When I started at Superna, we utilized the double diamond approach, and after AI was integrated into our processes, that became almost obsolete. This is an area that I’m still understanding and exploring.
Working within a two-person design team on a complex platform improved my ability to prioritize. I learned to move fast through iterations rather than always waiting for the perfect design.