Endpoint Sensor
To help organizations close detection, investigation, and remediation gaps, Endpoint Sensor provides complete visibility into attack vectors, propagation, and the full impact of targeted attacks.
Role
UX desginer
Role
UX desginer
Role
UX desginer
Service
UX design, Design research
Service
UX design, Design research
Service
UX design, Design research
Year
2017-2018
Year
2017-2018
Year
2017-2018
DISCOVER
DISCOVER
DISCOVER
Traditional endpoint protection platforms, such as antivirus products, are no longer sufficient against advanced attacks, driving the rise of Endpoint Detection and Response (EDR) solutions. Endpoint Sensor is Trend Micro’s flagship EDR product.
Before diving into design, researchers and I defined target audiences based on company strategy, market trends, and customer research. We gathered real use cases from Gartner reports and internal/external interviews, then validated concepts with customers using wireframes I designed, ensuring the product was aligned with user needs and market demands.
Traditional endpoint protection platforms, such as antivirus products, are no longer sufficient against advanced attacks, driving the rise of Endpoint Detection and Response (EDR) solutions. Endpoint Sensor is Trend Micro’s flagship EDR product.
Before diving into design, researchers and I defined target audiences based on company strategy, market trends, and customer research. We gathered real use cases from Gartner reports and internal/external interviews, then validated concepts with customers using wireframes I designed, ensuring the product was aligned with user needs and market demands.
Traditional endpoint protection platforms, such as antivirus products, are no longer sufficient against advanced attacks, driving the rise of Endpoint Detection and Response (EDR) solutions. Endpoint Sensor is Trend Micro’s flagship EDR product.
Before diving into design, researchers and I defined target audiences based on company strategy, market trends, and customer research. We gathered real use cases from Gartner reports and internal/external interviews, then validated concepts with customers using wireframes I designed, ensuring the product was aligned with user needs and market demands.
DEFINE
DEFINE
DEFINE
We created a persona map identifying Types A, B, C, and D users. Research revealed that Types C and D were not concerned with advanced threats and thus not the target audience for EDR products. We focused our design on Types A and B users, who represented the primary targets.
We created a persona map identifying Types A, B, C, and D users. Research revealed that Types C and D were not concerned with advanced threats and thus not the target audience for EDR products. We focused our design on Types A and B users, who represented the primary targets.
We created a persona map identifying Types A, B, C, and D users. Research revealed that Types C and D were not concerned with advanced threats and thus not the target audience for EDR products. We focused our design on Types A and B users, who represented the primary targets.
DESIGN
DESIGN
DESIGN
The core value of an Endpoint Detection and Response (EDR) solution is to reveal the root cause of threats and provide a seamless flow for faster investigation and response. To serve both user types, I balanced the design by offering detailed information for Type A users while avoiding data overload for Type B.
In the wireframes, I provided guidance on data flow, API integration, and interaction details. I also organized detailed data—such as process IDs, file paths, and hash values—into secondary or tertiary layers, paired with corresponding actions like endpoint isolation or object termination.
The core value of an Endpoint Detection and Response (EDR) solution is to reveal the root cause of threats and provide a seamless flow for faster investigation and response. To serve both user types, I balanced the design by offering detailed information for Type A users while avoiding data overload for Type B.
In the wireframes, I provided guidance on data flow, API integration, and interaction details. I also organized detailed data—such as process IDs, file paths, and hash values—into secondary or tertiary layers, paired with corresponding actions like endpoint isolation or object termination.
The core value of an Endpoint Detection and Response (EDR) solution is to reveal the root cause of threats and provide a seamless flow for faster investigation and response. To serve both user types, I balanced the design by offering detailed information for Type A users while avoiding data overload for Type B.
In the wireframes, I provided guidance on data flow, API integration, and interaction details. I also organized detailed data—such as process IDs, file paths, and hash values—into secondary or tertiary layers, paired with corresponding actions like endpoint isolation or object termination.
Simplified Chain
Simplified Chain
Simplified Chain
A streamlined first layer that helps both user types quickly understand the attack story.
A streamlined first layer that helps both user types quickly understand the attack story.
A streamlined first layer that helps both user types quickly understand the attack story.
Distinct Visuals & Friendly Legend
Distinct Visuals & Friendly Legend
Distinct Visuals & Friendly Legend
Clear color coding to indicate severity and intuitive icons to represent the historical attack path.
Clear color coding to indicate severity and intuitive icons to represent the historical attack path.
Clear color coding to indicate severity and intuitive icons to represent the historical attack path.
Enriched Content
Enriched Content
Enriched Content
Data enrichment and vendor guidance that lead users smoothly through investigations.
Data enrichment and vendor guidance that lead users smoothly through investigations.
Data enrichment and vendor guidance that lead users smoothly through investigations.
Detailed Data List
Detailed Data List
Detailed Data List
A comprehensive table view for Type A users who need access to full data details.
A comprehensive table view for Type A users who need access to full data details.
A comprehensive table view for Type A users who need access to full data details.
DELIVER
DELIVER
DELIVER
In Q4 2018, the product was officially released. Before the code freeze, developers added tracking to capture user configurations and usage statistics, providing valuable data to continuously improve the design and optimize the user flow.
In Q4 2018, the product was officially released. Before the code freeze, developers added tracking to capture user configurations and usage statistics, providing valuable data to continuously improve the design and optimize the user flow.
In Q4 2018, the product was officially released. Before the code freeze, developers added tracking to capture user configurations and usage statistics, providing valuable data to continuously improve the design and optimize the user flow.