summary

Matchlight was a Digital Risk Protection (B2B SaaS) solution that monitored for customer asset exposure across the deep, dark and open web. Differentiated by patented Fingerprinting technology, Matchlight could “find a needle in a haystack, without seeing the needle” and subsequently alert customers.

My role: Principal Designer- responisble for all UX Research, UX Strategy and Product Design. Managed visual design contractors handling external website and marketing materials.

Deliverables: Discovery, Competitive Analysis, Interviews, Surveys, Personas, Requirements, User Stories, Card Sorting, User Flows, Wireframes, Mock-ups, Prototypes, Usability Testing, Visual Design, Data Visualization, Animation.

Tools Used: Figma, Photoshop, Illustrator, InVision, UsabilityHub, Full Story

Timeframe: 2019-2021

The Problem

The original product focused solely on dark web data intelligence and though Terbium Labs was one of the pioneers in the field, there were an increasing number of competitors with broader scope and newer, easier-to-use products. A complete product redesign was in order.

Key Issues:

1. Customer retention and sales were low.
2. Customers did not understand “fingerprinting”, our key differentiator.
3. Navigation was confusing and the User Interface (UI) was starting to look dated.
4. Users relied heavily on analysts, so scalability was limited.
5. The original tool only focused on the dark web, so users used our tool in conjunction with a expensive suite of other tools.

Before redesign:

The Solution

All New Matchlight:

1. A clean "social media" inspired layout.
2. Machine learning leveraged to create a feed of curated & combined alerts.
3. Less clicking and “digging”.
4. Expanded coverage across open web, social media and mobile.
5. Automated report generation for scalability.
6. Increased context and actionable insights.

Research

We kicked off with 6 weeks of discovery, including:

1. Interviews with stakeholders, customer service and sales team members.
2. Interviews and remote Field Studies with our analysts and client users.
3. Competitive Analysis of 9 competitors, with 2 deep dives.
4. Personas for 3 key users.
5. Usability Testing of low fidelity wireframes, and high fidelity prototypes.
6. Card Sorting for navigation and organizing tables.

 

Stakeholder Interviews

User Interviews & Field Studies

Personas

We created personas to represent the three key users of our tool.

We found that our own analysts currently used the tool more than our clients did.

BUT, we wanted to change that.

So we focused two personas on the desired users that we would like to attract more engagement from.

competitive analysis

Many competitors were vying for prominence in this space. I reviewed a lot of marketing pages and youtube videos to get a glimpse of their platforms. Two stood out:

Recorded Future offered depth of information, in a very clean, minimal and modern package. The color palettes they used for data visualizations were effective for communicating distinctions between types of data. The minimal look kept emphasis on the data.

ZeroFox had a very intuitive information architecture, and summarized information nicely. Their initial dashboard was a very effective summary of relevant information, and included a contextual story arc.

So, we wondered what would it look like if Recorded Future and ZeroFox had a baby?

 

Early wireframes

Usability tests on early wireframes led to:

1. A Social Media inspired layout. Combining the different alert types into one feed and keeping that feed on the dashboard.
2. Improved input system to help clients correlate fingerprinted assets to their own databases.
3. A tabulation and categorization of which assets were being monitored on the dashboard, for improved context.
4. New “Risk Score” on both the account and alert level.
5. Added “Top Concerning” and “Recommended Actions” lists on main dashboard.

Card Sorting

Using FigJam or Optimal Workshop, I conducted a series of card sorts for making decisions about information architecture, navigation and even table column order.

In the example below, I conducted card sorting exercises with 9 participants (they did not see eachother’s results) so that I could optimize column order, especially as modals could obscure visibility of columns sometimes

Empty Card Sort. Categories and cards offered to each participant:

Aggregated Results:

High Fidelity Mockups

• We balanced clean, calm and “minimal” with supplying more information and functionality on every screen.
• We tested charts for accessibility across vision differences, especially when presented as thin lines and dots.
• Introduced icons for key, recurring concepts.
• Lots of greys (tested for contrast) and white space.
• Color used sparingly and strategically- reserved for emphasis, and communcation through data visualization.
• 4 categories for our color palette
  - Brand
  - Traffic light for hierarchical data
  - Equal weight, but distinct colors for categorical data (no traffic light colors)
  - Gradients for relational data

Testing The Prototype

We created a prototype in Invision to usability test our early prototype. A few of the features we added based on these tests:

1. A drop-down option for admins only, to switch views between admin portal and multiple client views.
   
2. Alerts opened in modals. Analysts preferred this, so they could contextualize against the list of alerts.

   
   Before:
   
   After:
   

3. Two different kinds of status.

   System generated, user specific- which indicates whether an alert is "New" or "Updated" since this particular user last logged in.

   User generated, user universal- a kind of light workflow option, to indicate whether an alert as Acknowledged, Mitigation in Progress, Closed, etc. This status will be the same for all users.

   
   Before:
   
   After:
   
   

Ongoing Improvements

In less than two years, we introduced many new features based on regular user feedback and testing. Some included:

1. Pre-populated alert templates, to streamline analyst input.
2. A library of found sites for automation of alert population.
3. A system for bypassing captcha on dark web sites.
4. Capability to identify and merge mirror sites, for streamlined reporting.
5. Increased workflow capabilities to assign alerts and offer increased status visibility.
6. Dark web snapshots to minimize users’ need to access the dark web.
7. More strategically placed education about “Fingerprinting”:

Impact

• Customer retention increased from 50% to 100% in the first year alone.
• Sales to new customers tripled the first year.
• We were able to support the 300% increase in customers without hiring new analysts.
• Customers routinely commented on how easy and intuitive the tool was to use.
• Some customers told us they liked to use our tool in conjunction with Recorded Future. This was a new market angle we had not previously considered.
• We received 5 stars on reviews via Gartner.
• Within two years, the product was acquired by Deloitte.

conclusion

Matchlight was created by early stage start-up Terbium Labs so that risk could be monitored, without increasing risk (by turning confidential data over to a third party for monitoring.)

I joined Terbium Labs in June of 2019, as part of a new product team, tasked with revitalizing a product that still offered unique capabilities but was lagging behind competitors.

As the sole product / UX designer, I worked in close collaboration with stakeholders, product management and engineering teams to research, design, test and build quickly.

We had a functional prototype of our MVP to bring to Black Hat USA by August 3, 2019, and a fully functioning product by January 2020.

On June 15, 2021, Matchlight was acquired by Deloitte as part of their cybersecurity suite of tools.

Press:

Terbium Labs Enters the Digital Risk Protection Market with Robust Platform to Combat Data Loss, Fraud, and Misuse on the Open, Deep, and Dark Web (Oct 15, 2019)

Deloitte Acquires Digital Risk Protection Solution Provider Terbium Labs to Expand Threat Intelligence Offerings (Jun 15, 2021)

return to top