Sharing is Caring: Optimized Threat Visualization for a Cybersecurity Data Sharing Platform

Cyberattacks are increasingly costing organizations billions of dollars annually. To protect against them, cybersecurity information sharing and cyberthreat visualization have become crucial research topics. Our platform, CYBersecurity information EXchange with Privacy (CYBEX-P), implements developments in both areas as an approachable collaborative security tool. CYBEX-P's threat-intelligence graph displays indicators of compromise and their crowd-reported threat levels. Intuitive and efficient data interaction is key for adoption of such a contributor-driven system and is the focus of this work. A user study was conducted with participants from cybersecurity backgrounds to test different visualization configurations. Measurements pertaining to dependent variables such as task accuracy and threat-detection time were recorded. Subsequent analysis revealed that relying on localized color to represent threat comes with serious limitations. Likewise, information density must be carefully considered. We conclude that the misuse of simple visual properties can lead to perilous reductions in accuracy and response-time and provide recommendations for avoiding these pitfalls.