How design helped a cyber security app increase DAU by 62%


Written by

Laura Bosco

The featured image for this blog post.

To say the cyber security market is booming is an understatement. In the last decade and a half, the global market has grown over 39x.

There’s a ton of money flying around this industry, and that means there’s a load of competition, too. The good news is, in an industry known for frustrating and 90s-esque interfaces, great design is one way emerging cyber security companies can build a strong competitive advantage.

Things are looking pretty saturated out there

Globally, the cyber security market is worth $173 billion, and it’s expected to grow to $270 billion by 2026 (hitting a 26.5% compound annual growth rate, if you’re into those stats). Investment deal sizes are ballooning as well. In 2019, $9.68B was raised across 767 deals—that’s a 34% increase in funding from 2018.

And while some speculate this is a bubble, there’s good reason this market is hot. Cyber security spending is now outpacing general IT spending for organizations and is a growing priority for the c-suite. Gartner predicts 100% of large enterprises will be asked to report on cyber security by this year, and quarterly call data shows the topic is trending hard.                    

cybersecurity is trending up in quarterly c-suite calls

For newer startups, all this means a lot of competition. But, assuming a startup addresses a real need, they don’t need $20 million in funding to stand out. From experience, we know great customer-centered design can separate you from the competition by miles.

Quick note: We’re about to jump into an example of good design below. So, you should know that when we talk about “great design,” we’re not simply referencing how a screen looks. We’re talking about how a product provides value to customers; how visuals, workflows, and loads of other details get a user from “pain experienced” to “problem solved.” That is great design.

How GreyNoise grew daily active users by a jaw-dropping 62%

GreyNoise is a bit, well, unusual. While most cyber security companies tell you who to pay attention to, GreyNoise tells you who not to pay attention to. They’re anti-threat intelligence.

They’ve been monitoring the background noise of the internet for years. And now, with an insane amount of data, they’re able to differentiate between “a targeted attacker and some kid in his basement building a botnet to mine Bitcoin.” Because, for GreyNoise’s customers, the difference can mean a seven-figure incident.

But GreyNoise initially faced a pretty big hurdle: Not many people knew (or cared) about internet background noise.

Wrestling with the “who cares?” problem

When Andrew Morris, CEO at GreyNoise, first started working on this idea in 2013, he was fascinated by the data he was collecting. He assumed if he showed it to other people, they’d find it cool too.

Spoiler: They didn’t.

“I figured if I just showed people the data,” he said, “they would be just as excited as me. I was wrong.”

The old version of something called the visualizer was supposed to solve this problem.

It was supposed to showcase what the GreyNoise API (GreyNoise’s main product) can do, why it matters, and get users excited about the data. But the old version wasn’t doing all these things. It was useful but difficult to navigate. It was also limited—only a small number of people knew how to access or use it.

The old visualizer

Andrew wanted something more people could access and get excited about. So, he partnered with us.

To determine what a revamped visualizer would do, he identified 5 distinct use cases for GreyNoise and worked backward from what users needed in each case. These use cases are:

use cases for GreyNoise

If a feature or idea wasn’t crucial to one of those use cases, it went on the chopping block. “Anything that wasn’t contributing to those 5 things didn’t matter,” he said.

Based on those use cases, and feedback from 50+ community members, investors, and friends, we created the new visualizer.

The new visualizer: 1,300 accounts in 60 days

The new visualizer doesn’t look like your typical security product, and this is very intentional.           

The new GreyNoise visualizer


GreyNoise isn’t your typical threat intel, and Andrew wanted this DNA-level difference immediately apparent to users. From the moment you hit the main page, the design communicates, “Hey, this isn’t what you’re used to.”

That was a good start.

But to really grasp why and how GreyNoise is different, we needed people to explore the data. They do this through the search bar, using a custom query language Andrew created called GNQL. This language is brand new, though, and most users haven’t mastered it.

So, we created a custom autocomplete feature. But this isn’t just any off-the-street autocomplete. GreyNoise’s autocomplete took over 30 hours of work. It suggests queries in-line with scrollable results. It's also continuous autocomplete. Meaning, you can start typing and select a term, then keep typing and select another term. It's more like predictive text on your iPhone than any autocomplete you run into online.

These features are painstakingly designed to help users discover new queries and expand simple ones. Meaning, new users get the hang of the language and repeat users can conduct more complex searches in seconds.

Once you run a query, search results are almost entirely clickable. Tags and examples are all items you can dive into. And because the web app is fast, checking out all these things is painless. This is because, as we mentioned earlier, people have to be able to explore the data to understand why it’s valuable.

These clickable search results are particularly useful to researchers and analysts, who chase down interesting pieces of data. They find one thing, which is connected to another thing, which is connected to another thing. These seemingly-random tidbits are very valuable to surface, and they're the type of information that's most likely to get shared—or lead to press coverage.

So, by making every piece of search results clickable, we encourage people to keep moving around the data and connecting it in new ways. Sort of like live links in Wikipedia.                   

GreyNoise search results example
Check it out for yourself at

Another thing to notice about search results is the overall format. Here, too, the design is different from most security products. Most products return a results table with a long list of information on one screen (similar to the old visualizer). For the updated web app, we opted for a card approach—you see a limited number of IPs on each screen with helpful information about each IP.

This is intentional as well. The visualizer is a free peek at the data the main product provides. It aims to get users excited about what they could do with even more information through the GreyNoise API.


As a product, the Visualizer is powerful and easy to use. The design, based on specific use cases and workflows, delivers a lot of value to GreyNoise’s target audiences. Even better, it makes those people more awesome at their jobs—the hallmark of a successful product.                                                            


And as a marketing tool, the visualizer is incredibly effective at engaging people. Since the facelift, the Visualizer’s bounce rate has improved by 80%, while average time on page has improved 300%. But perhaps most telling is the accounts. Though GreyNoise initially provided little incentive to create an account, users created over 1,300 accounts in the first 60 days. Since we launched the latest feature, daily active users (DAU) has grown by 62%.

These results are, in part, driven by powerful word-of-mouth adoption. We put in extra hours to make sure users can share any visualizer search result by copy and pasting the URL. Now, the GreyNoise team sees people sharing these URLs in chat and on social media all the time.

Update: In August 2020, GreyNoise announced a $4.8M seed investment led by CRV. 🎉

Great design isn’t a “nice-to-have” in cyber security

GreyNoise provides an incredible customer experience, but they’re in the minority. Many cyber security companies are behind the curve in terms of design, and it’s not because they enjoy frustrating customers.

It’s difficult to prioritize great, customer-centric design for a handful of reasons:

While these factors mean frustrating experiences for current users, it also means a huge opportunity for growing players in the market.

As GreyNoise shows, the companies that deliver value to customers through loveable design can earn a big leg up on competitors. And as the market becomes more and more saturated, these companies will capture more customers and retain them at a higher rate.

Confession: We’re total design geeks 👋

We spend our time reading user onboarding teardowns, debating how to make forms easier to use, and tweaking little details to make products loveable AF. And we enjoy every single minute of it.

If you bring the security expertise and business-savvy, we can help you design a product that retains customers, encourages word of mouth growth, and separates you from the competition.

Schedule a free strategy call
with founder Andrew Askins to learn more.

A big thanks to GreyNoise for letting us highlight some of their sweet progress.

Laura Bosco is a writer and people person. She helps tech startups do tricky things, like explain who they are and what they're doing. Ping her on Twitter to say hi.