A Powerful Platform of Cybersecurity

End to end security and operational integrity solutions for industrial control systems.


Continuously monitor and detect malicious activities and high-risk changes.


Receive context-rich alerts for rapid triage and investigation.


Proactively discover and eliminate vulnerabilities, misconfigurations, and insecure connections.

One Dashboard that keeps you posted

You can obtain complete awareness of the industrial control network at a glance. The dashboard integrates critical information of the entire system. Stay on top of traffic, alerts, activities, threats from one place.

All your assets, under control

Our inventory management system keeps track of the state of the network and attached devices over time. Through our dynamic search function, you can locate nodes by labels, IP, Mac address, banners, and filter by the specific combination of protocol and bandwidth.

Respond confidently with clear insights

Once an abnormality has been detected, use inspection to help you respond to attacks with confidence. Our high-performance deep packet inspection engine rapidly extracts relevant features of packets.

Keep everyone on track

For users of all different levels of engagement and authority, we help you generate monthly, weekly, hourly reports from a wide range of aspects to facilitate team collaboration.

My Role
UX Design Lead

Defined product information architecture.
Clustered and streamlined system functionality based on the typical workflow of system operators.
Collaborated with researchers, cybersecurity experts, industrial stakeholders, to define high-level product features and build the user interface from the ground up.
Conducted extensive usability testings on the system UIs and iterated rapidly to meet client needs.

UI Designer

Designed the user interface of the management console.
Visualized network connections, activities and high-level insights, to support both summarization and deep analytical tasks.
Worked closely with founders, developers, core stakeholders to deliver high-fidelity design containing rich interactions.

As the core member of the product team and the UX lead, I contributed to the company's growth from the early stage to the seed round with 1 million dollars venture capital raised in 2018.
David Formby, CEO/CTO at Fortiphyd Logic

"We've been lucky to have Zheru leading the UX design of our network monitoring system for over a year, and during this time she demonstrated the rare combination of passion, dedication, and creativity that makes for the best UX designers. Zheru was unafraid to jump into the deep technical jargon surrounding our system, ask the right kinds of questions to understand user needs, and come up with creative ways of clearly visualizing complex data. She is a pleasure to work with, and I am confident she would be a valuable asset for any UX team."


The unique architectures and complex situations of ICS networks pose many challenges to the system operators. Our platform identifies these challenges and offers innovative technology to make security personnel more capable of operating in the industrial environment.

Make quick judgments of general security level

Keep updated on changes

Identify threats from massive data

Collaborate with multiple operators

Execute repetitive commands over a large number of assets

Troubleshoot your system

Our Approaches

Challenge 1
Make quick judgments of general security level

Then entire ICS network can contain thousands of nodes and devices, sometimes even more. How can we communicate the overall security level to the users at once? That's where the "Health score" comes in. Our system computes a "health score" for each device in the network based on its activities and baseline state. From these individual health scores, we can calculate a general score to reflect the health situation of the entire network.

Holistic network health overview

Looking for quick takeaways? The health overview panel provides a summary of the general security level. It aggregates health score (general and subnet) and numbers of alerts (categorized by level of severity). Monitoring a huge system has become so simple and effortless!

The integrated information center - dashboard

If you only want high-level insights, this dashboard is all you need. We've divided it into 4 blocks including the overview panel, to reflect the network from different angles. The 4 blocks are Health Score, Bandwidth, Nodes Information (within which there are 4 tabs: Bandwidth, Alerts, Inventory, Health Score), Alerts. With this information displayed, you can stay on top of critical information at a glance.

Customize your watch list

When different operators co-monitor the system, their responsibilities vary slightly. Our system lets each individual user customize the asset groups and select which to show on the health overview panel. In this way, everyone keeps an eye on their priorities.

Challenge 2
Keep updated on changes

Changes in the network are sensitive. Some abnormalities can only be identified when compared to the baseline. In order to help our users maintain awareness, we have designed many tools to reveal the network changes.

See what's happening with your assets

One of the most important things our users care about is the inventory change. Sometimes a new asset means attack, and is worth ringing the alarm.

We designed an inventory dot matrix on the dashboard to communicate the status of all current assets. On this graph, color encodes the status. More information about each node will be displayed on hover.

Reveal difference with a baseline time period

Besides the quick overview of the dashboard, we provide more advanced features to help users detect inventory changes. On the assets table, users can enable the "compare changes" function to highlight new and inactive (retired) assets. This advanced feature lets them specify the baseline time period and the current time period for detailed comparison.

Monitor bandwidth change

This line graph corresponds with the traffic of the entire network and updates every moment. The bandwidth of the last time period is also visible in a lighter shade, which can be seen as a baseline when there's unusual traffic.

Challenge 3
Identify threats from massive data

The information produced by an industrial control system can quickly add up to thousands and more. How can we identify fatal alerts from the massive data created every hour?

Each alert is stamped with a "severity level" when it's logged. Our platform uses the default log levels that contains 8 levels from the least risky (debug) to the most risky (emergency). However, showing every alert directly to our users may be overwhelming and can sometimes raise false alarms.

"Human language" in place of "machine language"

We created a labeling system summarizing the default levels and use them as a consistent language in the platform. Instead of adding up every alert towards a daunting number, we only count the alerts that are above a cetain risk level. Our simplified labels reduce cognitive load for our users and is more intuitive to convey high-level insights.

Keep an eye on the alerts number

Unlike a lot of the other platforms that give a list of alerts, we provide both an overview and details of logged alerts. When your system is under attack, a climbing peak in the bar chart will remind you to pay attention.

Follow recent alerts

A life-and-death factor in cybersecurity is timely action. This list on the right helps you follow the most recent alerts. It updates with time and reveals more details of each alert.

We chose to display the short message, the default alert level, the source node, and destination node to help you make the best judgments. If you want more information, you can hover on each alert and access more info in the popup window.

Challenge 4
Collaborate with multiple operators

A common but often overlooked challenge of ICS security platforms is to facilitate the collaboration of multiple operators. When many users co-monitor a system, they need to pass around essential insights gained from the previous shift or to communicate the reason for specific actions. Moreover, one user may need to ask another one to execute a step to push forward the process. How can we facilitate these use cases?

Forward a message to other users

When there's an intractable problem, you can forward the relevant message to your colleagues and discuss the solution. When you need someone with a higher permit to authorize action, escalate the message and leave a note to transfer the responsibility.

Look up action history

To find out what decisions other users have made and why, look up the action history on the dashboard or check the inspection page.

Whenever users delete/escalate/whitelist an alert, they are required to leave a user note to explain their actions. This action log makes an indispensable part of the resource for troubleshooting and debugging

Challenge 5
Execute repetitive commands over a large number of assets

Executing the same action 20 times is tedious. When there are thousands of assets, the situation can quickly grow out of control. To make your work more efficient and error-free, we've designed group manipulation tools and hierarchical structure at your choice. Not only can you batch configure your assets, but you can also label, prioritize specific nodes using the group editing features.

Manage assets in group hierarchy
Append batch assets to inspection list

Challenge 6
Troubleshoot your system

When there is a malfunction, the first step of troubleshooting is to identify and define the problem. Our platform implements high-performance deep packet inspection engine that can rapidly extract relevant features of packets. Additionally, we offer quick inspection features to supplement the packet inspection, so that you can start troubleshooting from anywhere on the platform.

Trace the cause
Mark suspicious trait for later inspection

Captured some suspicious trait? Add it to your inspection list now! We offer quick inspection features to supplement the deep packet inspection. You can start troubleshooting from anywhere on the platform.

Obtain insights from relevant alerts and packets
The story continues...

Our products are based on patent-pending technology developed by internationally recognized Georgia Tech researchers with deep knowledge of networking, cybersecurity, and industrial control systems. We are working hard on system implementation and product design. Stay Tuned!
More about Fortiphyd logic: https://www.fortiphyd.com/