Betty Lam - Arctic Wolf Networks

Converting backend processes into digestible GUI while navigating through the cybersecurity design space.

UX DESIGN

RESEARCH

DESIGN SYSTEMS

INTERNSHIP

A GUI designed for security engineers to address cybersecurity threats for their clients.

What this project is all about

Security alerting involves placing rules and conditions on a client's file, where the client is alerted, should there ever be a security breach (or a threat of one happening).

Security rules, also known as intentions, can be modified by Arctic Wolf's security engineers per client request.

How the security alerting process works

THE PROCESS EXPLAINED

Client meets with concierge engineer to discuss modification of security services

Client requests for security rule changes through Jira's ticketing system

Triage Engineer reviews details of Jira tickets

Concierge Engineer notes down client’s requests for changes to be made

Security Engineer makes changes to the intentions by editing backend code (JSON)

Both Concierge and Triage Engineers operate on the same workflow. The difference between the two is that one (concierge) is more client-facing.

So, what happens when the client wishes to modify their security rules?

Arctic Wolf Networks is a cybersecurity company that protects businesses by detecting and dealing with threats.

Arctic Wolf’s security analysts are always on the lookout for online threats that target the businesses that they serve. The existing process of preventing threats consists of manually editing documents of code.

I joined the Research and Development team as a UX intern to assist in designing a user interface that improves the workflow efficiency of security analysts within the company.

Scenario 2

Scenario 1

Security Engineer then alerts their security team of the changes that will be made to the security rule

Security Engineer reviews all protocol and standard operating procedures on editing the security rule

Security Engineer navigates to JSON file of the security rule to make changes and then pushes the code to merge on Github

Security analysts are

lacking resources

33%

of users reported that it was difficult

to navigate the existing workflow

😓

74%

of users reported to have roadblocks in their workflow due to its complex and "scattered" nature

😵

55%

of senior-level employees complained about not having time to tackle lower hanging fruit tasks

🍑🍑

Some of Arctic Wolf's security staff are not familiar with programming basics, as they come from customer service and support backgrounds.

Many struggle with the existing workflow which requires security staff to edit rules inside of a JSON file.

Security staff had to switch between multiple applications to perform their tasks: communicating with clients and internal teams, referencing the wiki for SOPs, updating security rules, and merging new code into the security database. These tools included Slack, Jira, Confluence, the client directory, Google, and GitHub.

There were so many applications being used in tandem that it confused security engineers or made them lose track of their work.

The role of the Senior Security Engineers was to tackle high-level security threats while also supporting their team of concierge and triage engineers. However, many found that most of their time went towards diagnosing and fixing smaller issues created by human error.

Security analysts face road blocks in their flow due to the lack of resources–whether it comes in the form of their knowledge in their work or tools required to complete their tasks.

As the company hires new security analysts that may not be adept in coding, they hope to implement a new way of doing things that could limit the room for human error while also improving work efficiency.

My learning experience

🤔 Having something and not always needing it is better than needing something and not having it

Many users initially believed that it was redundant to have a search bar accompany a table of contents of the security rules. Upon further testing and observation, I found that the search bar was useful for reducing time on tasks.

🤡 There are no silly questions!!

Any question will be returned with an answer. Throughout the design process, we need as many answers as we can get.

🗣️ Users may say one thing, but will probably do another

While it's important to listen to what users are saying, pay attention to what they actually do.

A "one place for everything" solution

For the MVP, all of the intentions were sorted into their respective categories and embedded into the client directory through iFrame integration.

All of the intentions that security engineers need to access are consolidated into a searchable table of contents. Being able to see the security rules through the GUI makes the process more tangible, which makes it easier for those who lack the coding background necessary to manage the existing workflow

Security Engineers are able to edit any intention through interacting with the GUI. After their changes are saved and published, they can still look into the intention's version history to track all of their changes. This would make it easier to avoid or fix mistakes.

Regardless of the migration to the new work flow, I still wanted to pay homage to our security engineers that preferred working with the JSON files. In the previous work flow where security engineers modified intentions in JSON format, instead of typing out full names when specifying countries, unique country codes (see above) were used.

I felt it made sense to have a dynamic search where both country codes and names were searchable. That way, security engineers who were accustomed to specifying countries by code would be able to search quickly. This creates a seamless transition into the new GUI as it makes the search feature accessible to those with non technical backgrounds without taking away from the previous standard operating procedure.

A physical search bar with a dropdown enhances the user experience for many of the security engineers that lacked a formal coding background. This design offers various ways to navigate content without needing to know programming lingo. Some security engineers found it difficult to remember unique country codes when editing intentions in the JSON file, and many had to stop and switch between editing intentions and googling country codes.

If you have any questions or would like to get passionate about skincare 🧴, let’s connect.

The ICU improved work efficiency for security engineers by simplifying the intentions modification process

75%

of Security engineers adopted the new ICU workflow As of q4 of 2021

conversion rate

86%

reduction in errors made when modifying security rules

ERROR RATE

82%

reduction in time it took for engineers to complete THEIR tasks

Time on Tasks