ad.

Work

About

Resume

back

Q2 2024-Ongoing

AI Response Summary

AI Response Summary

Al Response Summary is designed to support security analysts in effectively handling a high volume of alerts and meeting an organization's security requirements. Harnessing the capabilities of AI aims to save analysts valuable time by creating incident summaries and offering recommendations.

The overview

Delays in addressing high-risk violations were often highlighted as a major challenge in customer calls.

Delays in addressing high-risk violations were often highlighted as a major challenge in customer calls.

While we cannot control the influx of alerts and violations, it's clear that analysts need a solution to make managing these issues less overwhelming.

My Role

In my role as the UX Designer for this project:


I conducted user interviews to better understand the problem.


I performed competitive analysis to see how competitors are addressing the same problem.


Shipped beta version and currently collecting user feedback.

Team

Product Manager

Data Scientist

Principal Data Scientist

4 Engineers

Senior Architect

UX Designer (me)

The why

Security analysts struggle to respond to high-risk threats because of the overwhelming volume of alerts.

Security analysts struggle to respond to high-risk threats because of the overwhelming volume of alerts.

In cybersecurity the time of respond to an alert, incident or violator can be crucial in mitigating a potential threat. User interviews revealed that significant time is being spent on manual analysis, which restricts the ability to engage in strategic decision-making and proactive threat hunting.

20+ analysts

From 3 of our largest enterprise customers highlighted feeling overwhelmed.

The how

How might we make critical alert monitoring less overwhelming for security analyst.

How might we make critical alert monitoring less overwhelming for security analyst.

Even though we cannot control the influx of high number of alreats and violations, what we can control is how analyst interact with those alerts and violations.

AI to the rescue

By leveraging AI, we can significantly enhance efficiency by automating certain tasks.

The potential value add

Analysts will save valuable time; Securonix adds business value

Analysts will save valuable time; Securonix adds business value

The time to respond to an incident can be reduced significantly thanks to AI automation and Securonix maintains competitiveness

For Users

AI automation will boost efficiency and streamline overall workflows, potentially reducing fatigue.

For Securonix

Implementing AI in the product enhances competitiveness, accelerates growth, and delivers a better return on investment."

How competitors tackle the problem

Competitors use a side panel for all things AI.

Competitors use a side panel for all things AI.

Analyzed Microsoft’s Sentinel, Exabeam and Palo Alto XSIAM

Exabeam

Microsoft Sentinel

Palo Alto XSIEM

The solve

AI-generated summary empowers analysts by reducing feelings of overwhelm, making work more efficient.

AI-generated summary empowers analysts by reducing feelings of overwhelm, making work more efficient.

Response Summary allowed analyst to significantly cut down their investigation time to empower teams to focus on what matters most.

Summary

AI Response quickly condenses all the data into clear, concise bullet points, saving analysts valuable time.

Recommendations

AI Response offers analysts recommendations to effectively triage incidents, serving as a supportive resource.

Collecting Feedback

AI Response is an evolving tool that continuously learns from user interactions. Users can enhance the experience by providing feedback through thumbs up and down icons.

Summary

AI Response quickly condenses all the data into clear, concise bullet points, saving analysts valuable time.

Recommendations

AI Response offers analysts recommendations to effectively triage incidents, serving as a supportive resource.

Collecting Feedback

AI Response is an evolving tool that continuously learns from user interactions. Users can enhance the experience by providing feedback through thumbs up and down icons.

Summary

AI Response quickly condenses all the data into clear, concise bullet points, saving analysts valuable time.

Recommendations

AI Response offers analysts recommendations to effectively triage incidents, serving as a supportive resource.

Collecting Feedback

AI Response is an evolving tool that continuously learns from user interactions. Users can enhance the experience by providing feedback through thumbs up and down icons.

Results and Impact

~90% reduction in overall time to respond to an incident.

The AI Response summary is currently in Beta for all Securonix customers, and the initial results are promising.


Analysts can now summarize vast data points into key insights instead of having to manually write a summary after evaluation.

Without AI Response summary

Analyst receives a new alert for an existing or new violator

Analyst reads through all the details to better understand the alert

Write up a summary to either escalate or create an incident of the alert

Takes necessary actions based on their best judgement and experience

Average time is 1-2 hours per alert

With AI Response summary

Analyst receives a new alert for an existing or new violator

Get AI summary

Analyst get AI generated summary with recommended next steps.

Average time is 4-5 minutes per alert

Without AI Response summary

Analyst receives a new alert for an existing or new violator

Analyst reads through all the details to better understand the alert

Write up a summary to either escalate or create an incident of the alert

Takes necessary actions based on their best judgement and experience

Average time is 1-2 hours per alert

With AI Response summary

Analyst receives a new alert for an existing or new violator

Get AI summary

Analyst get AI generated summary with recommended next steps.

Average time is 4-5 minutes per alert

Results and Impact

~90% reduction in overall time to respond to an incident.

The AI Response summary is currently in Beta for all Securonix customers, and the initial results are promising.


Analysts can now summarize vast data points into key insights instead of having to manually write a summary after evaluation.

Without AI Response summary

Analyst receives a new alert for an existing or new violator

Analyst reads through all the details to better understand the alert

Write up a summary to either escalate or create an incident of the alert

Takes necessary actions based on their best judgement and experience

Average time is 1-2 hours per alert

With AI Response summary

Analyst receives a new alert for an existing or new violator

Get AI summary

Analyst get AI generated summary with recommended next steps.

Average time is 4-5 minutes per alert

Without AI Response summary

Analyst receives a new alert for an existing or new violator

Analyst reads through all the details to better understand the alert

Write up a summary to either escalate or create an incident of the alert

Takes necessary actions based on their best judgement and experience

Average time is 1-2 hours per alert

With AI Response summary

Analyst receives a new alert for an existing or new violator

Get AI summary

Analyst get AI generated summary with recommended next steps.

Average time is 4-5 minutes per alert

What lies ahead

A summary is helpful, but having the capability to take proactive steps to resolve an incident is truly exceptional.

A summary is helpful, but having the capability to take proactive steps to resolve an incident is truly exceptional.

Since the AI Response Summary has been in beta, we have received substantial feedback from our customers regarding the desire to take actions to mitigate incidents. They believe this capability would add immense value.


However, implementing these actions requires additional engineering resources, which are currently being planned for 2025. Below is a sneak peak on explorations of how we imagine the UX to be.

Valuable learnings

Effective communication was vital to advocate for user-centric solutions despite any technical constraints.

Effective communication was vital to advocate for user-centric solutions despite any technical constraints.

Working alongside data scientists and AI engineers showed me how important it is to communicate openly and regularly.


I set up multiple brainstorming sessions in Figjam to share ideas and discuss engineering challenges while always keeping our users’ needs front and center.


I had the opportunity to delve into the inner workings of LLMs, which deepened my understanding. I explored various AI guides and courses to enhance my knowledge and skills, allowing me to design AI solutions responsibly.

You’ve made it this far, so why not
check out another project?

You’ve made it this far, so why not check out another project?

Here are few more projects you might be interested in.

Here are few more projects you might be interested in.

Onyx Design System

A system library creating a consistent experience for all Securonix security products.

Onyx Design System

A system library creating a consistent experience for all Securonix security products.

Noise Cancellation

Empowering CyberOps teams to focus on critical threats by removing irrelevant and duplicate alerts

Noise Cancellation

Empowering CyberOps teams to focus on critical threats by removing irrelevant and duplicate alerts

Back to top

Thank you for stopping by! I would love
to connect with you.

Thank you for stopping by! I would love to connect with you.

If you like what you see and want to learn more, I'd be happy to chat with you about my design process.

Email me

Linkedin