Q4 2023- Ongoing

Q4 2023- Ongoing

Noise Cancellation

Noise Cancellation

Noise cancellation eliminates irrelevant and duplicate alerts, allowing CyberOps team to prioritize the threats that truly matter. With less noise to contend with, analysts can dedicate their time and expertise to investigating and remediating high-risk incidents.

The overview

The quarterly survey revealed a recurring theme in the responses.

The quarterly survey revealed a recurring theme in the responses.

During the review of the Q3 2023 survey, I noticed a recurring theme in the feedback: "too many inefficient policies." I promptly brought this to the attention of the Product Manager, and after further research, we discovered that this has been an ongoing issue for the past few quarters that has yet to be addressed.

My Role

In my role as the UX Designer for this project:


I conducted user interviews to better understand the problem.


I performed A/B Testing to validate ideas a collect additional feedback


Scaled it from 5 to 200+ enterprise customer.

Team

Product Manager

Data Scientist

2 Engineers

Technical Writer

UX Designer (me)

The why

Inefficient policies waste analysts' time and incur unnecessary storage costs.

Inefficient policies waste analysts' time and incur unnecessary storage costs.

User interviews with 2 of our largest enterprise customers and over 20 analysts uncovered many inefficient policies.

15 %

Out of the total number of policies were found to be ineffecient.

~ 1 hour

Spent on investigating alerts triggered by inefficient policies by analysts


The How

How might we save analysts' time and help businesses optimize storage.

How might we save analysts' time and help businesses optimize storage.

The Data Science team developed a model to identify and track inefficient policies. There was a need for a comprehensive experience that allows users to gain a high-level understanding of these policies while also enabling a deep dive into the specifics to understand the underlying issues.

Easy to digest data

Combining data visualization and tables to create an experience that make it easy to digest multiple data points.

The potential value add

Optimized analysts' workflow; Securonix will have a competitive edge

Optimized analysts' workflow; Securonix will have a competitive edge

Tracking and eliminating inefficient policies will enhance the efficiency of analysts' workflows.

For Users

Reduction in the number of ineffecient policies will allow analysts to be more effecient

For Securonix

Competitive advantage as none of our direct competitors have this capability.

User testing provided more insights

Users wanted a clear starting point along with more details

Users wanted a clear starting point along with more details

I conducted A/B test with multiple customers to understand what analysts really expected from an experience like noise cancellation.

A

Analyst struggled to decide what information to digest first and what actually is important.

B

Analysts can click on “View Details” to all reveal all information if they want to.

A

Analyst struggled to decide what information to digest first and what actually is important.

B

Analysts can click on “View Details” to all reveal all information if they want to.

The solve

A reporting experience for all irrelevant and duplicate alerts.

A reporting experience for all irrelevant and duplicate alerts.

An experience that highlights the most important information first and let’s the user decide if they want to view more details about a noisy policy.

A clear starting point

A clear starting point

Summary tab shows, all the noisy policies highlighting the 'Highest Violation Policy' for the Analyst to digest the most important data first.

Summary tab shows, all the noisy policies highlighting the 'Highest Violation Policy' for the Analyst to digest the most important data first.

Progressive Disclosure

Progressive Disclosure

Giving users to option to choose wheather or not they want to view the 'Details' of a policy.

Giving users to option to choose wheather or not they want to view the 'Details' of a policy.

Correlated Policies

Correlated Policies

Analyst can view all the duplicate policies creating necessary alerts.

Analyst can view all the duplicate policies creating necessary alerts.

Results and Impact

A MVP reporting tool for security analysts at all levels to analyze irrelevant and duplicate alerts.

A MVP reporting tool for security analysts at all levels to analyze irrelevant and duplicate alerts.

Shipped Noise Cancellation MVP to 5 enterprise accounts in Q3 with 23 total security analyst who are currently monitoring all inefficient policies in their systems.


Shipped Noise Cancellation MVP to 5 enterprise accounts in Q3 with 23 total security analyst who are currently monitoring all inefficient policies in their systems.

50% reduction

In the number of ineffecient policies improving policy efficiency.

30 min - 1 hour

Of estimated analyst time back to focus to critical threats.

The Growth

Scaling it from 5 to all 240 enterprise accounts.

Scaling it from 5 to all 240 enterprise accounts.

I created an introductory feature flow to expand the solution to all customers, providing user value with minimal friction. Also, added tooltips to cover important information and make it easier for the users.

What lies ahead

Incorporating AI generated insights that provide triaging recommendations.

Incorporating AI generated insights that provide triaging recommendations.

AI insights assist analysts in understanding the context of a noisy policy more effectively and offer several recommendations for users to better address this noisy policy.


Below is an exploration we are considering to incorporate AI insights while our engineers work on perfecting the model.

Valuable learnings

Easier to convince stakeholders when you have data to back it up.

Easier to convince stakeholders when you have data to back it up.

When working with 0 to 1 features it is common to have multiple subjective opinions about design due to the ambiguity. But with this project since we conducted multiple tests and collected feedback it was easy to justify design decisions with data to stakeholders.


Moreover we prioritized the core feature which is capturing the inefficient policies in the MVP to provide a solution to the problem in a shorter time frame and later added value add features like actions.


You’ve made it this far, so why not
check out another project?

You’ve made it this far, so why not
check out another project?

Thank you for stopping by! I would love
to connect with you.

Thank you for stopping by! I would love to connect with you.

If you like what you see and want to learn more, I'd be happy to chat with you about my design process.