Improving the Threat Monitoring Dashboard for IBM Security

Overview

As a UX Designer and User Researcher, I improved IBM Security's resolution times by 20% and enhanced Service Level Agreements (SLA) performance by 12% by leveraging primary user research to design an intuitive, action-rich dashboard for security analysts. I worked along with a UX lead and collaborated with developers, product owners, and executive-level stakeholders to design a user-centered experience that followed IBM's Enterprise Design Thinking principles.

Please note that the showcased design and research are in compliance with the confidentiality requirements of the project.

User Research | Observe

As part of the Observe process of EDT, I immersed myself in the world of the TM users, accounting for a variety of relevant personas. I interviewed six members from the TM team — two from India, two from Poland, and one each from the US and Costa Rica — and shadowed their day-to-day journey and followed their specific task workflows. All this was captured in a Mural.

Some of my key findings and pain points for the Manager on Duty persona include:

  • Shuffles between 9 applications to complete daily tasks

  • Changeover of shifts across geographies is manual and dependent on 1-on-1 calls

  • Multiple points of communication between local and global teams. Eyes on too many places.

  • Unable to efficiently filter relevant threats and manage analyst workloads

  • Forced to utilize a static non-actionable dashboard

  • Analysts always keeping tabs on various timezones. Repeated point of confusion.

The below images are confidentiality-compliant versions of the primary user research.

Hi-fi Dashboard Designs & Prototypes | Make

For the Make step of EDT, I crafted design solutions in line with the requirements and insights we'd uncovered during the Observe and Reflect processes. The designs were created with Sketch and InVision, all in sync with user validation and UX feedback sessions.

Some key highlights of the designs:

  • Intuitive, visually-pleasing UI for all relevant communication and threat management needs

  • Carbon Design System-compliant dashboard

  • Scalable, efficient use of color, space, and information-density

  • Immediately glanceable and actionable

  • Quality of Life features: Shortcuts to required tools, in-section filters, on-hover tooltip info, GMT and local time indicators

Please note that the below designs are confidentiality-compliant draft iterations of the dashboard designs.

Outcomes
Check out more UX work
How I crafted the Cloud Security Trial Experience for IBM Security
Role

UX Designer • User Researcher

Deliverables

Personas • User Journeys • Insight mapping
• Wireframes • Hi-fi Prototype

Design Process | Observe, Reflect, Make

In order to ensure user-focused outcomes for this project, I closely adhered to IBM's Enterprise Design Thinking (EDT) principles. A key element of EDT is The Loop — a design thinking paradigm that focuses on user-centered outcomes through an iterative approach of Observing, Reflecting, and Making.

The Observe, Reflect, Make paradigm was followed at every step of research, design, and delivery. Furthermore, this design thinking paradigm forms the foundation of my personal philosophy of delivering robust, user-centered design and business solutions.

Requirements | Reflect

As part of the Reflect process of EDT, I worked with researchers, project managers, and technical architects to reflect on our findings, build a nuanced understanding of our user's experience, and develop a set of requirements to accomplish our user-centered business objectives. I was able to validate that a dynamic dashboard would be the ideal solution to the needs of our Threat Monitoring team. Requirements planning sessions were held to determine the specific requirements for both the MVP and future releases.

Some of our key requirements for the MVP dashboard included:

  • First-party single-pane-of-glass UI with real-time data and actionable tasks

  • Automated changeover for global shifts to minimize redundant and missed communication

  • Automated, unified threat prioritization

  • Investigation tools to enable analysts to drill down on threats

  • Customizable threat and analyst groups to enable efficient threat workload management

Project Brief

IBM Security provides world-class 24x7x365 threat monitoring (TM) services for their enterprise customers' cloud environments. In order to modernize our industry-leading cloud cybersecurity offerings, I was briefed to discover the current needs and end-to-end journey of our Threat Monitoring team and deliver an optimized user experience for the TM team in alignment with their user needs and to enable greater business outcomes for customers.

The TM team involved over a hundred security experts across the globe and their processes depended on third-party tools and a mostly ad-hoc set of decision trees. As such, some of the key questions I needed to have answered included:

  • What is their day-to-day journey? The most rewarding, redundant, and frustrating parts of it?

  • What tools do they use? Which do they enjoy, which do they dislike? Why?

  • What are the action and decision flows when analyzing security alerts?

  • What information do they need to make efficient security investigations?

  • What are their most severe issues? How is it dealt with and mitigated?

  • What, if any, smaller 'tricks' do individual contributors use to improve their own workflow?

My research and design work led to the successful launch of the Threat Monitoring dashboard to an internal group of Beta testers

Improved Analyst Resolution times by 20% and Service Level Agreement performance by 12% as noted by product managers

Super intuitive, aesthetic information-rich layout, and hugely streamlined action flow as noted by the Threat Monitoring team

The Threat Monitoring dashboard continues to be iterated upon, developed, and used within IBM Security teams

LinkedIn

@BharatRajNair

E-mail
bharatnair15@gmail.com
Résumé