Endpoint security

Project Summary

Redesigning SonicWall's endpoint security management platform

SonicWall's endpoint security platform CaptureClient helps security administrators detect, analyze and mitigate threats on endpoints to safeguard an organization's network and data. SonicWall approached us because they were receiving a large volume of customer support tickets for Capture Client. We redesigned CaptureClient, to improve navigation, scalability, and efficiency.

My Role

Stakeholder communication
Research interviews and testing
Redesigning information architecture, policy management, and dashboard workflows
Low and high-fidelity wireframes
Prototyping using Invision

Team

Awanee Joshi, Shravani Khatti, Sayali Lonkar

Client

SonicWall

Duration

18 Week (MAR - JUL 2020)

Impact

21% decrease in number of customer tickets related to policy configuration.

PROBLEM

Areas of Friction

After conducting user research and understanding their product, we found three significant problems.

Technical labels provide no hint of what to expect upon clicking.
Deep navigation and sub-navigation increased number of clicks needed for tasks.
The discoverability of items below the visible portion of the interface is hampered.

Adding or editing policies requires navigating back and forth between 4 pages.
The workflow starts from selecting a policy/template instead of selecting users or devices which seemed counterintuitive to users.
No option to copy and apply similar policies to other tenants.

Lack of visual hierarchy affects efficiency and learnability.
Threat and device widgets took up excessive space, hiding key actionable data.
Dashboard lacks a structured layout.

SOLUTION

Key Value Additions

Though I redesigned the entire CaptureClient Platform, I think a few value additions made the most impact on the user experience.

Navigation

Our interviews with new users of the CaptureClient application revealed that the top labels in the navigation needed to be more intuitive, and users had to open all the tabs to know what they would find there. Therefore I eliminated the individual sub-pages in the left navigation to directly showed the pages upfront for efficiency and clarity.

EXISTING NAVIGATION

REDESIGNED NAVIGATION

Information Architecture

The architecture was redesigned based on the items themselves rather than the type of function. This eliminated unnecessary segregation and grouped related functionalities. For example, policy configuration now includes blacklists, exclusions, device control, and configuration settings. Threat detection was moved to a prominent navigation item for quick access by security analysts. Overall, the redesign improves organization and usability.

EXISTING INFORMATION ARCHITECTURE

REDESIGNED INFORMATION ARCHITECTURE

Policy Management User-flow

An inheritance feature was introduced for security policies to simplify updates. Most policies remain unchanged for device and user groups, except in special cases. Analysts can now edit a policy for a user group by selecting the group, turning off inheritance, and updating the policy. This user-centric approach reduced seven steps as compared to the previous flow.

EXISTING USER-FLOW

REDESIGNED USER-FLOW

REDESIGNED USER-FLOW PROTOTYPE

Dashboard

I designed two different dashboard views on the selected scope - an all-tenant view and a single-tenant view. Only actionable data was displayed to make them concise and avoid information overload.

Added Scope selection allows users to view information on a global level as a whole or drill down to an enterprise or tenant level.
Customization of widgets helps analysts with different behavioral patterns to create their own workspace according to their needs for quick and efficient threat investigation and mitigation.

EXISTING DASHBOARD

REDESIGNED DASHBOARD

REDESIGNED DASHBOARD PROTOTYPE

Tenant Onboarding

We redesigned the tenant set-up flow in CaptureClient to address difficulties in tracking tenant settings when adding a new tenant. A step-by-step guide automatically appears when a new tenant is added, improving the overall experience, which users appreciated.

TENANT ONBOARDING PROTOTYPE

Reports

Based on user research findings, we introduced a reports module to the product to address the need for security analysts to send reports to their higher management. Previously, analysts would often send screenshots of the dashboard as reports. The new module allows users to select the desired data type and generate comprehensive reports, improving the reporting process significantly.

SELECT REPORT SETTINGS

GENERATED REPORT

Understanding the Business / Product

I started the journey by first understanding SonicWall's business goals about CaptureClient.

Achieve NPS score of 4.5 (out of 5) for customer satisfaction
Decrease dependency on customer support tickets by 90%
Increase user adoption of CaptureClient
UI alignment with their current design system

Expert Review

Before starting our user research interviews, I looked at the existing CaptureClient platform from a basic heuristics lens. For example, the navigation had multiple sub-menus, which, when all expanded, hampered the discoverability of items that go below the fold. First, this helped me identify the obvious quick fixes and secondly helped me gain a better understanding of the product and the domain.

User Research

We conducted 1:1 interviews with our target users in the following steps

1) Participant recruitment

To recruit the right kind of users for research and usability testing

2) Interview Outline

Crafting a questionnaire based on user research goals

3) User Research Report

The responses collected were summarized into a detailed user persona and insights document

Our research goals were -

Understand the goals and motivations for using the current software
‍‍
Understand user behavior, scenarios and goals of policy management
‍‍
Understand the behavior pattern of SOC analysts dealing with different kinds of threats
‍
Understanding the user's pain points, frustrations, likes and dislikes, and expectations while using the current software

User Research Documentation

User Persona

We documented our research findings into two personas - Security Analyst and Security Administrator.

User Interview Insights

Propagation from tenant to devices

Top-down propagation of exclusions and all other security policies would significantly reduce the deployment time, as changing policies specific to a device is only done occasionally.

Updates common across tenants

There are scenarios where the same policy must be applied to all customers. Adding a change to all tenants together could be helpful (e.g. adding an exclusion to all tenants).

Labor effort > False positives

Users preferred the labor effort of maintaining a static list of users over dealing with false positives of a dynamic list.

Tone of voice affects response

Users don't typically react urgently when they see Infected devices or active threats due to the tone of voice."It makes you think like this is the end of the world, but really it is not."

Usability Testing

Usability testing was conducted on the redesigned workflows, including dashboard, scope interaction, policy management, group creation, and tenant onboarding. We made iterative design improvements based on the feedback received to enhance the usability further.

Design enhancements made based on feedback

Major enhancements

Highlight the Scope feature and its functionality
Incorporate the overall summary of tenant health (Summarized > Top 5)
Additional widgets + Managing widgets functionality under “Customization” of dashboard
In “Policy Management” provide double-check / alert messages while updating settings
Manage widget settings on Unified Dashboard (P.S provide licenses information)

Minor enhancements

Find out an alternative to display “Admin review” as a part of tenant onboarding (Loading-time)
Clear visibility/clarity of type of license enabled (Basic OR Advanced) while onboarding a tenant
Refinement of content in Policy review
Provide success messages in a standardized format

UX Specs and annotations

I also built a UX specifications document on Keynote that thoroughly describes the new features and how they work. The final UI-aligned designs are peppered with pointers that refer to a detailed description of each individually marked element on the screen.

REFLECTION

Learnings

📘

Use real data

The best part of this project was that we had real data to work with for our wireframes based on their existing platform. This made usability testing easier, and users could relate to the content, which helped us find the right labeling system.

✍️

Always start your ideation with a sketch

Sketching our ideas and testing them internally early on helped us get to a more refined stage before we presented them to our stakeholders. The amount of effort that we put in was much less compared to the valuable feedback that we got just based on a sketch.

💬

Keep Communicating

As the domain of cybersecurity itself is so complex, it was necessary for us to be in touch with our stakeholders to understand the nuances of the behavior patterns of their different customers and the features of their product. We set up daily cadence calls to run our ideas by them, and through that, we got some excellent insights into the domain.