Graph, Advanced Threat Detection & Protection

Product Design Case Study
Overview
Graph Inc. is a company in Information & Communication Security and Security Software Development.
Graph Inc. provides services like Advanced Threat Detection and Response Platform, Penetration Test, Incident Response, EDR, Network, and Computer Security.

What is advanced threat detection?
Advanced threat detection (ATD) solutions are designed to detect attacks that employ advanced malware and persistent remote access in an attempt to steal sensitive corporate data over a length of time. Graph ATD takes information from multiple data sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization, and builds a behavioral profile about them. ATA can receive events and logs from SIEM Integration, Windows Event Forwarding (WEF), Directly from the Windows Event Collector (for the Lightweight Gateway), and gathers them all in Graph ATD panel.
My Role
We are a team of 4 working on Graph Inc. products. A UX researcher and 3 Product Designers.
I’m also creating our Design Language System.
The Problem
We figured out that parts of the system are not functioning well and have severe usability issues based on data. The challenge was to make it easier to use and help security analysts to get their job done as fast as possible.
App-like
Feels like an app, because the app shell model separates the application functionality from application content.
Fresh
Always up-to-date thanks to the service worker update process.
Safe
Served via HTTPS to prevent snooping and to ensure content hasn’t been tampered with.
Discoverable
Is identifiable as an “application” thanks to W3C manifest and service worker registration scope, allowing search engines to find it.
Re-engageable
Makes re-engagement easy through features like push notifications.
Installable
Allows users to add apps they find most useful to their home screen without the hassle of an app store.
Linkable
Easily share the application via URL, does not require complex installation.
The following reasons convinced to design and develop a PWA rather than native applications.Low budgetLightweight and easy to createCross-platform compatibilityEasy installationBoosts conversionCompetitive advantageEasy to expandQuick installation on any deviceIncludes push notification optionsReduces data usage and loading time
Additionally, Google has published case studies which prove how Progressive Web Apps are improving technical and business performance. According to comScore, 51% of users still don’t download any apps in a month.
This means even if you create an app, it will take a lot of work to attract users to download it. But, an average user will at least manage to visit 50 websites in a month. So, by creating progressive web apps, you can cover more users.
See Less
Research
Usability Test
We conducted a Usability Test to find the problems and observe the feedbacks.
Five users participated in this test that is the 1st usability testing for this product.
Each session lasted approximately 30-40 minutes.
Generally, the participants found the product somewhere between easy and relatively easy to use (Charts 1 and 2).
Scopes of the tasks
Graph ATD users must be able to:
  • View “Alarms” in the system
  • Manage the alarms and comment on them
  • Work perfectly with sorts and filters to narrow down to the types of alerts they wish
Tasks
Task #1
You are on the main page of Graph ATD and want to learn more about the security alerts in the system. Please go to the location at which you think it is best to review the system alerts.
Task #2
Look for the High-Risk alerts of the Operating System by details to check if there is any threat to the system.
Task #3
At the previously opened alert, assign it to Ali Tarihi, comment on the possible solution for him (Can use dummy text), and change its status to “In progress.”
Task #4
For a given alarm, check if it's false positive or not.
Task #5
Expand a medium level alarm and write a comment on it.
Task #6
You only want to see the alarms generated from Sep 19 through Sep 22, 2020. Do as you think is the best way.
Task #7
You want to change the 1st, 2nd, 4th, and 6th alarm’s status to closed. Do as you think is the best way.
Task #8
For a low-level alarm, create a case and add the alarm to that case.
Task #9
Open another alarm and add it to the recently created case.
Methodology
The method for this test session is chosen as the Moderated, In-person assessment research. A moderated testing session is administered by a trained researcher who introduces the test to participants, answers their questions, and asks follow-up questions. The reason for choosing the moderated research over unmoderated is because of the need to take an in-depth look at what the user does and the direct interaction between researchers and test participants in moderated usability testing. We can have a grand vision of what the participants do rather than what they say.
Metrics
Usability is a multidimensional concept that aims to fulfill a particular set of goals, mainly, effectiveness, efficiency, and satisfaction,” and without these goals, usability can not be achieved.
Effectiveness: this term refers to the accuracy and completeness of the user goal achievement.
Efficiency: refers to the resources exhausted by users to ensure an accurate and completed achievement of the goals.
Satisfaction: refers to the subjective thoughts of the user regarding their attitude, level of comfort, the relevance of application, and the acceptability of use. 
We measure effectiveness by using two usability metrics: Success rate, which is called the completion rate, and the number of errors. The efficiency of the product is measured by two factors: Completion time and Overall relative efficiency. After finishing the test session, the user answers the last element: the Task Level Satisfaction, by filling a post-task question.
ID
Age
Gender
Education
Occupation
#1
31
Male
Bachelor of Software Engineering
CEO of Graph Inc.
#2
28
Male
Bachelor of IT
Security Analyst
#3
36
Male
Bachelor of Software Engineering
RED Team Manager
#4
25
Male
Master of Electrical Engineering
Security Analyst
#5
30
Male
Master of IT
Security Analyst
Summary of Quantitative Data
The table below displays a summary of the test data:
Task ID
Task Completion
Errors
Time on Task
Satisfaction
#1
5
0
203
4
#2
4
4
68
5
#3
5
6
64
4.6
#4
5
2
145
5.6
#5
4
2
32
5.8
#6
5
1
27
4.8
#7
4
4
44
4.4
#8
5
1
39
5.8
#9
5
1
23
5.8
Affinity Diagram
Here's the affinity diagram that shows the output of the research we did.
Contextual Inquiry
Through the usability testing process, we discovered some pains that an interview couldn't cover. We decided to conduct a Contextual Inquiry to the observer what users are doing on a working day.
Benefits of Contextual Inquiry
What can we find out with Contextual Inquiries?
Key Findings
Design and Solutions
Due to a security NDA contract, I can't share the whole screen. So I will present design solutions for every part.
After optimizing filters it's time for alarm cards to change.
I also discovered some usability issues in the date picker, so I made some improvements.
We tested the solutions with users; the results were delightful, but this is not the end of this road.
What's next?
We discovered common patterns in what users do in daily-basis when investigating alarms or false-positive incidents. We're going the visualize it in a Design Thinking process to reduce the effort and pain for a Security Analyst.
Conclusion
The project's goal was to improve the experience and help our Security Analysts achieve their goals in a more reliable and agile way. The observation and research process helped us discover the main issues and pain points. We're going to make iterative improvements to create a product with the least possible issues.