I was asked to create the interface and user experience of the web platform. Starting with the Why’s – Creating Job Stories
Our preliminary research provided an understanding of how security analysts currently identify and investigate threats to large systems. Dragos’ challenge is creating a platform to easily auto detect threats and provide a simple interface to investigate these threats and clean them up.
Having direct access to work with security analysts it was easy to create rapid fire prototypes and get the validation we needed quickly.
The main challenge was designing a tool bar that could be used in tandem with the workspace. How might we create a tool bar that users can access to search the system on the same space as their investigation screen?
Simplifying Substantial Data Sets
The Dragos Portal will introduce Notifications and open Cases. This information shows a high-level snapshot of when the user logs in of high-level threats and work that may need to be done in an open Case. This information is real-time, a user can set their dashboard preferences depending on their role and security focus.
Security analysts may login and receive up to 2,000 potential threats. We created threat levels and custom dashboard settings to help filter out lower level notifications.
I added a simple flow to open an existing case or to start a new case from selecting one or multiple notifications.
This helps us achieve our goal of reducing the amount of time an analyst would normally spend sifting through multiple notifications and potential threats.
Start a Hunt – or escalate to an Incident
Users can choose to start a Hunt from one or multiple notifications or go straight into an Incident. A Hunt allows the user to utilize the tool bar to determine whether or not the threat(s) would be considered an Incident. Incidents are high-security threats that need to be cleaned up immediately.
Bringing in the “Turn into Incident” feature in collaboration with Playbooks (step by step instructions to clean up an Incident) provides the user with their single source platform to investigate, capture evidence, take notes and clean up security threats. It supports and enhances the current Security Analysts workflow by allowing the user to quickly access their open cases, see immediate real-time threats, and have documentation around security cases to help influence future AI for suggested Playbooks.
The Dragos platform is still currently being developed. You can learn more about the product at Dragosinc.info
Since the initial creation of Dragos they have been named a 2018 Cool Vendor in Industrial IoT and OT Security by Gartner, raised over $10 Million and recognized on a national level.
Senior Product Designer // Researcher
Scrum Master // Tech Lead // Product Owner (CTO)
8 + Developers (internal and external)