IBM QRadar Security - UEBA
Summary: User and Entity Behavior Analytics (UEBA) is a way to monitor your cybersecurity environment through Machine Learning models that trigger abnormal anomalies. In Q1 2024, along with my team, I designed the new UEBA product for the security platform.
Business impact: Designed a new threat monitoring product within QRadar Security Suite
Programs: Figma, Mural
My Roles: Product Designer (UX Research, UX Design, UI Designer)
Discovery Phase (research)
Cybersecurity is a top concern in today's digital era, with traditional measures often falling short against evolving threats. User and Entity Behavior Analytics (UEBA) offers a proactive solution by analyzing behaviors within networks to detect anomalies and threats in real-time. Existing UEBA solutions face challenges like performance issues and complex configurations, creating a market opportunity for more streamlined and innovative offerings tailored to modern enterprise needs.
Problem: Organizations struggle with monitoring their internal environments for evolving threats. A more efficient and effective way to monitor abnormal activity is needed.
There is a significant market opportunity in UEBA, and IBM is currently behind the competition and is losing sales as a result. We want to offer a differentiated UEBA solution to QRadar Cloud Native customers in H2 2024.
Methods during research: Competitor analysis, User interviews x7 CSOC analysts
Our initial round of generative UX research aimed to identify user needs in relation to UEBA solutions which will inform our UEBA MVP.
Key insight: Analysts lack confidence in UEBA solutions due to lack of understanding and misconfiguration of the tool, excessive false positives and lack of context around the alert.
2. Exploration Phase (Low + Mid-fi)
With insights and data points extracted from research, we could now start exploring designs.
Goals of exploration phase: To create a user-centric, scalable, and integrative UEBA solution that effectively aids SOC analysts in detecting and responding to security threats through advanced behavior analytics and intuitive interfaces.
Methodology: Sketching, wireframing and prototyping, competitive analysis, architecture analysis, user flows, user feedback and insights
We pushed our designs to explore past our design system–creating solutions that users could After iterating multiple days in lo-fi sketches, we took our designs digitally. We took these new mid-fi designs and tested them again with SOC analysts.
Key insights:
3. Delivery Phase
As we gathered feedback on our designs, we also needed to make sure our architects were telling us the technical constraints of our designs.
Challenges: Our early hi-fidelity explorations made the assumption that our ML models could create certain connections and relationships. After weeks of our backend team figuring out what’s possible, they told us the models could not do that. So we adjusted our designs to address this challenge.
Our final deliverables included a profile page and the new anomaly analytics page. We presented our deliverables to stakeholders and handed it off to development.
The anomaly analytics is what sets our product apart from competitors. Users can visualize, add and take action against anomalous entities and users in the system (seen below)
