Vulnerability Management System is an enterprise application that scans software, workstations, detects critical vulnerabilities & provides secure remediations.
Improving how vulnerability management system tracks and remediates vulnerabilities faster to mitigate any risk and ensure operational efficiency.
Research (Qualitative & Quantitative), Wireframe, Design (low-fi & hi-fi), Prototype.
The existing version of vulnerability management application had major issues with –
• Creation, filtering and customisation of vulnerability reports.
• Vulnerability notifications.
• Creating, and sending list of suspected bugs.
• Determining the remediation time and
• providing an update on UI.
• Scaling up to accommodate newer asks from users related to integration & security.
With our design thinking approach,
we followed a 3-step plan
Research, Synthesis
Wireframes, Prototype
Usability Tests
Understand the product through brainstorming sessions with stakeholders. Clarify assumptions and queries, check for existing research, if any to uncover major pain points.
Over the first week, I spent time analyzing the current version of the app, understanding a typical user journey from start to end and doing market research on competitors.
Quantitative & Qualitative Methods
I teamed up with the Product Manager to conduct quantitative and qualitative research for the app. User insights from surveys and contextual user interviews broke many assumptions and surprised us in positive ways.
“The UI is not intuitive, and we spend a lot of time interpreting and reacting to the results of patching. Example: VVMS can say that patching is successful when in fact for kernel patching it didn’t actually install the new kernel.”
– Quote from an Employee
Data sampled from 20 users
We created an affinity map with categories of findings from the research. It helped us to prioritize user pain points and convert them into actionable items.
Features that positively impact the usability and are especially liked by useful, or helpful to users.
These items should be kept.
Problems that are cosmetic only and do not imapact the usability.
Fixing these items should be low priority.
Problems that negativelty impact the usability, but do not stop users from completing the task.
Fixing these items should be medium priority.
Problems that cause significant difficulty, but do not necessarily stop users from completing the task.
Fixing these items should be high priority.
Problems that stop users from completing the task and/or using the platform.
Fixing these items should be critical priority.
Recommendation | Priority |
---|---|
Add filters for environment, RRD, QID, Ageing, Scan status, operating system, New findings | Critical |
Show data by servers in vulnerability report along with ATCs | Critical |
Allow users to create custom reports and organize them | High |
Refresh data at the top is useful | Kudos |
Findings in the dashboard at the top are useful | Kudos |
Allow users to create and save custom search templates in vulnerabilities page | Critical |
Exclude maintenance windows while selecting time period in patch sceduling | High |
Based on the research synthesis, we came up with the main goals of the project.
Users needed a clear filtering ability to refine vulnerabilities and keep track of priority remediations.
Product analysts (a persona type) needed list of findings and vulnerabilities together to better analyse the urgency and provide appropriate solutions to respective teams.
We came up with a solution to automate data from the backend that would save time spent in creating custom excel sheets.
Visualize the application in a way that addresses user pain points and can be scaled keeping up with the user experience.
Filters
The research findings helped us understand that users rely on excel sheets to filter the data which adds up to their issues. We formulated a way to let users refine the results in the dashboard itself using Filters. The parameters shown in filters are based on the data collected during research.
22%
Increase in daily remediations in less than 3 months.
List of Vulnerabilities
Another important feature is the list of vulnerabilities that we introduced as a part of our pilot which turned out to be successful. This list helped users track their vulnerability updates in one click.
14.5%
decrease in daily support tickets.
Automation
We worked with the development team to formulate data with the help of algorithms and scripts. The team is working on analysing the automation impact and it will be available in the next few months.
Continuous learning through user testing to improve the product consistently.
Usability Tests
Conducting scenario-based usability tests (manual) with selected users helped us validate our design solutions & stay assured on the approach for further enhancements.
“I like the dashboard with the “funnel” on the right side, really help focus in on findings. I also like the ability to use vulnerabilities to filter to exactly which findings I am searching for across all apps.”
– Quote from an Employee after Usability test