OpenSOAR

An open-source SOAR (Security Orchestration and Automation Response) platform

OpenSOAR_Portfolio.jpg

BRIEF

With increasing compute and cloud deployments, the security and privacy of an organization are getting more focus in organizations than ever before. For the multiple aspects of security issues that these organizations face, there are very few solutions available in the industry. Security Orchestration and Automation Response (SOAR) platform is one possible solution to the issue. SOAR is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. 

 

A Lead Security Engineer working out of the SF Bay Area approached me with an idea to design an iOS application for an open-source SOAR platform (OpenSOAR). Phase one for the app includes creating the executive level views for the mobile application. Executive-level views will consist of graphical reports of security incidents generated based on different scenarios that will be available for them to view at their fingertips.

GOALS AND OBJECTIVES

To create branding for the platform so that it can be visually appealing and recognizable.

To create a prototype and perform usability tests for the executive level view in the mobile application.

To create an iOS application design keeping in mind the executive views and the key features that enables senior management to view detailed incidents, email reports, and get updates on their fingertips.

ROLE                  UX/UI Design

COMPANY        OpenSOAR

TOOLS               Figma - Design & Prototype

TIMELINE            5 Weeks

Designing mobile application for open source 
Security Orchestration and Automation Response (SOAR) platform

THE DESIGN PROCESS

EMPATHIZE

DEFINE

IDEATE

PROTOTYPE

TEST

ITERATE

 

EMPATHIZE

USER RESEARCH

RESEARCH GOALS

For the identified target user base, preferably in the Cybersecurity domain and/or Operations Management, the aim is to learn about their experiences of using apps/tools with some form of data analysis and incident reporting.

01

Understand the preferred report viewing modality for the end-users, i.e., where do they prefer to view their incident reports - on their phones, desktop, or tablets? And, why?

03

What information should the SOAR platform provide for the viewer and how are they expected to react to that information?

05

Learn about the existing/competitive SOAR platforms - their strengths and weaknesses.

02

Understand the extent and depth of information in incident reports that decision-makers prefer to have visibility on which in turn will provide the capability to perform actions to mitigate incidents as they arise.

04

RESEARCH METHODOLOGIES

PRIMARY RESEARCH

Customer Interviews and Contextual Inquiry:  

I interviewed 4 participants. I reached out to professionals in the tech industry who have some exposure to data analysis dashboards or incident reporting tools, professionals who have experience with developing/ collating reports/data analysis, or are fairly senior in their organization to have some good insights. The aim was to understand the extent and depth of information in incident reports and SOAR platforms that decision-makers prefer to have visibility on which in turn will provide the capability to perform actions to mitigate incidents as they arise.

SECONDARY RESEARCH

Competitive Analysis and study of trends online:

I started learning more about the SOAR platform, their target user base, and what each of these user types aim to get out of the application. I did research about the currently available SOAR platform in the industries explored their websites, features, strengths, and weaknesses.

INSIGHTS FOR INNOVATION

After conducting user interviews, contextual inquiry and analyzing the gathered data, four common insights emerged.

STAY INFORMED

The availability to enable proactive notifications, for example, getting weekly reports, alerts in case of critical incidents, etc. without having to manually feed in data. 

CUSTOMISABLE

Ability to quickly customize the dashboard and the data visualization parameters based on requirements.

CONVENIENCE

Ability to get desired information about the efficiency and effectiveness of the tools and resources being used in the SOC while being on the toes through minimal time and effort. 

QUICK

Quick and efficient navigation means within the app to maximize the output a user gets in a shorter time span.

RESEARCH ANALYSIS

USER PERSONA

To better understand the target audience, to create empathy, and to give the user base a more ‘human’ feel, I created a persona. By synthesizing data from the research debriefs through 1-1 interviews and combining it with the client's requirements, I created a fictional but realistic representation of the target user group.

 

DEFINE

SITEMAP

To better understand the content, its hierarchy, and its placement, I created the sitemap. The elements listed here are keeping in mind the limited scope and one target user base.

USER AND TASK FLOWS

Created User Flows helped visualize how John, and eventually the target user audience, might interact with the website to complete various tasks based on different scenarios:

  • Task 1: The Director recently received the budget for the quarter. He has to devise the investment strategy and give the VP his recommendations. To be able to draft the same, he wants to generate a report on the number of false-positive incidents per tool.

  • Task 2: The Director wants to generate and email report for the ongoing customer-facing data breach incident with the code name 'San Francisco'

 

IDEATE

At this point in the design process, I began creating low-fidelity to mid-fidelity wireframes. To begin the product, I tried to emphasize priorities that arose from the user research and the client brief.

BRANDING AND UI KIT

Once the wireframes were created it was then time to work on visuals on the OpenSOAR brand. The essence of the logo and the brand style was to maintain a darker, serious, and professional feel. The logo, typography, color palette, and other UI elements were worked out. 

 

Thereafter, based on the principles of Atomic Design by Brad Frost the idea was to define/design the small, independent - atomic - parts, to help build the large molecular structures.

Defined the UI elements such as icons, spacing, navigation patterns, grids, and other similar elements for the OpenSOAR Brand.

Source: Atomic Design Icons

by Marivi Carlton - Dribbble

 

PROTOTYPE

Logging in to the OpenSOAR platform and navigating to the home screen

Task: Director recently received the budget for the quarter. He has to devise the investment strategy and give the VP his recommendations. To be able to draft the same, he wants to generate a report on the number of false-positive incidents per tool.

Task: The Director wants to generate and e-mail himself report for the ongoing customer-facing data breach incident with the code name 'San Francisco'

TEST

 

TEST GOALS:

USABILITY TESTING

To see how users react to the home screen with the placement of the key navigation options

01

USABILITY TESTING

Discuss any suggestions users might have in terms of features that can be included or deleted from the application, features that were confusing, or can be presented in a better format

03

USABILITY TESTING

To monitor the pattern the users follow, the buttons the users click, and the route they choose while navigating through the application to accomplish the task

02

TEST RESULTS:

NAVIGATION / SEARCH

The availability to enable proactive notifications, for example, getting weekly reports, alerts in case of critical incidents, etc. without having to manually feed in data. 

UI / VISUALS

Ability to quickly customize the dashboard and the data visualization parameters based on requirements.

CONTENT

Ability to get desired information about the efficiency and effectiveness of the tools and resources being used in the SOC while being on the toes through minimal time and effort. 

NEXT STEPS

OpenSOAR is an open-source Security Orchestration and Automation Response platform (OpenSOAR). The phase one for the app was to create the executive level views for the application. The scope of this project was to create two unique user flows that will form a part of the sales pitch for this product. If/when OpenSOAR is productized, there will be a larger engagement from a UX/UI design perspective for the end-to-end product development. 

  • Twitter
  • LinkedIn
  • dribbble_Black