OpenSOAR
An open-source SOAR (Security Orchestration and Automation Response) platform
BRIEF
With increasing compute and cloud deployments, the security and privacy of an organization are getting more focus in organizations than ever before. For the multiple aspects of security issues that these organizations face, there are very few solutions available in the industry. Security Orchestration and Automation Response (SOAR) platform is one possible solution to the issue. SOAR is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance.
A Lead Security Engineer working out of the SF Bay Area approached me with an idea to design an iOS application for an open-source SOAR platform (OpenSOAR). Phase one for the app includes creating the executive level views for the mobile application. Executive-level views will consist of graphical reports of security incidents generated based on different scenarios that will be available for them to view at their fingertips.
GOALS AND OBJECTIVES
To create branding for the platform so that it can be visually appealing and recognizable.
To create a prototype and perform usability tests for the executive level view in the mobile application.
​
To create an iOS application design keeping in mind the executive views and the key features that enables senior management to view detailed incidents, email reports, and get updates on their fingertips.
ROLE UX/UI Design
COMPANY OpenSOAR
TOOLS Figma - Design & Prototype
TIMELINE 5 Weeks
Designing mobile application for open source
Security Orchestration and Automation Response (SOAR) platform
THE DESIGN PROCESS
EMPATHIZE
DEFINE
IDEATE
PROTOTYPE
TEST
ITERATE
EMPATHIZE
USER RESEARCH
RESEARCH GOALS
For the identified target user base, preferably in the Cybersecurity domain and/or Operations Management, the aim is to learn about their experiences of using apps/tools with some form of data analysis and incident reporting.
01
Understand the preferred report viewing modality for the end-users, i.e., where do they prefer to view their incident reports - on their phones, desktop, or tablets? And, why?
03
What information should the SOAR platform provide for the viewer and how are they expected to react to that information?
05
Learn about the existing/competitive SOAR platforms - their strengths and weaknesses.
02
Understand the extent and depth of information in incident reports that decision-makers prefer to have visibility on which in turn will provide the capability to perform actions to mitigate incidents as they arise.
04
RESEARCH METHODOLOGIES
PRIMARY RESEARCH
Customer Interviews and Contextual Inquiry:
I interviewed 4 participants. I reached out to professionals in the tech industry who have some exposure to data analysis dashboards or incident reporting tools, professionals who have experience with developing/ collating reports/data analysis, or are fairly senior in their organization to have some good insights. The aim was to understand the extent and depth of information in incident reports and SOAR platforms that decision-makers prefer to have visibility on which in turn will provide the capability to perform actions to mitigate incidents as they arise.
For me, it would be good to have a summary view, but a detailed view may not be necessary.
It would be good to have an analysis of the new incidents not detected in spite of all the systems in place
I would want a quick analysis of mean time to respond since this directly impacts the man-hours
SECONDARY RESEARCH
Competitive Analysis and study of trends online:
I started learning more about the SOAR platform, their target user base, and what each of these user types aim to get out of the application. I did research about the currently available SOAR platform in the industries explored their websites, features, strengths, and weaknesses.
INSIGHTS FOR INNOVATION
After conducting user interviews, contextual inquiry and analyzing the gathered data, four common insights emerged.
STAY INFORMED
The availability to enable proactive notifications, for example, getting weekly reports, alerts in case of critical incidents, etc. without having to manually feed in data.
CUSTOMISABLE
Ability to quickly customize the dashboard and the data visualization parameters based on requirements.
​
​
​
CONVENIENCE
Ability to get desired information about the efficiency and effectiveness of the tools and resources being used in the SOC while being on the toes through minimal time and effort.
QUICK
Quick and efficient navigation means within the app to maximize the output a user gets in a shorter time span.
​
​
​
RESEARCH ANALYSIS
USER PERSONA
To better understand the target audience, to create empathy, and to give the user base a more ‘human’ feel, I created a persona. By synthesizing data from the research debriefs through 1-1 interviews and combining it with the client's requirements, I created a fictional but realistic representation of the target user group.
DEFINE
SITEMAP
To better understand the content, its hierarchy, and its placement, I created the sitemap. The elements listed here are keeping in mind the limited scope and one target user base.
USER AND TASK FLOWS
Created User Flows helped visualize how John, and eventually the target user audience, might interact with the website to complete various tasks based on different scenarios:
​
-
Task 1: The Director recently received the budget for the quarter. He has to devise the investment strategy and give the VP his recommendations. To be able to draft the same, he wants to generate a report on the number of false-positive incidents per tool.
-
Task 2: The Director wants to generate and email report for the ongoing customer-facing data breach incident with the code name 'San Francisco'
IDEATE
At this point in the design process, I began creating low-fidelity to mid-fidelity wireframes. To begin the product, I tried to emphasize priorities that arose from the user research and the client brief.
BRANDING AND UI KIT
Once the wireframes were created it was then time to work on visuals on the OpenSOAR brand. The essence of the logo and the brand style was to maintain a darker, serious, and professional feel. The logo, typography, color palette, and other UI elements were worked out.
Thereafter, based on the principles of Atomic Design by Brad Frost the idea was to define/design the small, independent - atomic - parts, to help build the large molecular structures.
​
Defined the UI elements such as icons, spacing, navigation patterns, grids, and other similar elements for the OpenSOAR Brand.
Source: Atomic Design Icons
by Marivi Carlton - Dribbble
PROTOTYPE
Logging in to the OpenSOAR platform and navigating to the home screen
Task: Director recently received the budget for the quarter. He has to devise the investment strategy and give the VP his recommendations. To be able to draft the same, he wants to generate a report on the number of false-positive incidents per tool.
Task: The Director wants to generate and e-mail himself report for the ongoing customer-facing data breach incident with the code name 'San Francisco'
TEST
TEST GOALS:
USABILITY TESTING
To see how users react to the home screen with the placement of the key navigation options
01
USABILITY TESTING
Discuss any suggestions users might have in terms of features that can be included or deleted from the application, features that were confusing, or can be presented in a better format
03
USABILITY TESTING
To monitor the pattern the users follow, the buttons the users click, and the route they choose while navigating through the application to accomplish the task
02
TEST RESULTS:
NAVIGATION / SEARCH
The availability to enable proactive notifications, for example, getting weekly reports, alerts in case of critical incidents, etc. without having to manually feed in data.
UI / VISUALS
Ability to quickly customize the dashboard and the data visualization parameters based on requirements.
​
​
CONTENT
Ability to get desired information about the efficiency and effectiveness of the tools and resources being used in the SOC while being on the toes through minimal time and effort.
NEXT STEPS
OpenSOAR is an open-source Security Orchestration and Automation Response platform (OpenSOAR). The phase one for the app was to create the executive level views for the application. The scope of this project was to create two unique user flows that will form a part of the sales pitch for this product. If/when OpenSOAR is productized, there will be a larger engagement from a UX/UI design perspective for the end-to-end product development.