Water, Water Everywhere

As technology moves forward, it's clear that we're surrounded by more and more information from numerous sources, both in our personal and professional lives, far in excess of our ability to manage and understand it. In security, the information problem is not necessarily in the absence of information about your network, but the ability collect it, parse what's been gathered and identify interesting, or even critical details. The sheer volume of information is a valuable part of many attacker's toolkits because their activities become seamless and invisible within a sea of everyday data.

Showing What's Not There

One goal of a well-designed interface is to extend a user's ability to accomplish specific tasks; in security those tasks range from locating, collecting, and reporting out vulnerability and patch information, to ensuring you have an accurate picture of your entire deployed architecture. In most cases, these tasks require only a ‘flat' representation of information - which is to say, most security applications deliver some required level of information without additional context or deeper views of related information. While flat information can be diverse, it is missing richer, contextual relationships and it connects with nearby information in only linear ways.

Take for example the appearance of a virtual machine, on a network. The system can either report its presence or absence, and list numerous things about it, including the operating system and installed software, but the state of this information is binary — it's either there or it's not.

The User Experience team here at Rapid7 builds views of your data that connect it with otherwise disconnected information from other points in your environment. A better way to present security data is to show what's not there. Critical details become apparent only when they are presented correctly. Taking this approach, our design tasks focus on experiences around:

  • helping a user look for outliers
  • showing the delta between two or more values
  • integrating machine-based knowledge with user context and customization through features such as tagging
  • improving the signal-to-noise ratio and intelligently abstracting a large amount of information
  • delivering flexible navigation to accommodate for non-linear workflows

Design Study: Adding Context to Data

A challenge of designing user experiences for security applications is the fact that ever-increasing amounts of security information require automated collection methods, and these machine-driven processes often lack the organizational finesse of a human security expert in associating the collected information.

For example, despite improvements in collection and organization of security information, there are still numerous aspects of a networked environment that are not represented by specific types of scan data:

If a system is well-designed, a user can supply this missing information through their own personal knowledge; we provide tools to integrate existing scan results with human knowledge to give the scanned data the proper context to assist in remediation decisions and other security tasks.

Take another scan example: a machine may only gather information about IP addresses and asset names. The design required to show this information will likely be linear - IP addresses can be represented in ascending or descending order:

Without any additional (human-provided) context, this type of display is hard to parse for further meaning. A critical role in the design of the overall user experience is to identify the ways that basic information can be combined to provide additional insight into deeper levels of meaning not apparent at first glance:

In the above example, the height of the line (distance from the baseline) represents the delta, or difference, between the last time that asset was accessed and the average time of access for all assets in the system. A proposed design can combine several scan values to estimate additional, contextual information that would otherwise be provided by a user's personal knowledge:

  • Is software X being tested?
  • Is the asset in a closet?

The identification of these factors, development of a process to include them as scan information, and the organization of this information into a usable, easily-understood display are specific steps we take to build the overall design of a refined user experience.

Designing for What's Not There

Based on the above examples, developing a user experience around contextual design can be done in two phases:

  1. Design the Content Structure: Identify those unique factors that are contributed mainly through personal knowledge, and create an information architecture to drive the collection and organization of the underlying data components to support those factors.

  2. Wrap it in Visual Language: Refine the contextual content into a set of characteristics and map those characteristics to corresponding visual language. Context must be shown relationally, so the visual representations have to describe these relationships in terms of position and spacing.

Looking Forward

Currently, the ratio of machine-collected data to user-provided context is biased toward machines, because automated ways of gathering security data are much faster than our individual ability to organize this information in meaningful ways. Designing the user experience around security solutions is more than making the UI beautiful. As an initial step, we're re-organizing the components and interactions provided by our existing product interfaces, and creating better workflows from steps you will already be familiar with. Further on, we're building software experiences that bring together many kinds of information beautifully and augment our users' abilities to view data in more intuitive and insightful ways.

Stay Tuned.

The Rapid7 User Experience Team

Thank you @Neil Estacio