SHIYU CHEN
orange.png

Malware Incident Management Revamp

Malware Incident Management Revamp

 

A new experience that enables security engineers to prioritize malware investigations, helping them to detect external risks more efficiently

 

Brief

Malware Incident Management is a tool that security engineers use to monitor and respond to malware and suspicious activity in files. However, there has been an increase in churn rate and a decrease in daily active users over the past few months.

Research revealed that users struggled to prioritize investigations and act on affected files due to missing critical data and poor navigation and data organization in the current design.

As the lead designer, I designed a feature that enables users to prioritize investigations, and redesign the incident management experience to improve efficiency and engagement.

 
 
 

Impact

The design has been implemented and launched. Not only has the design achieved the product goal, but it has also demonstrated my strengths in product thinking and design leadership.

 

Overview

Context


Malware incident management is another tool in Netskope’s security service. Over the past year, we have encountered a significant product issue related to this tool, leading to decreased usage by customers and a substantial decline in daily active usage.

 
 

The Problem

Users couldn't prioritize investigations and take effective actions on affected files.

With a large volume of files affected by malware, it is critical for users to prioritize investigations and take effective action. Being able to do so helps customers prevent external risks and safegard important data.

The current design fails to address this need, which is the main reason for the poor data performance of the product.

 

Solution

A new experience that adds detection engines and reshuffles the data organization on the incident table, enabling users to prioritize investigations and take effective action on affected files.

Before

After

 

Define

User Research


To define the problem and establish a UX goal to address it, I began by determining the research goals, which were to find answers and insights to the following questions:

 
 

I collborated with the UX research to conduct the user interview and usability testing to gather insights and identify pain points.

Insights

 

Detection engine is critical data used to prioritize investigations.

The research reveals that while the detection engine and its accuracy are key for prioritization, there are other factors that influence users' decisions on which files they want to prioritize for investigation.

 
 

Pain Points

Users aim to investigate affected files, but the current design make it difficult to do so.

Without detection engines, users can still prioritize investigations by analyzing incident counts, malware severity, users, and applications. However, the current data organization makes this process inefficient.

UX Goals

 

User Journey

I mapped out the user journey for two different scenarios: For users seeking a more efficient investigation, they can use detection engines; for users requiring a more comprehensive investigation, they can use the new files affected table.

 

Design

Key Features


For efficiency - a dedicated tab to show the capabilities of detection engines.

On the detection engine table, users will see and be able to:

  • Accuracy: 'Advanced' detection engines offer better accuracy.
  • View the list of files detected by each engine.
  • Filter by detection engine.
    •  
     
     

    For comprehensive data, replace the Malware table with the Files Affected table

    Currently, to view the file affected table, users needed to click on the Malware table first. Besides, the current file affected table does not display comprehensive data.

    I combined 2 tables and reorganize the data. On the new table, users will see:

  • Comprehensive data on the affected files.
  • A column shows which detection engines have detected this file.
  • Users can filter data to increase efficiency.

    • Before

    After

     

    Filter and customize columns for better usability

    I added a filter for efficiency and customized the columns for a cleaner look and clearer navigation.

    evaluation

    Result


    The design received a great result, increased DAU and improved usability.

    We monitored and evaluated the design after its launch. Over the 3 months, we've seen a significant increasae in daily active use, indicating that the new design has brought back users, and has increased engagement.

    We also conducted usability testing with previous participants to determine whether users can prioritize the investigation and how quickly they can complete the task. We observed a significant improvement compared to the old design.

     

    Learning

    Fight for my users

    When designing an enterprise product, UX impact might not be as important as business impact. Within the Threat Protection team, I had the impression that usability issues may not be major concerns as long as the functionalities are met. In this circumstance, it is even more important to champion UX and advocate for its impact. I am happy that I held onto the gate and seized this opportunity to make the changes happen.