Netskope High-Impact Redesign
Turning siloed malware incident management into a unified investigation experience.
Role
Lead Product Designer
Team
Product Manager, Engineering, Security Analysts
Tools
Figma, Miro
Timeline
1 Month
Role
Lead Product Designer
Team
Product Manager, Engineering, Security Analysts
Tools
Figma, Miro
Timeline
1 Month
Context
The PM and I disagreed on the solution. My data-backed proposal settled it.
Netskope's malware incident management tool is the core workflow for security analysts to investigate and respond to malware detections. Over the past 6 months, daily active usage dropped significantly.
Research pointed to a clear cause: users couldn't prioritize or investigate affected files effectively. The PM proposed adding a "detection engine," but I disagreed — that alone wouldn't fix a fundamentally broken experience. Through the process below, I convinced the PM to pivot direction and increase DAU.
[1]
Speak to Users
What data helps users decide which files to investigate first, and what's their mental model.
[2]
Mock Up 2 Options
I designed two options: a full redesign, and the PM's proposed detection engine feature.
[3]
User Testing
I tested both versions with users and let the data decide, eventually convincing the PM.
Problem
Users couldn't prioritize investigations on malware affected files, resulting in misdirected and slow response
The PM proposed adding a detection engine, but I believed the problem ran deeper. The existing experience was fundamentally broken. A detection engine would help, but wouldn't solve the key issues. Redesigning the full experience was what would truly move the needle.
Before
After
90% increase in daily active usage
90% increase in DAU
Daily active usage recovered significantly post-launch, bringing users back to a tool they had previously abandoned.
85% faster investigation
90% of users could identify and prioritize affected files without excessive time navigating between screens.
Identified the right solution
Research validated the core issue was a broken experience, redirecting the team toward a full redesign.
🧩My Approach
Determine which investigation process helps users prioritize affected files
I spoke to users to understand their investigation journey, identifying what helped them prioritize affected files and what got in the way.
💡Research Insight
Users need more than detection data to prioritize files
Research confirmed that detection engine data influences prioritization decisions, but it's not enough on its own. Users also rely on other data.
🔍Pain Point
The broken experience prevents users from achieving their goal
Because the current experience was built around malware types rather than affected files, simply adding a feature couldn't fix the problem and help users achieve their goal.
🧪User Testing
Two designs, one clear winner
I designed two versions: one adding detection engine data to the existing experience, and one that fully redesigned it. The data showed the fully redesigned version was the clear winner.
🧩My Approach
Determine which investigation process helps users prioritize affected files
I spoke to users to understand their investigation journey, identifying what helped them prioritize affected files and what got in the way.
💡Research Insight
Users need more than detection data to prioritize files
Research confirmed that detection engine data influences prioritization decisions, but it's not enough on its own. Users also rely on other data.
🔍Pain Point
The broken experience prevents users from achieving their goal
Because the current experience was built around malware types rather than affected files, simply adding a feature couldn't fix the problem and help users achieve their goal.
🧪User Testing
Two designs, one clear winner
I designed two versions: one adding detection engine data to the existing experience, and one that fully redesigned it. The data showed the fully redesigned version was the clear winner.
🎯 Solution
A unified incident response workspace with detection engine data surfaced at every step
File-centric overview
Filter by detection engine
Select specific detection engines
Filtered results by detection engine
Detection engine tab
File details panel
Results
All users successfully identified which affected files to prioritize using the redesigned experience.
95% of users found the redesign more effective for malware investigation.
The redesign drove a 90% increase in daily active usage, reversing months of decline.
Learnings
Champion UX with data, not just conviction. At Netskope, PMs and engineers carry more influence, and functionality often wins over usability. Using research data to make the case rather than just advocating was what shifted the conversation and unlocked the redesign.
Standing firm for users creates lasting change. The UX team had long wanted a file-centric experience but couldn't get PM buy-in. This project became a proof point shared across the entire UX org as an example of holding the line for user experience.