At SOC.OS our mission is to reimagine security operations (SecOps) by making in-house analysts more effective at their job. A big part of this is down to how we allow these users to interact with data. That’s why we took a step back recently to see if there were any improvements we could make to the tool’s main UI.
The result is a new user experience (UX) that has flipped the old visualisation 90 degrees. We’re tremendously excited at the potential this has to drive even greater productivity for our customers.
The story so far
SOC.OS makes life easier for Security Operations Centre (SOC) teams. We do this by collecting alerts from across a client organisation’s security tooling, enriching them through external threat intelligence and business context, and prioritising them through intelligent scoring and clustering. That saves a lot of time for SecOps analysts. But there’s still more to do. From here, the idea is that they can click through on clusters of prioritised alerts to investigate further.
The challenge with the original UI is that some clusters were packed with noisy alerts from specific office IT systems, overwhelming the user. The visualisation for this type of cluster felt a little intimidating for some users—unsure where to start or how to find anything buried amidst the noise.
The truth is that noisy clusters like this can take up a lot of screen real estate. Our original design made use of each horizontal pixel so we could fit more of its story onto the screen. However, listening to our users, we understood that large clusters were difficult to interpret, and it was unclear which entity was contributing the most alerts.
What’s new for ’22?
This visualisation of clusters is priority content for us and our users, so we wanted it to remain front-and-centre of the GUI. But instead, we wanted to prioritise scanning down rather than across. That’s because vertical scanning is easier for users’ eyes and brains to process—allowing analysts to scan rapidly for points of interest. We also wanted high priority data points like the internal entity values which represent what the analyst is defending, on the left-hand side. And we wanted contextual data like external entities on the right.
That’s why we flipped the original visualisation 90 degrees, and then sorted it by alert count—adding volume to the splines to show alert count (aka noisy entities). We also transitioned from showing the entire cluster on one screen, which was overwhelming to some users, to a view where the interface discloses more of the cluster story as the user scrolls down. It also now shows the most relevant information relationships for the alerts in view.
The feedback has already been extremely positive. Here’s what one customer says:
“I have already taken a look and familiarised myself with the new update and visualisations, and wholeheartedly welcome these changes. Makes everything flow a bit better for my personal workflow.”
That’s great to hear. But we’re not done yet. We’ll continue to roll out new functionality and improvements as 2022 rolls on. Because having an industry leading technology engine is only part of the battle. The way our customers interface with the data we present them is absolutely critical to their experience of using the product—and therefore their ability to mitigate cyber-risk for their organisation.