Overview

Detection Center

Bringing critical insight to the most important workflow. Cleanly structured data for clearer communications.

Detection Center Case Study Hero Image

Role

Lead Product Designer

Team

  • 1 PX Designer
  • 1 PX Researcher
  • 1 Product Manager
  • 2 Developers

PROBLEM

Plenty of data but disconnected and unreflective of it’s current status.

Detection page was a mixture of historical log and current state data causing confusion, redundant action and uncertainty for the user while impacting trust and value for the business.

Quarantine page was current state data adding to the confusion with user’s unable to differentiate Detection data and Quarantine data types.

Business

Detection and remediation technology is the center of our product purpose. Current state of experience impacted trust and customer value when retention was a business focus.

Separated workflows impacting visibility and auditing

Data in separate pages surfaced differently compounded user effort by constantly navigating back and forth for similar workflows while also increasing mental efforts to track data that did not carry over. The lack of real time tracking of the detection left users uncertain of their security and unable to audit accurately.

Unsupported action

Detection page was built as a log and did not support the most necessary straight forward action of Remediation from this view. Rather user’s were required to be on a different page entirely.

SOLUTION to first user problem

No more separation: Unify and clarify the pertinent information.

I proposed a straightforward solution to bring these data sets into the same page, give them cohesion that matches user mental models while still trying to respect their difference in purpose.

SOLUTION to second user problem

Auditing made simple with visibility across the lifecycle of detections

I mapped all detection types and their possible states to present to the user a timeline of the detection for auditing and visibility.

SOLUTION to third user problem

Give users control to take action how and where they need it.

How the product had always worked got too familiar. I proposed an entirely different approach to remediation.

Remediation on the detection not the endpoint

Users should be able to perform remediation not just on the endpoint but also on the detections themselves

User control

I advocated for the need to granularly control remediation not only remediate the entire endpoint. Research found that many IT admins preferred to leave some detections over others on endpoints to avoid disruption.

OUTCOME

A consolidated and highly visible management center that simplifies tracking of complex detection lifecycles

Biggest impact

6%

Decrease in average active detections across environments

1 min 40 sec

Decrease in average time spend on Detection page views

Additional impact

Financial

  • Clear detection status and lifecycle reduced unnecessary repeat actions, lowering compute usage and support costs associated with redundant scans or escalations.
  • Detection Center became a compelling demo centerpiece rather than a defensive explanation for Sales team enabling them to leverage another converting point.

Operational

  • Reduced mean time to understand and respond to threats for internal Managed Security Service teams
  • Streamlined backend infrastructure reducing tech debt

Opportunity

  • Established a scalable detection lifecycle foundation that enables:
    • Automation and orchestration
    • AI-assisted triage
    • Clearer cross-signal correlation

Brand

  • Increased brand trust and reduced user anxiety by making systems more transparent reinforcing the brand promise of cybersecurity for every one.
  • Brand hardening with enhancements on proprietary remediation technology that Malwarebytes is known for

PROCESS DEPTH → Research

Research contribution

Current experience issues

What we know - Account metrics + Pendo funnels

Prior research referencing

I revisited prior research that had been done. Personas and KYC initiatives had also recently been updated and revisited.

Current experience analysis

I identified where in the current experience there were user issues either foundational heuristics being broken or product specific improvements.

Gathered behavioral data

I reviewed Google Analytics + Pendo to answer questions about what users are doing and how they are doing it to try and understand why.

PROCESS DEPTH → Research

Research contribution

JTBD Mapping

I mapped the JTBD to help clarify what users were actually trying to accomplish, allowing us to design solutions aligned to their real motivations and desired outcomes.

Detection metadata mapping

met with developers and our IT team to understand all of the possible detections and their corresponding data. After understanding our detections were identified as Categories then Types I mapped the different metadata that was unique to each to ensure the designed solutions were considerate of as many data difference possibilities.

PROCESS DEPTH → Design

Designing with stakeholders + Testing with users

Starting with the primary user flow

Designing went through many iterations in tandem with other operations during the project. We started with the primary user flow of remediating active detections followed by the remaining high level states of detections - Quarantine and Log

Refining into the narrow use cases

After our primary user flow and other views of data were clearly understood and aligned on we refined further into clarifying details of other use cases - single detection view, navigation, assignment, etc.

Putting it in front of users

With the support of the researcher on our team, I prototyped, she conducted and I observed and gathered notes on 8 usability sessions.

PROCESS DEPTH → Scoping

Challenges and Scoping

Stakeholder caution

My product partners were cautious about how we released this to customers and how they would react.

My development partners were hesitant on how to restructure the backend to the amount of effort.

Decision Framework

Scoping definition

Scoping definition

This resulted in a minimal scope for P1 even with clear definition of future states of the experience.

PROCESS DEPTH → Post Release

Project learnings

1st learning

Challenge

Stakeholder pushback + lack of involvement without understanding why

Result

Stalling project momentum and postponing release

Learning

While stakeholders were pushing back on how we solve this problem, it was really about misalignment on why we are solving this problem over others: prioritization misalignment.

2nd learning

Challenge

Much effort in designing and discussing detailed future state vision

Result

Out of scope work was never revisited

Learning

Business priorities can shift and quickly. Contribute in the discussions and stick with the direction.

RECAP

Project Learnings

1st learning

Challenge

Stakeholder pushback + lack of involvement without understanding why

Result

Stalling project momentum and postponing release

Learning

While stakeholders were pushing back on how we solve this problem, it was really about misalignment on why we are solving this problem over others: prioritization misalignment.

2nd learning

Challenge

Much effort in designing and discussing detailed future state vision

Result

Out of scope work was never revisited

Learning

Business priorities can shift and quickly. Contribute in the discussions and stick with the direction.

Overview

Detection Center

Bringing critical insight to the most important workflow. Cleanly structured data for clearer communications.

Detection Center Case Study Hero Image

Role

Lead Product Designer

Team

  • 1 PX Designer
  • 1 PX Researcher
  • 1 Product Manager
  • 2 Developers

PROBLEM

Plenty of data but disconnected and unreflective of it’s current status.

Detection page was a mixture of historical log and current state data causing confusion, redundant action and uncertainty for the user while impacting trust and value for the business

Quarantine page was current state data adding to the confusion with user’s unable to differentiate Detection data and Quarantine data types.

Business

Detection and remediation technology is the center of our product purpose. Current state of experience impacted trust and customer value when retention was a business focus.

Separated workflows impacting visibility and auditing

Data in separate pages surfaced differently compounded user effort by constantly navigating back and forth for similar workflows while also increasing mental efforts to track data that did not carry over. The lack of real time tracking of the detection left users uncertain of their security and unable to audit accurately.

Unsupported action

Detection page was built as a log and did not support the most necessary straight forward action of Remediation from this view. Rather user’s were required to be on a different page entirely.

SOLUTION to first user problem

No more separation: Unify and clarify the pertinent information.

I proposed a straightforward solution to bring these data sets into the same page, give them cohesion that matches user mental models while still trying to respect their difference in purpose.

SOLUTION to second user problem

Auditing made simple with visibility across the lifecycle of detections

I mapped all detection types and their possible states to present to the user a timeline of the detection for auditing and visibility.

SOLUTION to third user problem

Give users control to take action how and where they need it.

How the product had always worked got too familiar. I proposed an entirely different approach to remediation.

Remediation on the detection not the endpoint

Users should be able to perform remediation not just on the endpoint but also on the detections themselves

User control

I advocated for the need to granularly control remediation not only remediate the entire endpoint. Research found that many IT admins preferred to leave some detections over others on endpoints to avoid disruption.

Quarantine successfully initiated

You can visit the Tasks page to view and track the status of this command.

 

Note: The status will remain active until the endpoint agent processes the command.

Close

Go to Tasks page

OUTCOME

A consolidated and highly visible management center that simplifies tracking of complex detection lifecycles

Biggest impact

6%

Decrease in average active detections across environments

1 min 40 sec

Decrease in average time spend on Detection page views

Additional impact

Financial

  • Clear detection status and lifecycle reduced unnecessary repeat actions, lowering compute usage and support costs associated with redundant scans or escalations.
  • Detection Center became a compelling demo centerpiece rather than a defensive explanation for Sales team enabling them to leverage another converting point.

Operational

  • Reduced mean time to understand and respond to threats for internal Managed Security Service teams
  • Streamlined backend infrastructure reducing tech debt

Opportunity

  • Established a scalable detection lifecycle foundation that enables:
    • Automation and orchestration
    • AI-assisted triage
    • Clearer cross-signal correlation

Brand

  • Increased brand trust and reduced user anxiety by making systems more transparent reinforcing the brand promise of cybersecurity for every one.
  • Brand hardening with enhancements on proprietary remediation technology that Malwarebytes is known for

PROCESS DEPTH → Research

Research contribution

Current experience issues

What we know - Account metrics + Pendo funnels

Prior research referencing

I revisited prior research that had been done. Personas and KYC initiatives had also recently been updated and revisited.

Current experience analysis

I identified where in the current experience there were user issues either foundational heuristics being broken or product specific improvements.

Gathered behavioral data

I reviewed Google Analytics + Pendo to answer questions about what users are doing and how they are doing it to try and understand why.

PROCESS DEPTH → Research

Research contribution

JTBD Mapping

I mapped the JTBD to help clarify what users were actually trying to accomplish, allowing us to design solutions aligned to their real motivations and desired outcomes.

Detection metadata mapping

met with developers and our IT team to understand all of the possible detections and their corresponding data. After understanding our detections were identified as Categories then Types I mapped the different metadata that was unique to each to ensure the designed solutions were considerate of as many data difference possibilities.

PROCESS DEPTH → Design

Designing with stakeholders + Testing with users

Starting with the primary user flow

Designing went through many iterations in tandem with other operations during the project. We started with the primary user flow of remediating active detections followed by the remaining high level states of detections - Quarantine and Log

Refining into the narrow use cases

After our primary user flow and other views of data were clearly understood and aligned on we refined further into clarifying details of other use cases - single detection view, navigation, assignment, etc.

Putting it in front of users

With the support of the researcher on our team, I prototyped, she conducted and I observed and gathered notes on 8 usability sessions.

PROCESS DEPTH → Scoping

Challenges and Scoping

Decision Framework

Scoping definition

Stakeholder caution

My product partners were cautious about how we released this to customers and how they would react.

My development partners were hesitant on how to restructure the backend to the amount of effort.

Scoping definition

This resulted in a minimal scope for P1 even with clear definition of future states of the experience.

PROCESS DEPTH → Post Release

Project learnings

1st learning

Challenge

Stakeholder pushback + lack of involvement without understanding why

Result

Stalling project momentum and postponing release

Learning

While stakeholders were pushing back on how we solve this problem, it was really about misalignment on why we are solving this problem over others: prioritization misalignment.

2nd learning

Challenge

Much effort in designing and discussing detailed future state vision

Result

Out of scope work was never revisited

Learning

Business priorities can shift and quickly. Contribute in the discussions and stick with the direction.

RECAP

Project Learnings

1st learning

Challenge

Stakeholder pushback + lack of involvement without understanding why

Result

Stalling project momentum and postponing release

Learning

While stakeholders were pushing back on how we solve this problem, it was really about misalignment on why we are solving this problem over others: prioritization misalignment.

2nd learning

Challenge

Much effort in designing and discussing detailed future state vision

Result

Out of scope work was never revisited

Learning

Business priorities can shift and quickly. Contribute in the discussions and stick with the direction.

Overview

Detection Center

Bringing critical insight to the most important workflow. Cleanly structured data for clearer communications.

Detection Center Case Study Hero Image

Role

Lead Product Designer

Team

  • 1 PX Designer
  • 1 PX Researcher
  • 1 Product Manager
  • 2 Developers

PROBLEM

Plenty of data but disconnected and unreflective of it’s current status.

Business

Detection and remediation technology is the center of our product purpose. Current state of experience impacted trust and customer value when retention was a business focus.

Separated workflows impacting visibility and auditing

Data in separate pages surfaced differently compounded user effort by constantly navigating back and forth for similar workflows while also increasing mental efforts to track data that did not carry over. The lack of real time tracking of the detection left users uncertain of their security and unable to audit accurately.

Unsupported action

Detection page was built as a log and did not support the most necessary straight forward action of Remediation from this view. Rather user’s were required to be on a different page entirely.

Detection page was a mixture of historical log and current state data causing confusion, redundant action and uncertainty for the user while impacting trust and value for the business.

Quarantine page was current state data adding to the confusion with user’s unable to differentiate Detection data and Quarantine data types.

SOLUTION to first user problem

No more separation: Unify and clarify the pertinent information.

I proposed a straightforward solution to bring these data sets into the same page, give them cohesion that matches user mental models while still trying to respect their difference in purpose.

SOLUTION to second user problem

Auditing made simple with visibility across the lifecycle of detections

I mapped all detection types and their possible states to present to the user a timeline of the detection for auditing and visibility.

SOLUTION to third user problem

Give users control to take action how and where they need it.

How the product had always worked got too familiar. I proposed an entirely different approach to remediation.

Remediation on the detection not the endpoint

Users should be able to perform remediation not just on the endpoint but also on the detections themselves

User control

I advocated for the need to granularly control remediation not only remediate the entire endpoint. Research found that many IT admins preferred to leave some detections over others on endpoints to avoid disruption.

Quarantine successfully initiated

You can visit the Tasks page to view and track the status of this command.

 

Note: The status will remain active until the endpoint agent processes the command.

Close

Go to Tasks page

OUTCOME

A consolidated and highly visible management center that simplifies tracking of complex detection lifecycles

Biggest impact

6%

Decrease in average active detections across environments

1 min 40 sec

Decrease in average time spend on Detection page views

Additional impact

Financial

  • Clear detection status and lifecycle reduced unnecessary repeat actions, lowering compute usage and support costs associated with redundant scans or escalations.
  • Detection Center became a compelling demo centerpiece rather than a defensive explanation for Sales team enabling them to leverage another converting point.

Operational

  • Reduced mean time to understand and respond to threats for internal Managed Security Service teams
  • Streamlined backend infrastructure reducing tech debt

Opportunity

  • Established a scalable detection lifecycle foundation that enables:
    • Automation and orchestration
    • AI-assisted triage
    • Clearer cross-signal correlation

Brand

  • Increased brand trust and reduced user anxiety by making systems more transparent reinforcing the brand promise of cybersecurity for every one.
  • Brand hardening with enhancements on proprietary remediation technology that Malwarebytes is known for

PROCESS DEPTH → Research

Research contribution

Prior research referencing

I revisited prior research that had been done. Personas and KYC initiatives had also recently been updated and revisited.

Current experience analysis

I identified where in the current experience there were user issues either foundational heuristics being broken or product specific improvements.

Gathered behavioral data

I reviewed Google Analytics + Pendo to answer questions about what users are doing and how they are doing it to try and understand why.

Current experience issues

What we know - Account metrics + Pendo funnels

PROCESS DEPTH → Research

Research contribution

JTBD Mapping

I mapped the JTBD to help clarify what users were actually trying to accomplish, allowing us to design solutions aligned to their real motivations and desired outcomes.

Detection metadata mapping

met with developers and our IT team to understand all of the possible detections and their corresponding data. After understanding our detections were identified as Categories then Types I mapped the different metadata that was unique to each to ensure the designed solutions were considerate of as many data difference possibilities.

PROCESS DEPTH → Design

Designing with stakeholders + Testing with users

Starting with the primary user flow

Designing went through many iterations in tandem with other operations during the project. We started with the primary user flow of remediating active detections followed by the remaining high level states of detections - Quarantine and Log

Refining into the narrow use cases

After our primary user flow and other views of data were clearly understood and aligned on we refined further into clarifying details of other use cases - single detection view, navigation, assignment, etc.

Putting it in front of users

With the support of the researcher on our team, I prototyped, she conducted and I observed and gathered notes on 8 usability sessions.

PROCESS DEPTH → Scoping

Challenges and Scoping

Stakeholder caution

My product partners were cautious about how we released this to customers and how they would react.

My development partners were hesitant on how to restructure the backend to the amount of effort.

Scoping definition

This resulted in a minimal scope for P1 even with clear definition of future states of the experience.

Decision Framework

Scoping definition

PROCESS DEPTH → Post Release

Project learnings

1st learning

Challenge

Stakeholder pushback + lack of involvement without understanding why

Result

Stalling project momentum and postponing release

Learning

While stakeholders were pushing back on how we solve this problem, it was really about misalignment on why we are solving this problem over others: prioritization misalignment.

2nd learning

Challenge

Much effort in designing and discussing detailed future state vision

Result

Out of scope work was never revisited

Learning

Business priorities can shift and quickly. Contribute in the discussions and stick with the direction.

RECAP

Project Learnings

1st learning

Challenge

Stakeholder pushback + lack of involvement without understanding why

Result

Stalling project momentum and postponing release

Learning

While stakeholders were pushing back on how we solve this problem, it was really about misalignment on why we are solving this problem over others: prioritization misalignment.

2nd learning

Challenge

Much effort in designing and discussing detailed future state vision

Result

Out of scope work was never revisited

Learning

Business priorities can shift and quickly. Contribute in the discussions and stick with the direction.