Prod Shot_hi res.png

RAPID 7 - KOMAND: CASE MANAGEMENT FEATURE

 
 
 
 
KOMAND_box.png
 
 
 

ENGAGEMENT OBJECTIVE:

The goal of this project was to create a robust case management interface for Rapid 7’s Komand cyber-security orchestration and automation platform. We were given three weeks to analyze existing user research and determine what elements would optimize both a low-level analyst and a mid level manager’s ability to coordinate with team members, analyze team trends, and move seamlessly through security investigations. We were tasked with delivering a prototype for a mid-fi case management interface that would seamlessly merge with the existing product.

 

 
 
Komand_product shot.png
 
 

CHALLENGE/PROBLEM:

The Komand product is strong, in large part because of its capacity for customization, but this can be a real limitation for new users: junior first-time analysts. At present, a case management tool would need to be built through the existing software, which is very difficult for companies that don’t have the time or resources to do this well. Our challenge was to create a default case management tool (more specifically an “incident investigation” management tool) that would both aid and facilitate best practices for new analysts, and optimize usability for a teams' most experienced analysts.

 
 
 
 
 
 

APPROACH:

Our top priorities were understanding the mindset of the user, and using those insights to create a product that would be tailored and innovative. Given the tight time constraints, we developed a project timeline that allocated nearly half our time on user research analysis, industry research, expert interviews, competitor analysis, and UI analysis. We then scheduled the second half of the project timeline for rapid ideation, sketching, testing, and the product story.

 
 
r7_working.png
 
 

RESEARCH AND IDEATION:

Research was a real challenge. Project timing resulted in our client counterparts being slammed  with another demanding project, and we struggled to interpret the limited user research we were initially handed. Realizing we were struggling and in order to not lose too much time, we chose to fill in our gaps with high-level expert interviews that we were able to secure quickly (we’d unsuccessfully sought out last minute junior analyst interviewees). Additionally, I developed a few exercises to tease as many meaningful insights out of the affinity map and personas we were provided. I created a system for analyzing the research notes that would rank their pain points based on the impact on the their most important tasks. This helped guide our design focus. But our most fruitful research was our competitive and UI analysis, which helped us build a foundation for layout and functionality best practices, and assess where there was space to innovate.

 

 
komand_competitors.png
 
 

SKETCHING:

Our first step with sketching was a short design studio. Considering we all had comparable exposure to the research, we decided we wouldn’t talk about our ideas or specific interpretations from the research, and rather run with the design and layout we each had percolating. After, we shared and defended our sketches and then requested client feedback on our top designs, built consensus and finalized an initial design. We next discussed different user flows, quickly mapped out the design’s component parts, further details, and digitized our design.

 
 
sketches.png
 
 

TOOLS DECISIONS AND DESIGN:

I began digitizing our core assets in Sketch, as per client request and my own preference. Though the Rapid 7 team had requested delivery via an Invision prototype, when the feature design became clearer we felt we could optimize the prototype’s interactions in Axure RP, and discussed changing the delivery format. Our experience with Axure’s capacity for micro interactions was much stronger, and though we were concerned about interrupting or complicating the client’s workflow, they ultimately agreed on changing the delivery format.

 
 
3.png
 
 

THE FINAL DESIGN:

Our Komand case management feature landed on balancing essential analyst features, new features identified in our research phase, and an emphasis on multiple forms of data processing and visualization. We developed a previously non-existent in-investigation messaging box that doubles as a pin-up board for urgent and essential messages for everyone working in the investigation. Analysts had struggled with sifting through overwhelming amounts of data, and our design focuses on the ability to quickly identify, visually, different types of incidents and tasks, and the ability to filter and color code groups of data. The left side panel contains a checklist, the core feature meant to guide and facilitate best practices in new and inexperienced analysts. Our final design aims to optimize the workflow for neophyte analysts and the most experienced analysts who want to move more intuitively through an investigation, and not waste time on low-value minutia.

 
 
 
 
 
 

COMMUNICATING THE DESIGN/PITCHING:

When we were planning to present this feature, we knew we’d be pitching to multiple stakeholders with varying familiarity with cybersecurity and the Komand product. I led the presentation design, where we aimed to both contextualize the need for the product, the strength of our design conclusion and implementation, and build a narrative that would be broadly relatable and compelling. So we brought it down to the simplest question, what do you need to do to be successful in cybersecurity incident response? We concluded that you need the capacity to see and process a lot of information, curious detective instincts, and a prescient understanding of cybercrime. So we developed an informative, and sometimes tongue-in-cheek motif around our tool that empowers analysts to channel their inner Sherlock Holmes, and ultimately reveals the case management feature as a loyal, tireless facilitator of our best detective instincts, your own Dr Watson.

 
 
watson_2.png
 
 

PRODUCT OUTCOMES:

We presented and delivered this Komand feature prototype in late May 2018. Komand is updating and modifying many components of it’s software (in part due to a continuous alignment with Rapid 7 after a 2017 merger), and the case management feature is intended to be integrated into the product offering by late 2018.

 
 
 
 
 
 

CHALLENGES/REFLECTIONS:

As they say in The Best Exotic Marigold Hotel, “It all works out in the end. And if it hasn’t worked out, it’s not the end.” In the end, this all worked out, in that it brought real value to the next team that will be refining it and taking it to launch, and brought immense growth insights for my work moving forward. In terms of project management, I realized the importance of facilitating more discussions around team member strengths, and better coordinating task sequencing. I felt some tasks were redundant or not well allocated, and given the tight time frame, I know we could’ve done a better job of optimizing all our talents and abilities at the right times. One takeaway was better aligning workflows and internal handoffs. The nature of the client relationship and engagement also minimized our capacity to test and reframe the problem, develop robust user flows, and robust target user testing. Given our reality, I feel testing and reframing the problem would’ve been difficult under the best of circumstances, but more user flows and user testing were very achievable and real misses on our part. I feel our struggle with accessing or generating in depth user research hampered our ability to develop confident and informed user flows. Given those limitations (and lack of access to junior analysts), I’d like to explore new methods for gaining user insights under such constraints. Though I feel a real excitement in exploring process solutions to challenging circumstances, this project really strengthened my conviction to do everything in my power to have a very close working relationship with the lead researcher, if they're not already embedded on the team.