IBM BigFix Application
Collaborators
Haidy Perez-Francis (Design Executive)
Cameron Calder (Design Lead)
Jimmy Dyer (Designer)
This case study influenced enabling the discovery and correlation of endpoint information within QRadar to maintain fluid analysis from the IBM BigFix offering. I partnered with Cameron Calder to create an interactive visualization that gives IT professionals a complete picture of their endpoint security vulnerabilities within an organization.
Background
The BigFix App for QRadar was an opportunity to integrate valuable endpoint data across offerings. BigFix is an offering typically used by IT professionals to manage and patch endpoint security vulnerabilities within an organization. Security professionals, within a Security Operation Center (SOC), also need endpoint data to provide a more complete picture but often must reference several sources and point products to piece together the story. This app brings valuable endpoint attributes within context to more efficiently investigate incidents, understanding overall endpoint hygiene, and translate remediation tasks more effectively with IT.
The process
Our team needed to resolve how our users would consume BigFix’s endpoint data within QRadar. We were determined to understand a SOC worker’s existing workflow so we could pinpoint process opportunities, bridge gaps in their investigations, and understand how to best visually communicate the complex relationships the data offered. After the team ran a two-day Design Thinking workshop, we started exploring widely to translate leading concepts as prototypes so we could better communicate ideas during research sessions and with stakeholders. Through this project, we collaborated closely with offering management and the technical team. We worked from a shared hills-driven spreadsheet acting as an
The outcome
By putting our user’s voice at the forefront, we were able to deliver a visualization-based application enabling customers to take control of the data. From an operational view down to an investigative view, our users had actionable decisions within minutes instead of what previously could have been hours or days.
It’s very valuable because I will be able to see where are my pain points and where are the areas I need to focus. And it’s easy to extract if I have a healthy environment without having to go through many different consoles, websites, or extracting information in excel. I’m getting rid of all that manual stuff and have it all centralized in a very nice way.
— SOC Analyst
Data aligned with user needs
Our team used a shared spreadsheet to identify available data and map it to the Hill it addressed. This spreadsheet became the team’s central contract for alignment. Engineering knew what data to access, and we concurrently knew the data available with scenarios to design for. The natural instinct for the team was to widely explore how to create relationships with the data from this spread sheet.
Narrowing the field
Through research, audits, and iterations, two visualizations stood out from the crowd: a modified chord diagram and an alluvial diagram. We conducted specific user sessions to understand which of the contenders would best address endpoint data consumption. The designed alluvial won over the users with its capacity to provide context around the entirety of the endpoint data and ability to pivot on multiple points to glean insights
I’m a little impressed by the envy of having the data for a single endpoint but also giving the impression of “sister” endpoints.
— SOC Analyst
Solving for scale
The alluvial diagram is a valuable means for showing data relationships, but past a certain scale, the density of the data became illegible. This was problematic for consumption and performance. We collaborated with the Engineering team to address this. The solution we identified was to use additional data categorization. The result not only addressed the technical scale but also provided additional endpoint hygiene metrics and enabled further data pivoting opportunities.