For some reason, elephants often figure in our conversations: “see different parts of the elephant,” “memory like an elephant,” and now “eat an elephant.” This phrase, definitely meant as an analogy, expresses the long, enormous and daunting task that our development team faced in reimagining the user experience in our SIEM McAfee Enterprise Security Manager (ESM) solution. To be successful, they needed a vision, strategy and plan.

The new user interface of ESM 10.0 has been designed to reduce cognitive stress, providing content in context as the user performs tasks
First, a vision. In recent years, driven by increasingly complex incidents, the mantra of security operations has shifted to real-time analysis along with individual and team efficiency. Innumerable research studies document the scarcity of security analysts and researchers. Time clearly needed to be part of the vision.

But for the user experience team, productivity is not just about the elapsed time. It also includes the cognitive workload that can subtly wear down and exhaust the analyst. You probably experience a cognitive overload today. He walks from the kitchen to the bedroom and remains standing wondering why he entered. This is true when we move between physical rooms, and it is true when we move between virtual rooms, as in a video game or user interface. In this change of context, it turns out that we have 2-3 times more chance of forgetting. And it worsens This lapse of memory is aggravated if you have a lack of sleep or excessive stress, such as new parents, air traffic controllers and security analysts.

Once we reach our cognitive threshold, we only have emotions to recur. Then the typical analyst has defective memory and frustration. This combination makes security decisions deficient. That’s why we design “high context” user interfaces. We look for a room with all the relevant data so that the analyst can focus on making good decisions.

From a design perspective, here are some specific workload cognitive tests:

The burden of “data fragmentation”: how much data does the user have to keep in his memory when he changes screens, modes and tasks, or does he keep a series of tasks?
The load of “navigation”: How many times does the user go through the screens and the workflows up and down in the fulfillment of a task?
The “numbing factor of the mind”: How many times should that task be repeated per hour / day / week?
The “clutter” factor: how much data is displayed all at once? How difficult is it to identify and navigate relationships?
Instead of simply observing a faster operation of the same processes, we wanted to reduce the cognitive load of the user, to keep them as effective as possible during as many hours of their day as possible. This “save time, save mental energy” approach formed the core of our vision. Our logic was this: anything we could do to improve their productivity and improve concentration would bear fruit with the speed of the results, the analyst’s ability and the quality of life for them and their management team.

mcafee activate

This illustrates the complexity of SIEM, which shows the first and second level nodes in the ESM 9.X user interface.
Then, a strategy. As the epicenter of security operations, a SIEM is a complex animal, and the user interface and user design can mask or multiply this complexity. The graphic gives you an idea of ​​the scope of this effort, the first and second level nodes in the ESM 9.X user interface. Each node has multiple screens below it.

There is a lot to do, clearly, but where could we better affect the past tense? After dozens of site visits and intensive and interactive interviews, we discovered that more than half of the users were security operations and another 29% were infrastructure operations. Given these daily jobs, most of the user’s time is used in analysis and research.

In the second part of this series, we will continue the journey of the user experience with the ESX 10.0 UX design team as they develop the plan for the new ESM 10.0 solution.