Why User Experience is as important as Machine Learning Models — yes, even in CyberSecurity

Written by: RANK Software  |  December 20, 2016

A lot is being done and written about the role of Machine Learning and Artificial Intelligence in developing effective Cybersecurity solutions. However, the critical role that User Experience plays in driving a faster response is underplayed and underappreciated.

Some of the Security teams we have talked to have asked us about Administrative / Control Panel in leveraging Next Generation Security Analytics, which sort of threw us off. In the world of Siri (Apple), Alexa (Amazon), Cortana (Microsoft) and Google Assistant (Google), which act as a Virtual Assistant to our every day tasks, the thought of Control Panel driven access was not what we were expecting. Deeper discussions made us realize that while most people expect great user experience in consumer products, the moment they step inside their office, they start thinking on lines of tools rather than applications. So a normal scenario for personal vs enterprise usage is

· instant messaging for personal use and emails for work (Slack & others are trying to change that !)

· Personal — Siri (or others) to ask for directions or latest score or weather; Enterprise — multiple clicks on an intranet portal & long queries to find out the relevant information inside corporate databases

In one case, we saw a Security Analyst having 11 different browser tabs open in his screen, copying and pasting information from one to another, try to make sense of all that and attempt to focus on the security vulnerability. Really !! My only question after seeing that was “How is this going to drive a Rapid Response ?”. What we saw was reverse of the ideal time that Security teams should spend

Fixing a current problem, Hunting for new vulnerabilities > Analysis > Data Collection

Why User Experience is really important for Cybersecurity

It’s all about Real time Detection and Rapid Response

· Imagine a situation where the technology solution detected the problem but buried it deep inside some report so by the time you got to the report, the systems have been hacked. What good is that detection?

· Even after knowing you have a problem, effective decision requires knowing the right history — what happened before, during and after these attacks. One also needs to know if there had been lateral movement of the attack i.e. if others inside the organization have been impacted as well

· In general, any security team will have ~20% real experts, 40% knowledgeable analysts and 40% high potential analysts. Any user experience that ignores 80% of non-experts is going to be dead on arrival

In line with our endeavor to be the Virtual Assistant for Security Analysts, we at Rank are passionately focused on making things EASY — easy to setup, easy to use and easy to scale.


1- Our Network graph provides an intuitive, easy to absorb and act user interface to know what all ones needs to know about any security event

2-Timeline view provides an easy to understand historical information plus comparison to peers across multiple parameters

3- Asset level Risk score clearly calls out high Risk machines and users inside the network to answer the fundamental question bothering Security teams

In reality, in a High Velocity, Real time environment some of the graphs are not easy to create. In our next blog, we will go into a bit more details on how RANK overcomes those roadblocks to provide while Easy to Use visualization that really helps drive Actionable Intelligence. Stay tuned!