Keeping an organization secure is no easy task, especially with the explosion in cloud adoption and digital transformation against a backdrop of increasingly dangerous threats and threat actors. We can all recite the challenges that security teams struggle with — too many solutions, not enough people, not enough visibility. With the average organization deploying 25 point security solutions, it’s no wonder why 91 percent of security professionals express security complexity concerns.

When onboarding new securities operation center (SOC) capabilities, teams are often faced with having to balance ease of use with functionality. While this dynamic has been present in the security market for years, advances in user interface design have shifted the paradigm such that teams can now have the best of both worlds in terms of capabilities and usability.


A Swiss Army Knife

Security is a function that relies, more than anything else, on visibility. As the saying goes “…if I can’t see it, I can’t secure it.” Before SOCs even came into existence, IT teams were purchasing point solutions with a complete lack of integration and consistent workflows across tools. This made detecting and responding to threats extremely difficult as the proliferation of tools had compounded for years. In 2005, Gartner coined the term security information and event management (SIEM) which ushered in a new wave of platform and aggregation capabilities to solve for some of this complexity. While initially designed as checkboxes for compliance mandates, SIEM evolved into an organization’s hub for security operations with more than 70 percent of SOCs running on SIEM.


As the years went on, SIEM vendors added new capabilities that extended into adjacent areas such as vulnerability management, risk management, and network monitoring, while adding advanced analytics for user behavioral modeling and artificial intelligence. But with those new capabilities, complexity crept back in. As happens with Swiss Army knives, teams now had 50 tools in one place. However, they were lacking in meaningful workflows to help them use all of the capabilities to their fullest extent. If you needed a can opener, chances were it was in your pocket. You just had to know that it existed, which pocket it was in, how to unfold the tool, and how to use it. Learning to use all of the tools together created a high barrier of entry to new members of the team.


Demands of Modern Security Tools

In recent years, demands on security teams have grown exponentially, and, as a result, those teams are expecting their tools to evolve to keep pace. Vendors needed to take a holistic look at whether they were able to provide the perfect mix of functionality and usability. That represented a fundamental shift in thinking for design teams, which certainly was the case for our team at IBM.


For a long time, vendors designed their products for highly technical power users. Power users — who are well versed in networking, security, and the language of cybersecurity — don’t want to spend months learning to extract maximum value. Their expertise lies in understanding how breaches occur, identifying the root cause, and taking corrective action, not in tool administration. They demand effortless, integrated tools that don’t require weeks or months to learn and that provide the same level of depth in a more consumable fashion. Additionally, as teams grew over time, they needed to train new employees on how to use their collection of tools, which is difficult if tool features and their uses are not documented. Long story short, security tool users don’t want tools that stand in the way of doing the mission-critical work they’re tasked with.


Flattening The Learning Curve

At IBM, we knew we needed to design products that flatten the learning curve for new users. Our clients need tools that make them effective on day one while enabling a path for them to become power users. We needed to shift our thinking by focusing on how to unlock the power of our industry-leading capabilities while allowing users to start getting productive use in hours and days vs. weeks. As with a Swiss Army knife, our products had so many features that were incredibly powerful if only you knew how to use them. Our new mission was to bring the power of QRadar to the analyst in a way that enables the analyst to be more productive and effective than ever.


User-Led Design

Over the last 12 months, we went back to the drawing board, bringing in world-class user research teams to help understand where the complexity was being created. Most importantly, we talked with dozens of clients and security analysts (thank you for your help, you know who you are!). In that process, we uncovered numerous pain points and areas of friction tied to performance and disconnected workflows. Armed with the qualitative and quantitative data, we engaged IBM Design to apply design thinking and ensure we meet and exceed standards for consumability and accessibility.


We used the following key tactics from Enterprise Design Thinking to maintain alignment across our users and offering teams:
  • Hills: These are concise statements around the goals we aim to help our users accomplish.
  • Playbacks: These are regular check-ins that bring users, stakeholders, and teams together.
  • Sponsor Users: These are real-world clients who provided us with feedback to make sure we’re designing and building exactly what they need and nothing less.
As part of the design process, we applied the following user design principles:
  • Designing for users and their tasks: The goal was to design the product to assist users in performing their daily tasks and workflows, and to provide a way to accomplish the same end goals users currently focus on, with a streamlined journey to get there.
  • Using consistent design language: Unified and consistent frameworks make it easier for users to understand how to access functionality across the user interface.
  • Reducing cognitive strain: The goal was to make the users’ experience with the product feel natural, and to ensure users know what the next step is and how to get there without unnecessary complexity.
  • Maintaining context: Users shouldn’t be expected to remember information from screen to screen (IP addresses, etc). The goal is to surface the relevant information and make it accessible within one click.
Using our open-source design system, IBM Carbon, our development team went to work to unify the experiences throughout not only QRadar but all IBM Security products. By standardizing on a uniform design language, we ensured that UI elements like menus, slideouts, theming, and buttons will all act and feel the same across the range of products. In this sense, we are beginning down the path of unified experiences that you can now experience in both IBM Security QRadar Analyst Workflow, as well as IBM Cloud Pak for Security.


QRadar Analyst Workflow is a total reimagining of the QRadar experience for the security analyst that applies the principles discussed above. QRadar Analyst Workflow is a modern UI that leverages the underlying power of QRadar that is entirely built around the analyst’s core workflow in triaging and investigating potential threats.


Where We’re Going

So, what’s next? No product is ever perfect. We’re embarking on an exciting new chapter in the future of QRadar. Our goal is to apply the same agile principles from design to the release cycle to continually provide new and fresh experiences at a rapid pace. Packaged as an app on the IBM Security App Exchange, QRadar Analyst Workflow will receive regular updates in the coming months as we provide additional integrations with other offerings such as User Behavior Analytics (UBA), network flows, and QRadar Advisor with Watson. The future of QRadar is finally here and we’re excited that you’re a part of it.

Learn more in the on-demand webinar: QRadar Analyst Workflow – Modernizing the security detection and investigation experience

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…