Laura The Designer
hunting.png

Expel Threat Hunting

Expel Threat Hunting

The Product

Expel Workbench™ is the 24x7 managed detection and repsonse platform where customers and the Security Operations Center (SOC) team can detect, investigate and remediate risks before they become incidents with full transparency along the way. Expel Workbench™ also offers phishing, threat hunting and vulnerability prioritization.

I first joined the hunting team when working at Expel. Hunting had been an engineering first initiative and I was the first designer to step in on this product. Threat hunting was availble for a few years, but lacked a presence in the product for customers to interact with. Most recently we made hude strides towards taking the product from a single report to offering more of a self service UI. We first started by getting all of the hunts we offer to our customers in the product. With limited time from limited resources, having only 1 developer, it was challenging to bring the threat hunting value to fruition.

 

Service blue printing to bring alignment to the team

By creating a service blueprint of the existing hunting process I was able to clearly identify all the current processes, bring alignment to the feature team, and begin to identify any pain points we had internally as we try to scale our product. It brought awareness to the product team as to how many manual processes we had operating in engineering. We also knew that a PDF being emailed to the client followed up by a phone call with an engagement manager was not an experience we wanted to continue. This helped me identify that bringing the hunting catalog pdf selection into Expel Workbench™ was the next step to take.

 

User research

I find it hard to show user research in a portfolio, but it is the most valuable piece of the puzzle. At Expel, user research become the most important part of my process to find out what our customers needed to make them feel secure and that their risk was being reduced with our product. Before creating any big feature, I interviewed a minimum of four customers, five being my target number. I would have a huntch on what changes to make or have ideas on what a new dashboard might look like, so I would try to get the most of my time with customers as they were generously donating their time to help us.

I would have two parts to my interviews, the first part some general questions about their specific role at their comapny. Then finding out what they value about the product or spefici feature I was trying to learn more about. As the second part, I would create mock ups or a protoype for them to test out and give feedback on. This was always an exciting part of the process as it would either confirm or deny the solution and how easy it was to use.

 

Ideating and hand sketching

Trying to improve the product and making threat hunting more self service lead to a snow ball of ideas. We went down the path of including a risk profile, how you compare to others in your industry, and creating an overall risk score. These were fantastic ideas that customers would definitely find of value, but we also had limitations with only one engineer. We realized we needed to scale down our first initititive and focused on bringing the hunting catalogue into the UI.

 

Wireframes

Low fidelity mock ups to convey ideas. It looks like a simple page, but in reality it takes a roadmap, planning, a ton of commnication and a team of developers to make this come to life.

 

Final Designs

Bringing the sketching, ideating, user research to life. Making this a more self-serve product, creating a menu for users to select what hunts they wanted to run each month was a huge step in bringing a visual to the product that the customers and our sales team could see. It was the first step in creating the bridge from a mythical process that happened behind the scenes, to actually seeing choices, what function they served and some of the customer data inside the details pop up to help them make a decision if that was a deeper investigation they wanted to pursue.