Laura The Designer
Vulns.png

Expel

Expel Vulnerability Prioritization

The Product

Expel Workbench™ is the 24x7 managed detection and repsonse platform where customers and the Security Operations Center (SOC) team can detect, investigate and remediate risks before they become incidents with full transparency along the way. Expel Workbench™ also offers phishing, threat hunting and vulnerability prioritization.

While at Expel I worked on two teams threat hunting and vulnerability prioritization (VP). I started on threat hunting while I got my feet wet learning cybersecurity and was soon added to the vulnerbility prioritization team. VP was a high profile project within the company and was a massive undertaking. Through competitive analysis and user research of current customers, the number one problem to solve for was how to prioritize the prioritized vulnerabilities. There could be so much information and noise, how do you narrow it down?

 

Competitive Analysis and User Research

A new project in scope means a vast amount of research and understanding needs to happen to have full understanding of the project or problem. Reading and analyzing the competitive analysis from marketing was a good starting point. I then reached out to stakeholders to confirm our top five competitors and began to research them and create a spreadsheet of comparable features. I scoured the internet in search of demos, product screen shots, you tube videos and investigating the company websites to see what visuals and product features that already existed. We would also be ingesting our vulnerability data from existing scanners, so using an existing product to poke around and use an existing product was invaluable to help me learn about a new space.

Sending out a quick email survey to some of our existing customers helped gauge important key feaures we would want to include as we built our vulnerability product. Getting about a 20% return on response was very exciting! I also created a detailed script and reached out to 5 customers who expressed interest in having a vulnerability management product as part of their Expel product experience. Uncovering what their major paint points and struggles where with their current service, the most important goal they had with having a vulnerability product and who was all involved in addressing patches and fixing vulnerabilities was just the begining of the questions I was out to answer.

 

Idenitfying the problem and our focus

The direction we started with was to add vulnerability mangement to our product to increase more sales deals for MDR. With such an large problem space of adding vulnerability management to our existing product and minimal direction from stakeholers, we had to take all the things we knew to be customer problems and organize and prioritize them. Product management, engineering and myself collaborated for hours. We identified all the problems and painpoints we had gathered from our customer survey as well as feedback from user interview sessions. We then organized all that information into major buckets and identified which areas were largest and would being the most value to addressing customers needs. By the end of the workshop, our focus became how to prioritize a few vulnerabilities to fix out of hundreds of thousands.

 

Wireframing begins

Having completed a heauritistic evalutaion and working with the stakeholders and product team, we decide what is priority to work on first. The Enterprise platform was top priority and I began a complete redesign of the existing product. It is truly exciting to have the opportunity to redesign a product to make all necessary enhancements and users flows. Taking a prodcut that was built by engineers and developers, this was a huge undertaking to redesign. The team was amazing and we worked well together to implement new concepts and establish new processes.

All vulnerabilities list view

Jumping into design too quickly with final design assets can lead you to solutioning too quickly. Reusing existing design patterns was an excellent path, but taking a step back and hand sketching is always a great way to ideate and think of different possibilites.

Details view of a vulnerabity

So much information to include and where do we want to help drive the user to discovering the biggest reason for risk and why? This was a very iterative process and evolved greatly over time.

 

PRODUCT FEATURES

  • Allow user to connect with their own tech. VP integrates with the customers existing Tenable or Rapid7 scanner to understand their vulnerability landscape; no need to set up new technology, no lengthy onboarding.

  • Customers can improve their visibility and decision-making. They receive investigation support, prescriptive guidance, and shareable reports to ensure stakeholder alignment. With our MDR as an added input, we inform them of real-world exploits that their scanner hasn’t identified yet.

  • Users improve their threat detection and response with clear traceability across their environment with context on which machines are impacted and which are at risk.

  • Dedicated vulnerability prioritation analyst who helps detect and add vulnerabilities to the customers individually curated Expel Prioritized list of vulnerabilities.

 

High Fidelity Mocks