User Intelligence - Data Security Posture

User Intelligence - Data Security Posture

User Intelligence - Data Security Posture


User Intelligence enables enterprises to minimize data exposure risks by monitoring user access and activity on sensitive data.


I was the lead designer on this project working with a cross-functional research, product, and engineering team. Check out the main highlights of the design below. If you'd like to learn more, shoot me an email at anambhatia22@gmail.com




Context


Rubrik Security Cloud offers a comprehensive suite of applications designed for data backup and recovery, threat monitoring and investigation, and data security posture. The Data Security Posture application allows customers to identify sensitive data within their environments. Sensitive data includes any information that needs to be safeguarded because of its confidential nature, like personal, financial, or health data. Protecting this type of data is crucial to prevent security breaches and comply with legal and regulatory requirements.




Data Security Posture app accessed via the App Switcher dropdown on the Navbar.





Problem


While the existing Data Security Posture tool effectively identifies the type, location and volume of sensitive data in the environment, it falls short in revealing data exposure details such as who has access permissions to the data and what activities are being performed on the data. This gap in information is critical for GRC analysts and SOC admins to fully understand their organizations' data exposure, identify threat actors, and reduce overall security risk.




Original Data Security Posture app without User Intelligence.





Solution


To address the challenge, we integrated User Intelligence into Rubrik's Data Security Posture application. This enhancement, designed to provide insights into who can access sensitive data and how it is used, was informed by extensive research sessions with SOC admins and GRC analysts, who are the main personas for this tool. These discussions helped identify key use cases, shaping the User Intelligence functionality to meet their specific needs. Below, I have provided two use cases as examples:


Usecase 1 Investigate possible threats and accelerate incident response.


The new User Intelligence tab introduces capabilities for proactive threat investigation and rapid incident response through a series of strategically designed workflows:



Advanced Data Filtering Utilizing aggregation numbers at the top, one can intuitively filter and sort the user list based on various metrics. This functionality is highly effective for identifying dynamic trends in the environment, such as new users gaining access to sensitive data or users with increased activity on sensitive data. These filters enable proactive threat management and mitigation.







Efficient User Investigation The side navigation panel includes a searchable list that allows for quick and seamless investigation of individual users without leaving the current page, greatly enhancing the efficiency of the process. Additionally, users can customize this list by applying desired filters and aggregations, and then export the refined list for detailed analysis and further investigation.






Anomaly Detection through Interactive Widgets The user dashboard features interactive widgets that provide insights and trends into users' sensitive access and activity. These widgets are designed to highlight anomalies, enabling security teams to quickly spot irregular patterns and take decisive actions in response to security incidents. Additionally, customers can click through from the widgets to access detailed, filtered list pages for more thorough investigations.






Usecase 2 Ensure users don't have unqualified access to sensitive data.


The new Insights panel helps mitigate data exposure risk and ensures legitimacy of access to sensitive data through a series of strategically designed features:



Intelligent Access Monitoring The Insights panel on the main dashboard provides clear and concise textual insights tracking modifications in users' access permissions on sensitive data. It allows customers to quickly grasp what permissions have been altered without needing to engage in a deep dive into the data. By clicking on links on the insight, one is directed to the User Intelligence page where the list is already pre-filtered to display users affected by the access changes. This enables customers to swiftly investigate and assess the validity of these changes.







Investigation and Resolution If an access modification is deemed unqualified or if it's uncertain, customers can directly create a ticket for further investigation right from the Rubrik UI. The ticket creation form is pre-populated with details from the insight and includes file attachments for added context. Users simply need to click "Create" to open the ticket in the integrated ticketing platform, ensuring a seamless workflow from detection to resolution.








Conclusion


This project benefited greatly from the collaboration with subject matter experts and researchers, who provided critical insights to help understand the use cases and personas better. We encountered significant design/product challenges as the project involved integrating the new User Intelligence functionality as an add-on to the existing Data Security Posture framework. The constraints of enhancing an established UI required precise, creative design strategies to ensure the update was seamless and user-friendly.


This feature is now a key component of the all new 'Proactive Edition' — a new addition to Rubrik's suite of offerings, aimed at driving growth and expansion among both new and existing customers.



User Intelligence enables enterprises to minimize data exposure risks by monitoring user access and activity on sensitive data.


I was the lead designer on this project working with a cross-functional research, product, and engineering team. Check out the main highlights of the design below. If you'd like to learn more, shoot me an email at anambhatia22@gmail.com




Context


Rubrik Security Cloud offers a comprehensive suite of applications designed for data backup and recovery, threat monitoring and investigation, and data security posture. The Data Security Posture application allows customers to identify sensitive data within their environments. Sensitive data includes any information that needs to be safeguarded because of its confidential nature, like personal, financial, or health data. Protecting this type of data is crucial to prevent security breaches and comply with legal and regulatory requirements.




Data Security Posture app accessed via the App Switcher dropdown on the Navbar.





Problem


While the existing Data Security Posture tool effectively identifies the type, location and volume of sensitive data in the environment, it falls short in revealing data exposure details such as who has access permissions to the data and what activities are being performed on the data. This gap in information is critical for GRC analysts and SOC admins to fully understand their organizations' data exposure, identify threat actors, and reduce overall security risk.




Original Data Security Posture app without User Intelligence.





Solution


To address the challenge, we integrated User Intelligence into Rubrik's Data Security Posture application. This enhancement, designed to provide insights into who can access sensitive data and how it is used, was informed by extensive research sessions with SOC admins and GRC analysts, who are the main personas for this tool. These discussions helped identify key use cases, shaping the User Intelligence functionality to meet their specific needs. Below, I have provided two use cases as examples:


Usecase 1 Investigate possible threats and accelerate incident response.


The new User Intelligence tab introduces capabilities for proactive threat investigation and rapid incident response through a series of strategically designed workflows:



Advanced Data Filtering Utilizing aggregation numbers at the top, one can intuitively filter and sort the user list based on various metrics. This functionality is highly effective for identifying dynamic trends in the environment, such as new users gaining access to sensitive data or users with increased activity on sensitive data. These filters enable proactive threat management and mitigation.







Efficient User Investigation The side navigation panel includes a searchable list that allows for quick and seamless investigation of individual users without leaving the current page, greatly enhancing the efficiency of the process. Additionally, users can customize this list by applying desired filters and aggregations, and then export the refined list for detailed analysis and further investigation.






Anomaly Detection through Interactive Widgets The user dashboard features interactive widgets that provide insights and trends into users' sensitive access and activity. These widgets are designed to highlight anomalies, enabling security teams to quickly spot irregular patterns and take decisive actions in response to security incidents. Additionally, customers can click through from the widgets to access detailed, filtered list pages for more thorough investigations.






Usecase 2 Ensure users don't have unqualified access to sensitive data.


The new Insights panel helps mitigate data exposure risk and ensures legitimacy of access to sensitive data through a series of strategically designed features:



Intelligent Access Monitoring The Insights panel on the main dashboard provides clear and concise textual insights tracking modifications in users' access permissions on sensitive data. It allows customers to quickly grasp what permissions have been altered without needing to engage in a deep dive into the data. By clicking on links on the insight, one is directed to the User Intelligence page where the list is already pre-filtered to display users affected by the access changes. This enables customers to swiftly investigate and assess the validity of these changes.







Investigation and Resolution If an access modification is deemed unqualified or if it's uncertain, customers can directly create a ticket for further investigation right from the Rubrik UI. The ticket creation form is pre-populated with details from the insight and includes file attachments for added context. Users simply need to click "Create" to open the ticket in the integrated ticketing platform, ensuring a seamless workflow from detection to resolution.








Conclusion


This project benefited greatly from the collaboration with subject matter experts and researchers, who provided critical insights to help understand the use cases and personas better. We encountered significant design/product challenges as the project involved integrating the new User Intelligence functionality as an add-on to the existing Data Security Posture framework. The constraints of enhancing an established UI required precise, creative design strategies to ensure the update was seamless and user-friendly.


This feature is now a key component of the all new 'Proactive Edition' — a new addition to Rubrik's suite of offerings, aimed at driving growth and expansion among both new and existing customers.



User Intelligence enables enterprises to minimize data exposure risks by monitoring user access and activity on sensitive data.


I was the lead designer on this project working with a cross-functional research, product, and engineering team. Check out the main highlights of the design below. If you'd like to learn more, shoot me an email at anambhatia22@gmail.com




Context


Rubrik Security Cloud offers a comprehensive suite of applications designed for data backup and recovery, threat monitoring and investigation, and data security posture. The Data Security Posture application allows customers to identify sensitive data within their environments. Sensitive data includes any information that needs to be safeguarded because of its confidential nature, like personal, financial, or health data. Protecting this type of data is crucial to prevent security breaches and comply with legal and regulatory requirements.




Data Security Posture app accessed via the App Switcher dropdown on the Navbar.





Problem


While the existing Data Security Posture tool effectively identifies the type, location and volume of sensitive data in the environment, it falls short in revealing data exposure details such as who has access permissions to the data and what activities are being performed on the data. This gap in information is critical for GRC analysts and SOC admins to fully understand their organizations' data exposure, identify threat actors, and reduce overall security risk.




Original Data Security Posture app without User Intelligence.





Solution


To address the challenge, we integrated User Intelligence into Rubrik's Data Security Posture application. This enhancement, designed to provide insights into who can access sensitive data and how it is used, was informed by extensive research sessions with SOC admins and GRC analysts, who are the main personas for this tool. These discussions helped identify key use cases, shaping the User Intelligence functionality to meet their specific needs. Below, I have provided two use cases as examples:


Usecase 1 Investigate possible threats and accelerate incident response.


The new User Intelligence tab introduces capabilities for proactive threat investigation and rapid incident response through a series of strategically designed workflows:



Advanced Data Filtering Utilizing aggregation numbers at the top, one can intuitively filter and sort the user list based on various metrics. This functionality is highly effective for identifying dynamic trends in the environment, such as new users gaining access to sensitive data or users with increased activity on sensitive data. These filters enable proactive threat management and mitigation.







Efficient User Investigation The side navigation panel includes a searchable list that allows for quick and seamless investigation of individual users without leaving the current page, greatly enhancing the efficiency of the process. Additionally, users can customize this list by applying desired filters and aggregations, and then export the refined list for detailed analysis and further investigation.






Anomaly Detection through Interactive Widgets The user dashboard features interactive widgets that provide insights and trends into users' sensitive access and activity. These widgets are designed to highlight anomalies, enabling security teams to quickly spot irregular patterns and take decisive actions in response to security incidents. Additionally, customers can click through from the widgets to access detailed, filtered list pages for more thorough investigations.






Usecase 2 Ensure users don't have unqualified access to sensitive data.


The new Insights panel helps mitigate data exposure risk and ensures legitimacy of access to sensitive data through a series of strategically designed features:



Intelligent Access Monitoring The Insights panel on the main dashboard provides clear and concise textual insights tracking modifications in users' access permissions on sensitive data. It allows customers to quickly grasp what permissions have been altered without needing to engage in a deep dive into the data. By clicking on links on the insight, one is directed to the User Intelligence page where the list is already pre-filtered to display users affected by the access changes. This enables customers to swiftly investigate and assess the validity of these changes.







Investigation and Resolution If an access modification is deemed unqualified or if it's uncertain, customers can directly create a ticket for further investigation right from the Rubrik UI. The ticket creation form is pre-populated with details from the insight and includes file attachments for added context. Users simply need to click "Create" to open the ticket in the integrated ticketing platform, ensuring a seamless workflow from detection to resolution.








Conclusion


This project benefited greatly from the collaboration with subject matter experts and researchers, who provided critical insights to help understand the use cases and personas better. We encountered significant design/product challenges as the project involved integrating the new User Intelligence functionality as an add-on to the existing Data Security Posture framework. The constraints of enhancing an established UI required precise, creative design strategies to ensure the update was seamless and user-friendly.


This feature is now a key component of the all new 'Proactive Edition' — a new addition to Rubrik's suite of offerings, aimed at driving growth and expansion among both new and existing customers.


© Anam Bhatia 2024

© Anam Bhatia 2024