Authors: Panos Sakkos, George Simos and Nikolaos Koukounakis.
In the constantly changing field of cybersecurity, the importance of strong security solutions cannot be overstated. Companies invest heavily in all aspects of security, ranging from firewalls all the way to Intrusion Detection Systems. However, in the midst of all these innovative technological fortifications, there’s a silent yet crucial aspect that often goes unnoticed, the User Experience (UX) of the products.
Imagine having the most potent security product in place, but its user interface is confusing, cluttered, and counterintuitive. What happens next? Users might struggle to configure security settings properly, misinterpret critical alerts, or even neglect crucial updates. Poor UX can easily become the root cause of:
In a domain that be definition is deeply technical, the ignorance of a non-so-technical aspect of it can deeply sabotage the purpose itself. In a nutshell, bad UX in security products can inadvertently create vulnerabilities rather than solving them.
Just like poor UX can be damaging for security products, exceptional UX design on the other hand can not only mitigate these issues but also enhance their effectiveness. Let’s take a closer look at how UX and security can synergise.
Panther has invested heavily in the Data Onboarding experience, since all data is security data and are essential both to Detection and Investigation use cases. Great UX flows are key to avoiding misconfigurations while onboarding the data, while they reduce the onboarding time and effort as well.
Users that were onboarding data from AWS S3, Panther’s most popular Data Transport, had to switch between the Panther and the AWS S3 web app in order to see the structure of their data. Moreover, accessing a file on AWS S3 in order to see a sample of the Raw Events, required to download the whole file, uncompress it and open it locally.
We recently introduced the S3 Tree View which simplifies the data onboarding of AWS S3 buckets, by displaying the bucket data in a Tree View structure, by grouping the S3 prefixes on the / character. Also, by selecting a data file in this view, a side-sheet will display a sample of its contents, in order to quickly make sure that the user is onboarding the right data. The primary objective of the S3 Tree View is to minimize the risk of misconfigurations during the onboarding process and to reduce the onboarding time and effort.
Customers had expressed the need to exclude data that have either no security value in specific use cases, or that their value was so low that the cost of ingesting them was not justified, given the budget restrictions they had.
In order to address this, we introduced Raw Event Filters, which are applied to Log Sources and operate at the Raw Event level. They support both regular expressions and free-text filters, allowing users to effectively filter out any desired data. When multiple filters are applied to a single Log Source, they are disjuncted, enabling complex filtering use-cases to be satisfied as well. We also added chips that guide the user in order to make filter creation intuitive and straightforward.
We didn’t stop at filter creation, we took it a step further and added support for testing the filter against live Raw Events. The users can select Raw Events directly from the side sheet, allowing them to test the filter against real live data.
Understanding the underlying data schema is crucial for effective Detection development and analysis. However, the YAML format used to represent the schema can be cumbersome for users, especially those who are not familiar with YAML syntax. Users had expressed their need for a more user-friendly and visually intuitive way to explore their data schemas.
To address this, we introduced the “YAML Schema Tree View” component. This feature provides a clear and structured representation of your data schema, with fields and indicators organized hierarchically. It allows for quick identification of data types associated with each schema element. Required fields are marked with asterisks to highlight critical data elements and simplify the identification process. For schemas with nested structures, the tree view presents nested fields in an intuitive and organized manner, making it easy to navigate even the most complex schema hierarchies.
While the “YAML Schema Tree View” is the default display, we understand that users may have different preferences or specific needs. Therefore, we have retained access to the original YAML view. Users can easily toggle between the original display and the Tree View.
In the critical realm of cybersecurity, the synergy between robust security features and strong user experience (UX) plays an essential role in determining the effectiveness of security solutions. As highlighted in Panther’s approach, innovations such as the S3 Tree View, Raw Event Filtering Chips, and the Schema Tree View underscore the importance of melding security with exceptional UX. These advancements simplify tasks like onboarding, configuration, and data analysis, ensuring that users can leverage their cybersecurity tools’ full power without unnecessary complexities. In essence, the future of cybersecurity isn’t just about cutting-edge algorithms and defenses, but also about creating tools that are intuitive and user-centric, as the best security measure is one that’s correctly implemented and consistently used. Panther’s dedication to this harmonious blend points to the evolving landscape of cybersecurity solutions.
