SonicWall's endpoint security platform CaptureClient helps security administrators detect, analyze and mitigate threats on endpoints to avoid compromising an organization's network and data. SonicWall approached us because they were receiving a large volume of customer support tickets for Capture Client. We redesigned their endpoint security platform - CaptureClient, to improve navigation, scalability, and efficiency.
- 21% decrease in number of customer tickets related to policy configuration.
After conducting user research and understanding their product, we found three significant problems.
Our interviews with new users of the CaptureClient application revealed that the top labels in the navigation were not intuitive enough and users had to open all the tabs to know what they would find there. Therefore we eliminated the individual sub pages in the left navigation to directly showed the pages upfront for efficiency and clarity.
Instead of an architecture based on the type of function users wanted to perform we redesigned it to an architecture based on the items itself. The existing information architecture also had too many segregated parts with items that had the same function. For example, configuration of exclusions, blacklists and device control is the same as setting a security policy in place. Therefore the items in the security policies group and the configuration group should fall under the same category of policy configuration. Threat detection and monitoring being one of the main tasks for security analysts, I moved threats to a main navigation item for users to get to more quickly.
Most security policies applied to the tenant do not change for device groups and user groups. It is only in the edge case scenario where security analysts change the security settings for a particular group of devices or users based on special requests. We, therefore, introduced an inheritance on and off feature. To edit a policy for a user group, the security analyst would only have to select the user group from the scope, select the policy to be changed, turn inheritance off and update the policy. This user-first approach reduced seven unnecessary steps to update a policy compared to the previous user flow.
This project utilized User Centered design (UCD) process which consisted of the following phases
We started our journey by first understanding SonicWall's business goals with regards to CaptureClient.
Achieve NPS score of 4.5 (out of 5) in respect to customer satisfaction
Decrease dependency of customer support tickets by 90%
Increase user adoption of CaptureClient
UI alignment with their current design system
We also did an expert review and competitor analysis purely based on basic UX and UI principles before we started with user research interviews.
We conducted 1:1 interviews with our target users in the following steps
To recruit the right kind of users for research and usability testing
Crafting questionnaire based on user research goals
The responses collected were summarized into a detailed user persona and insights document
Our research goals were -
We documented our research findings into two personas - Security Analyst and Security Administrator.
Top down propagation of exclusions and all other security policies would greatly reduce the deployment time as changing policies specific to a device is not done frequently.
There are scenarios where a same policy needs to be applied to all customers. Adding a change to all tenants together could be useful (eg. adding an exclusion to all tenants).
Users preferred the labour effort of maintaining a static list of users over dealing with false positives of a dynamic list.
Users don't typically react urgently when they sees Infected devices or active threats due to the tone of voice. "It makes you think like this is the end of the world but really it is not."
Based on our personas and insights we defined the user's goals of using CaptureClient.
Monitor the health of the endpoints in a glance
Quickly understand suspicious activities/threats to the network and take action
Accurately identifying false alerts from genuine alerts
Easy comprehension of complex data to configure security policies
Implement security policies effectively to minimize security risks
Deploy group policies to client easily using active directory
We also defined our design goals based on our stakeholder interviews and our expert review
Build brand credibility using familiar set of interactions and visuals that the users are accustomed to
Create a guided journey : Threat detection > criticality > Investigate > Remediate
Clear visibility, accessibility and discoverability of data
Present users with key bold takeaways for easier and quicker decision making
Categorizing the task modules by priority we defined the user flows and task flows and then started sketching out the low-fidelity wireframes. We tested these low-fi wireframes internally with the IT department within our organization. We then converted those into mid-fidelity for presenting the wireframes to our stakeholders.
We also wen't through a round of usability testing to evaluate the redesigned workflows - Dashboard, scope interaction, policy management, group creation, tenant onboarding. We then analyzed what was working well / not working well and made iterations of the design.
- 21% decrease in number of customer tickets related to policy configuration.
- Customer testimonial on SonicWall's website after CaptureClient 3.5 with our designs was released.
Find something interesting? Contact me at
awaneemjoshi@gmail.com