EDR

Kandji's Device Harmony platform brings IT and InfoSec together to keep every Apple user secure and productive.

In response to the escalating threats and attacks targeting Apple devices, Kandji recognized the importance of broadening its focus beyond traditional device management offerings. As such, Kandji developed and introduced their Endpoint Detection & Response (EDR) product. This solution empowers InfoSec teams to monitor files and applications on Apple devices for malware and potentially unwanted programs.

MY ROLE

I was brought on as the sole designer for this team after the MVP of EDR was released. For this redesign, I conducted competitor analysis, synthesized user feedback, created wireframes, prototypes, and more.

TEAM

Director of Product Managment
Product Engineer
EDR Engineering Team
Data Science Team
Threat Intelligence Team

SOLUTION OVERVIEW

Dashboard

When users navigate to the threats page, they will first see the Overview tab which is the threats dashboard. Here, they get a comprehensive high-level overview of how their devices are doing. At the top, they can see the distribution of Malware and Potentially Unwanted Programs throughout their devices. They can view historical timeline of threats and overall health of devices. We also introduced metrics about any blocked accessory and storage access. There are also insights into top detections so that users can understand what is most prevalent in their ecosystems.

SOLUTION OVERVIEW

Threat Events

The Events tab is where users can get a streamlined data table of all threats that have appeared on their devices. This new view moves away from the device-centric practice of listing every individual threat file event and instead focuses on a threat-centric view. This new approach prevents users from being overwhelmed by a flood of individual alerts, offering a more organized and user-friendly experience.

SOLUTION OVERVIEW

Side Panel

Users can select a threat to view more details within the side panel. Here, they can see high level information about what the threat is and what the blast radius is. They can select the different tabs to see which devices, library items, and blueprints have been impacted by this threat.

SOLUTION OVERVIEW

Detailed View

If a user is interested in the full details, they can access a full-screen view of the threat. In this expanded view, users can access comprehensive information about the affected devices, library items, and blueprints. Furthermore, as we introduce functionalities like process monitoring in the future, users will find this view to be their central hub to access that information.

EDR DESIGN AND DISCOVERY PLANNING

Taking a Step Back

The initial MVP for Kandji's Endpoint Detection & Response (EDR) was developed rapidly without customer validation. Despite gaining traction upon release, valuable insights from early access testers and customers highlighted numerous opportunities for enhancement.

After having the product on the market for three months, the team recognized it was a good time to fortify the product's foundation before introducing additional features. As such, I was tasked with the redesign of the threat events view and to make usability improvements.

MVP CREATED BY PREVIOUS DESIGNER

Understanding our Opportunities

After kicking off the project, I reviewed customer calls to see what users' initial reactions to the product were like and what areas of confusion they had. I then looked into feature requests and complaints from our customer feedback portal. I was also able to collaborate with customer success managers, solutions engineers, and support engineers to understand what problems they had received most frequently.

Several common patterns began to appear as I looked through these different areas. Users expressed frustration with the limited information available in the current view, leading to difficulties in understanding threat severity and what they should do about it. The overwhelming volume of individual alerts for each threat and the lack of consolidation for applications were also identified as pain points. This made it difficult for users to understand where to focus and what to tackle first.

USABILITY AUDIT TEAM EXERCISE

Laying the Foundation

Beyond just those issues though, we recognized that there was more that we could also do to help improve usability. I facilitated a usability audit with the team, leveraging their expertise and collective insights.

From this workshop, we were able to identify opportunities to streamline workflows to reduce number of clicks, improve page layout, enhance data readability, optimize the filtering experience, create more consistent copy, and much more.

USER STORY MAP

Taking It to the Next Level

After synthesizing these findings, I began to conceptualize the experience. The result was Kandji's first-ever dashboard experience, delivering a high-level overview through data visualizations. This empowered users to easily comprehend the threat landscape across their devices, addressing their frustration in navigating complex information.

We also shifted from a device-centric to a threat-centric view, consolidating alerts by threat for a more streamlined user experience. Rather than just surfacing files, we were also able to group this data by application. This helped alleviate users' frustrations of being bombarded by alerts.

All these improvements aim to provide users with a clearer understanding of their device security status, offering a more intuitive and informative interface to effectively manage and respond to potential threats.

REDESIGNED RELEASE THREAT WORKFLOW

Putting It to the Test

Once designs were ready, we presented them to internal stakeholders and subject matter experts who had previously been on Info Security teams. As they are familiar with these workflows, they were able to give us invaluable insights.

However, we are mindful of the significance of not solely depending on internal perspectives. Looking ahead, the team plans on validating these designs with real users. This will then allow us to refine and enhance the designs, ensuring the final product aligns seamlessly with user expectations and preferences.

POTENTIAL DATA VISUALIZATION CARDS

What Comes Next

Regrettably, my departure from the company means I won't be able to participate in this user validation phase. Nevertheless, the EDR team is looking forward to releasing these improvements within the year.

In the meantime, the engineering team has proactively initiated the implementation of some low-hanging fruits concerning usability improvements, setting the stage for a smoother and more user-friendly experience. The iterative process will continue as they fine-tune the product based on user insights, ensuring a robust and well-received final release.