It's Time to Weed Out Cybersecurity Eye Candy

Buyer beware: Just because a user interface looks futuristic, that doesn't mean it's quick and effective

Star Gazing False Positives

“Keep it simple, stupid.”

Kelly Johnson, designer of the great U-2 and SR-71 Blackbird spy planes, is said to have coined that timeless expression (a.k.a. KISS). Yet this approach seems to elude the information-security community, which has been feverishly creating technology for its battle against cyber attacks. Maybe it is the growing sophistication of those attacks—or the complexity of deploying multiple products to defend against them—that has makes modern security-operation centers both astonishing and agonizing.

Vendors could help here. But most fail by focusing on the “eye candy” factor. User interfaces seem to suffer from its creators binge-watching Stars Wars too many times.

I recently attended the Gartner Security & Risk Management Summit and saw some super-sleek user interfaces that look straight out of a futuristic threat-hunting fantasy. They’re amazing to gaze at, but they won’t actually help a level 1 analyst in a SOC. Isn’t the goal of the analyst to quickly find, validate, and process risk threatening incidents? Isn’t time a critical factor?

In keeping with the KISS principle, a simple approach, such as the one in the detective game Clue, makes more sense. There, it is “Colonel Mustard, in the kitchen with a candle stick.” Translated to a SOC analyst’s needs, this treat-detection approach would yield: “Sheila, in the middle of the night, accessing server 3, and failing authentication too many times.”

The best UI will outright say the above, so an analyst does not have to guess or interpret. Instead, he or she simply reads, clicks, validates, and takes action. Below is Interset’s interpretation of a clean, efficient user experience.

A look at Interset's user interface

As a former product manager, I know that when you have a motivated and creative UI design team, it is hard to keep things simple. But I am sure that the analysts who are overwhelmed by too many events and complex processes—every day, all day—would appreciate less science fiction and more real, KISS-inspired intelligence.